Who provides security to security providers?

Established in 2003, Deutsche Payment’s headquarters are in Berlin, Germany. The company pioneers a cutting-edge technological framework that revolutionizes end-to-end payment processes for enterprises. With extensive expertise in payment processing, the company employs secure technologies to craft innovative business payment solutions. Through strategic collaborations and the creation of custom provider-centric systems, Deutsche Payment curates an expansive industry-specific solution portfolio. Drawing upon a cadre of specialists spanning banking, finance, e-commerce, law, technology, and marketing, the company stands as a powerhouse at the intersection of technology and commerce.

Our team of cloud experts have already been involved in the design and implementation of the Deutsche Payment infrastructure in AWS. Using Terraform (Infrastructure as Code) was set to be our baseline. Preparing the AWS cloud environment for further automation and PCI/DSS re-certification of the customer's service landscape was our mission. To do so, the creation of hardened Amazon Machine Images (AMI) as well as providing a mechanism for verified code check-ins became necessary.

By using AWS’ auto-scaling and self-healing infrastructure to host applications, the foundations are prepared for golden AMI usage. The target machines must follow Center for Internet Security (CIS) guidelines and have to contain the verified software for fast start-up times.

A multi-stage build process was implemented by using AWS CodeCommit, CodeBuild and CodePipeline. The first stages check that commits are signed by a permitted author, only then the build continues. By using HashiCorps packer and modern Amazon Linux 2, CIS rules are applied to the AMI before baking in the actual software and encrypting the volume. As an additional management tool, AWS Inspector is added to permanently monitor running instances on compliance.

Our Contribution

PCG designed the process together with the Deutsche Payment and described the infrastructure in Terraform. We also provided tools to update running applications in-place with new AMI as well as housekeeping functionality.

By setting up an automated build process, the resulting environment is always benefitting from updated and AWS managed security patches and threat knowledge, while putting the applications under full compliance monitoring using AWS Inspector.

The Upshot

Hardening the used infrastructure from the very beginning and permanently monitoring it on compliance using the full AWS feature set enables the Deutsche Payment to further develop their offerings, while running it fully scalable and secure on fully managed AWS IaaS.

Public Cloud Group (PCG) supports companies in their digital transformation through the use of public cloud solutions.

With a product portfolio designed to accompany organisations of all sizes in their cloud journey and competence that is a synonym for highly qualified staff that clients and partners like to work with, PCG is positioned as a reliable and trustworthy partner for the hyperscalers, relevant and with repeatedly validated competence and credibility.

We have the highest partnership status with the three relevant hyperscalers: Amazon Web Services (AWS), Google, and Microsoft. As experienced providers, we advise our customers independently with cloud implementation, application development, and managed services.