PPI Financial Services Secures Critical Banking with Teleport Infrastructure Identity

Challenge

Operating banking systems in the cloud places extraordinary demands on identity, access, and auditability. As PPI FS expanded its customer base and infrastructure footprint, the engineering team faced several challenges:

• Growing complexity across Kubernetes clusters, middleware, and supporting services spanning multiple data centers
• Strict regulatory requirements including C5, KRITIS, and forthcoming DORA compliance
• Fast and secure onboarding of engineers without manual certificate management or fragmented access workflows
• Full auditability of every access event across production and non-production environments

Solution

APPI FS selected Teleport as its Infrastructure Identity provider, initially deploying on a virtual machine and subsequently migrating to a fully Kubernetes-native architecture using the Teleport Kubernetes Operator and Terraform provider.

Teleport now provides unified identity and access across PPI FS's cloud environments:

• Kubernetes clusters across production, staging, and development environments
• Middleware and internal applications
• Multi-cloud infrastructure spanning multiple data centers

By integrating Teleport with single sign-on, the engineering team eliminated manual certificate management entirely. Engineers authenticate once and receive privileges appropriate to their role — with each session fully audited.

Teleport's infrastructure-as-code compatibility was essential to PPI FS's operational philosophy. All access policies and configurations are managed through Terraform, ensuring consistency, repeatability, and auditability across environments.

Results

Simplified Onboarding and Improved Engineer Experience

Teleport dramatically simplified how new engineers gain access to infrastructure:

• Engineers authenticate once via Teleport.
• They connect to a local endpoint from any integrated development environment (IDE) or structured query language (SQL) client.
• Teleport handles secure, short-lived authentication behind the scenes.

This eliminated time-consuming token workflows and reduced friction across teams.

Operational Reliability

Since deploying the current Kubernetes-based architecture, Teleport has run continuously for over two years with zero platform-attributable downtime. Any service interruptions during that period were caused by surrounding systems — not Teleport itself.

Strengthened Regulatory and Compliance Posture

Teleport's comprehensive audit logging and identity-driven access controls contributed directly to PPI FS achieving its C5 adequacy assessment — a rigorous German regulatory framework for cloud providers. 

Infrastructure-as-Code Alignment

By managing Teleport entirely through the Kubernetes Operator and Terraform provider, PPI FS ensured that access controls are as consistent and version-controlled as the rest of their infrastructure. This alignment reduces operational risk and supports the team's goal of scaling to serve more customers with less effort per iteration.

Results

PPI FS plans to deepen and extend its use of Teleport across the organization:

• Expanding Teleport to product development teams, enabling cloud-native development and testing environments under the same identity and access model
• Leveraging Teleport's fine-grained access capabilities to continuously improve security and compliance granularity

Teleport remains a foundational component of PPI FS's long-term approach to managing Infrastructure Identity across its regulated, multi-customer cloud platform.

Key Takeaways

• Before Teleport: Manual certificate management, complex onboarding, and fragmented access workflows
• After Teleport: Unified identity and access with single sign-on, full auditability, and infrastructure-as-code management
• Impact: Simplified onboarding, zero platform-attributable downtime over two years, C5 certification achieved, and a scalable foundation for regulatory compliance
• Looking Ahead: Expansion to development teams