In the digital age, anyone who relies on secure, user-friendly identity solutions needs more than just a functional wallet app. The key to sustainable success is a wallet operations platform that guarantees scalability, security and compliance – thereby fulfilling its responsibility to handle sensitive personal data while creating real added value for businesses and users. Those who invest wisely in this area will gain a clear competitive advantage and lay the foundation for future-proof business models.
1. Set up the architecture correctly: cloud-native, flexible, fail-safe
From a platform perspective, the objectives can be summarised quickly: prevent data loss and be scalable. The systems used must therefore be as flexible as possible and, above all, fail-safe. The infrastructure must be able to accommodate growth without generating enormous fixed costs. There are several technical solutions for this. Harm Norden, Senior Software Architect at Verimi, has a suggestion:
“To remain scalable and prevent data loss, a Gaia-X-compliant cloud can be built on the reference architecture of the Sovereign Cloud Stack (SCS). SCS uses OpenStack for Infrastructure-as-a-Service (IaaS) and Kubernetes for container orchestration. Gaia-X defines the standards, while OpenStack and Kubernetes form the technological basis for an open, scalable and sovereign cloud infrastructure.”
To resolve the conflict between preventing data loss and maximising performance, priorities must be skilfully balanced. This requires at least two geo-redundant ISO 27001 and ISO EN 50600 VK4-certified data centres, ideally located at least 50 kilometres apart. Redundancy at the infrastructure and application level, active-active operation (or very fast switching in active-passive operation) and zero-downtime deployments enable availability of up to 99.95% for end users. Elastic resources, which are provided and billed on demand, ensure cost efficiency and flexible scaling. With a maximum latency of two to three milliseconds between locations, synchronous data replication is achieved, preventing data loss and ensuring a positive user experience.
2. Security and compliance: Thinking ahead from the outset
Security and data protection are mandatory, not optional. This requires a zero-trust model with continuous identity and access verification (OIDC, RBAC, MFA). Multi-level DDoS protection, web application firewalls and HSM-based key management are standard. Audit logs should be stored in a tamper-proof manner (the WORM model in S3 storage is ideal here). Certifications such as ISO/IEC 27001, BSI TR-03107/03147 and eIDAS 2.0 build trust among customers and partners. It is important to define clear KPIs: for critical incidents (P1), a maximum response time of 30 minutes and recovery within a maximum of four hours. Regular penetration tests and vulnerability scans are mandatory.
Need more information about wallet operations? Book an appointment with our experts now!
3. Monitoring & operation: ensuring transparency and responsiveness
A modern monitoring stack is the backbone of any operation: for example, Prometheus for metrics, Grafana for dashboards, Alertmanager for alerts and OpenSearch for central log aggregation. For fail-safe operation, it requires self-healing mechanisms such as automated recovery and failover in the event of failures. These reduce operational effort and ensure high availability even in the event of disruptions. A central ticket system controls incident, problem, change and release management. Transparent dashboards and status pages create security and trust among stakeholders.
4. Manage risks proactively: plan for scalability and resilience
Scalability must be planned from the outset: to achieve this, you start with a basic configuration and grow dynamically depending on user numbers. Early load testing and performance analyses, bug bounty programmes before go-live, and a comprehensive disaster recovery concept with 8D reports and regular restore tests provide security.
Secure digital identities require robust wallet operations
Wallet operations are much more than just IT operations. They are the strategic lever for digital identity solutions and sustainable business success. It is important not to neglect scalability, security and compliance. The easiest way to do this is to outsource operations to a specialist who can demonstrate that they meet high regulatory requirements and who does not burden your own IT services with the specific requirements of secure identity management.
Would you like to learn more about wallet operations, secure wallet applications and solutions for managing digital identity data? Get in touch with us!
