The most advanced managed services work independently of provider tools. Our software-as-a-service approach is therefore based on our own open source framework. We focus on maximum automation to avoid errors, for more speed, better availability and to reduce costs. Regulatory requirements such as the BSI's KRITIS regulation are at the top of our agenda, which is why we use AI-based IT security tools and C5-certified processes. With infrastructure as code (IAC), we code our processes in Terraform or in another abstraction layer (JSonnet).

At PPI we work according to the DevOps philosophy, also called DevSecOps or RegOps. In practice, this means a very close dovetailing of development, operations, security and regulation. With an overarching understanding of the entire solution creation chain – from source code to regulation-compliant productive activity – we offer a complete service tuned for perfect operation.

Likewise, in line with the DevOps strategy, we focus on a high degree of automation and scalability to avoid errors and work as efficiently as possible. For this purpose, we have developed our own framework with which new payments-as-a-service projects can be set up, configured and scaled quickly and effectively. The in-house central control centre helps us manage and monitor our infrastructure.

The combination of a holistic service philosophy and expertise in modern, scalable technologies tailored to payments makes us a centre of excellence covering a wide range of tasks and responsibilities.

With us, the rapid market launch of new, digital payment services succeeds. There is no long wait for provision of infrastructure or small-scale, confusing configurations. Wasting resources is a foreign concept to us. By using IAC (= infrastructure as code), GitOps and our framework based on it, we can deploy new projects faster, configure them centrally and scale them flexibly. Just as quickly, we are able to take unneeded environments out of service, which can save costs. If necessary, recovery takes hardly any time at all, as the definition of all infrastructure components is centrally versioned as source code.

Furthermore, the open source framework is hyperscaler-agnostic. This means we can make environments available at all major cloud providers. A migration from one hyperscaler to another is also easy to implement.

Securing services in the cloud is a topic in itself. Due to the high degree of scalability and automation, small teams are responsible for large amounts of IT resources and software. In order not to lose track and to always keep our infrastructure secure and up to date, we use, among other things, the polygraph technology of the company Lacework. This technology enables us to bring security in the cloud infrastructure to a high-quality and efficient level. By using artificial intelligence (AI), Lacework's security platform learns what behaviour is normal in the cloud environment. Threats are thus detected more quickly, and actually important warning messages are noticed immediately. This effectively prevents notification fatigue while ensuring an adequate, fastest possible response. All this not only saves time and resources, but also significantly improves security.

Our GitOps workflow, our review culture and multiple test and acceptance runs also ensure that every change to the infrastructure is made with at least a four-eyes principle and meets the requirements for quality and maintainability. This also contributes to reducing the error rate and prevents security gaps. Any modification to a production platform must first pass internal tests in a system test environment. 
This is followed by a customer acceptance test in an acceptance environment. Every change, even to one of these environments, must be approved via the four-eyes principle and pass through an automatic test pipeline. This procedure reduces the potential for errors to a minimum.