Quelle: BITKOM, Cloud-Monitor 2018

already use public cloud solutions.“

„42% of all companies in Germany

direkt gruppe and AWS – partners in cloud since 2012

As an Advanced Consulting Partner of Amazon Web Services (AWS), since 2012 we have been navigating businesses to the cloud. Our teams combine technical expertise and experience in compliance, privacy and security. This allows us to build highly secure and scalable AWS architectures. The permanent exchange with our strategic partner AWS enables us to find suitable cloud solutions for highly regulated industries and highly sensitive data.

We accompany our customers from the first use case to the ongoing cloud operation and establish permanent compliance and security checks.

Die direkt gruppe ist seit 2012 als Advanced Consulting Partner für AWS Produkte tätig.

Security and freedom of action
AWS Security Architektur

With focus on cloud migrations, in 2011 we began building deep technical knowledge of AWS. Already in 2012, direkt gruppe became “AWS Standard Consulting Partner” and in 2014 “AWS Advanced Consulting Partner”.Since then, we have successfully completed a variety of projects in the highly regulated industries and continued to develop our standardized approach to application migration. This resulted in AWS Best Practices and AWS Security Architectures, which we regularly complement with our expertise in the security environment.

Our customers want the agility and performance of their services, as well as compliance with regulatory requirements for security and compliance. Our standardized approach successfully and reliably balances these customer requirements.

This approach includes the following points, among others:

  • Scaling and monitoring AWS account infrastructure that maps security-related and regulatory requirements.

  • Fully automatic provision of an application landscape isolated for the service.

  • Necessary centralized infrastructure components, such as: e.g. AWS KMS infrastructure, AWS Identity Management, Log Management, filing and evaluation of AWS CloudTrail or AWS Config — also fully automated.

  • Service catalogs that provide security-driven templates for application patterns, network architectures, and infrastructure services.

  • A framework applies compliance checks throughout the AWS infrastructure to continuously validate proven AWS best practices, as well as the latest industry standards and benchmarks. Presentation and reporting take place via a central “Compliance Dashboard”.

  • Self-developed and low-maintenance solutions that cover known security requirements for which there is no AWS service. (e.g. URL filtering of outgoing network traffic).


Centralized AWS log management according to customer requirements of compliance and IT security


AWS landing zone concept as the foundation for a scalable security architecture

Three times security — a matter of principle

Create all templates and configurations of the infrastructures. We use AWS CloudFormation and other scripts to configure AWS, as well as changes and corresponding deprovisioning in the life cycle of cloud services.

This ensures that the infrastructure complies with agreed and documented best practices and ensures adequate technical governance.
Individual requirements, which you define yourself or with our help as a suitable framework for your AWS infrastructure, can be fulfilled this way.

With our AWS architecture and customized configuration of AWS Services, you are able to address the issue of encryption directly. Without large investments and pre-projects, we enable you to easily use encryption-at-rest and encryption-in-transit.
With our approach even comprehensive encryption architectures can be easily implemented.

All components of the infrastructure are encrypted using certificates (AWS ACM) and key management (AWS KMS). This includes the CloudTrail Logs, Application Logs, AWS Config Logs, RDS Logs, ELB Logs, and the communication between the services and the corresponding storage structures of the platform.

When using AWS Services, we integrate applications and infrastructures directly and extensively into the use of AWS KMS keys. The communication of users with participating services is also encrypted through the use of certificates.

We design and implement highly secure environments according to customer requirements and industry standards. Environments use encryption-at-rest, encryption-in-transit, ingress/egress traffic control, scaling and system hardening by default. This happens right from the beginning and we call it Security by Design.

In a centrally provisioned service catalog, we provide these environments as templates and make them available, for example as templates for application teams. In addition, applications and services are validated against defined rules and standards in order to detect deviations or even eliminate them automatically. This enables automated security checks (security controls) and a permanent audit of the infrastructure without manual interaction.

Find out more about the cloud cosmos of direkt gruppe here

Compliance as a Service

Cloud Competence Center

Or directly from our cloud experts: