Skip to main content

Security Whitepaper

Overview

This document describes the security architecture and controls of the TA Cloud Platform. TA Cloud is a modern, cloud-native solution operated in German data centers by Exoscale. It is designed for customers with high requirements for data protection, availability, and GDPR compliance.

All TA Cloud Platform services are built for high availability and follow a consistent zero-trust security model, leveraging a modern identity provider and robust, global protection through Cloudflare.

Datacenter

The TA Cloud Platform is operated exclusively in European data centers, including locations in Frankfurt and Munich. Exoscale meets high security and compliance standards (ISO 27001, GDPR compliant). Data is stored exclusively within Germany.

Backend Infrastructure

The application and its services run on virtual machines. The platform is fully containerized and orchestrated via Kubernetes clusters. Resources are automatically scaled based on load. All systems are regularly updated (security patching), and automated intrusion detection mechanisms are in place.

System Access

Client access is strictly via HTTPS (TLS 1.2 and above). Access to internal administrative systems is limited to authorized TA Triumph-Adler GmbH staff and is only possible via VPN with multi-factor authentication (MFA).

Load Balancer & Firewall

Platform access is routed through Cloudflare, which provides global DNS, a web application firewall (WAF), DDoS protection, bot management, and rate limiting. Unwanted traffic is blocked; automated attacks and malicious bots are detected and filtered. Request rates can be controlled to prevent misuse or overload. SSL connections are terminated at globally distributed edge servers to ensure secure and high-performance content delivery.

Within the Exoscale infrastructure, additional security groups and network segmentation are used to ensure strict separation of services.

Gateway & SSL Termination

The central gateway of the TA Cloud Platform acts as a reverse proxy for all requests to backend services. SSL/TLS termination is performed by Cloudflare, with automatic certificate renewal and rotation within the Kubernetes cluster. All traffic is encrypted in transit. Downgrades to legacy protocols are not permitted.

Authentication

User authentication is handled via the cloud-based identity provider Auth0. The platform uses OpenID Connect and supports multi-factor authentication (MFA).

User accounts and security policies (e.g., session lifetime, password requirements) are configured per tenant and managed by the identity provider.

Data Storage

Application data and uploaded files are stored in Exoscale object storage. Data is encrypted at rest (AES-256). Access is controlled through role-based access control.

All data transmissions are encrypted end-to-end via TLS (data in transit).

Backup

Backups of all relevant data (configurations, user information, documents) are performed automatically on a daily basis. Backups are stored geo-redundantly at Exoscale, with an additional copy stored at Amazon Web Services (AWS) to maximize fault tolerance.

Backup data is encrypted and subject to regular integrity checks. Restore tests are conducted monthly according to a predefined disaster recovery plan.

Monitoring

All platform systems are monitored 24/7. Monitoring captures metrics for availability, load, security events, and performance.

If anomalies are detected, automated alerts are triggered and the incident response team is notified. Critical incidents are handled according to ITIL-aligned processes.

Support

Support for the TA Cloud Platform is provided exclusively by the TA Triumph-Adler support team. This includes:

  • Operational security and availability monitoring
  • Incident management and escalations
  • Communication regarding scheduled maintenance windows

Support is provided via a central ticketing system. Customers benefit from service level agreements (SLAs) with tiered response times depending on incident severity.

Certifications and Compliance

TA Triumph-Adler GmbH is certified according to internationally recognized standards ISO 27001 (Information Security Management), ISO 9001 (Quality Management), and ISO 14001 (Environmental Management). These certifications demonstrate a high maturity level of the company’s processes in the areas of security, quality, and sustainability.

TA Triumph-Adler also enforces these standards within partner and supplier management. External service providers and technology partners are audited regularly and selected based on their certifications and their compliance with data protection, security, and environmental requirements. This ensures a holistic, secure, and responsible ecosystem.