STACKIT enables operators of critical infrastructure to run highly secure, scalable, and sovereign cloud operations that meet all legal, technical, and organizational requirements. This applies across all relevant sectors, from energy supply to public administration.
STACKIT Architecture and Security Concept
STACKIT relies on a modular cloud architecture that can be specifically tailored to the requirements of critical infrastructure facilities, companies, and operators. The infrastructure is distributed across geographically redundant data centers in Germany and Austria. This ensures data sovereignty, reliability, and a level of security in accordance with BSI guidelines.
Every service and every application is operated in a controlled environment. Strict access controls, encrypted data transmission, and continuous system monitoring provide lasting protection for your sensitive information—an essential component of BSI security as defined by the KRITIS guidelines.
Operation and Management
All IT resources can be flexibly provisioned and managed via the central STACKIT portal or via API. Administrators and critical operators have access to comprehensive self-service functions to manage capacity, storage, networks, and security policies as needed.
Automation tools such as Terraform and integrated CI/CD pipelines enable the efficient and secure deployment of updates and new applications—without interrupting ongoing operations. This makes the cloud service the stable backbone of modern KRITIS systems.
Compliance and Regulatory Implementation
For organizations subject to legal requirements, STACKIT provides a cloud environment that is audited according to internationally recognized standards such as BSI C5, ISO 27001, and ISAE 3000 (SOC 2). These assessments lay the foundation for regular audits, evidence, and the documentation of security-related measures—such as IT emergency planning, the fulfillment of reporting obligations, or data backups.
Through integrated monitoring and audit-proof reporting functions, reports can be tracked and exported at any time during adjustments or audits. This enables companies and critical infrastructure organizations to maintain transparency and ensure compliance across all processes.