In an era where trust is the new pillar of the digital economy, the infrastructure that supports an organization's systems is no longer just an operational concern but has become a strategic asset. It is in this reality that ROOTKey Cloud was born: an infrastructure developed from the ground up to ensure compliance, availability, and security from the very first byte.

Our approach is not just about “being in the cloud.” It is about building a secure, scalable, and auditable cloud designed to meet real cyber resilience needs, especially in regulated and highly sensitive contexts.

ROOTKey Cloud was created with a clear purpose: to support applications and services that require decentralized validation, real-time auditability, and automatic compliance.

With this goal in mind, our architecture was designed based on fundamental principles, such as:

• Security first: all communications are encrypted, and access is strictly controlled.

• Isolation by design: multi-tenancy with logical and physical separation where necessary.

• Horizontal scalability and modularity: each service is independent, allowing scaling under load.

The choice of a multi-cloud architecture (based on two of the leading global providers) allows us to distribute risks, maximize availability, and inherit critical security certifications (ISO 27001, SOC 2, PCI-DSS, among others).

Orchestration between services is based on active-passive redundancy policies and functional segmentation. Services that are more sensitive to traffic and latency operate preferably in environments optimized for API Gateway and orchestration, while critical security and complementary storage services reside in other specialized environments.

This segregation enables intelligent and transparent failover between regions and providers, not only for disaster recovery, but also for performance, regional compliance, and cost optimization. Routing is controlled by internal systems based on policies and metrics, always keeping the service available and stable.

The ROOTKey Cloud architecture is divided into five main technical layers, each designed to address a specific security, scalability, or availability need. This layered segmentation allows for modularity, facilitating the evolution and adaptation of the infrastructure to the demands of our customers and the constantly evolving technological landscape.

The ROOTKey Cloud entry point is structured to ensure security, performance, and isolation. We use load balancers and API gateways that perform SSL termination and apply application firewall rules (WAF), protecting against external threats from the first contact. This layer also implements intelligent routing strategies, allowing traffic to be distributed based on affinity and availability rules.

Technical highlight: For enterprise customers, we provide dedicated load balancers, ensuring low latency and consistent performance even during traffic spikes.

This layer hosts the logical and functional services of our solutions and products. They are run on Kubernetes clusters with horizontal auto-scaling, allowing us to respond dynamically to usage peaks. Each tenant operates in dedicated namespaces, and we apply security policies (RBAC, network policies, etc.) to ensure total isolation between environments and customers.

In turn, this layer contains the application's persistent data. We use relational databases with high availability support, automatic replication, and configurable backups. In addition, we have integrated caching mechanisms to speed up read-intensive responses and reduce overall latency.

Since most of our solutions are based on the applicability of Blockchain, we opted for integration with a Layer 2 public blockchain (Polygon), the result of a technical and strategic analysis of the various options available in the public blockchain ecosystem.

Polygon's choice is based on three main pillars:

• Low-cost scalability: Polygon offers high transactional capacity at significantly lower fees than traditional blockchains such as Ethereum, allowing us to operate with high anchoring frequency without compromising economic viability.

• Security inherited from Ethereum (Layer 2): as a Layer 2 solution, Polygon benefits from Ethereum's security, offering robust guarantees of immutability and decentralization.

• Mature ecosystem and interoperability: Polygon's widespread adoption in the enterprise sector, support for modern development tools, and native integration with oracles, bridges, and other protocols make it a reliable choice that is compatible with ROOTKey's long-term strategy.

This technical decision reinforces our commitment to verifiable trust, ensuring that each submitted record is protected against alteration, accessible for external validation, and operationally efficient. Each critical event or sensitive data is submitted to the blockchain (Polygon), ensuring:

• Immutability

• Traceability

• Decentralized validation

Aware of the pros and cons of using emerging technologies such as blockchain, we have also taken care to develop specific mechanisms that enable us to combat and mitigate the bottleneck related to this technology, namely the maximum number of transactions per second, but also to automatically handle any errors that may be issued by the blockchain, ensuring that no information is lost or discarded..

Security is integrated at all levels. We use KMS for key management, federated authentication, RBAC, and data encryption both in transit and at rest.

With an eye on the future and in line with upcoming regulations, ROOTKey is preparing to move toward the implementation of quantum encryption protocols, thus ensuring that when it becomes a mandatory standard, we can offer a smooth transition without impacting the solutions we provide or the trust of our customers.

Enterprise can count on:

• Dedicated load balancers, ensuring latency predictability even during traffic spikes from B2C customers or other tenants

• Isolation of computing and network resources

• Data retention and customized backup strategies

Isolation between customers is ensured at multiple levels. At the microservices layer, each tenant is logically segmented through the use of dedicated namespaces, with policies that guarantee strictly controlled access to resources. In addition, we implement specific network policies, ensuring that each tenant only communicates with the services that are strictly necessary.

The roadmap includes the introduction of advanced external traffic isolation mechanisms, allowing for even more granular control and auditing of communications per customer.

ROOTKey Cloud was built to scale automatically and intelligently, ensuring performance even under sudden traffic fluctuations or rapid growth:

• Self-scaling microservices via Horizontal Pod Autoscaler (HPA), dynamically adjusting to the workload on each service.

• Geographic redundancy across multiple regions in Azure and AWS, ensuring low latency and regional fault tolerance.

• Isolation of enterprise vs. B2C traffic, ensuring that large customers are not affected by shared traffic.

• Continuous monitoring of latency, throughput, and resource usage, with automatic alert mechanisms and proactive mitigation of bottlenecks.

This combination of auto-scaling, monitoring, and isolation ensures that ROOTKey Cloud's performance keeps pace with our customers' needs - even in highly demanding contexts.

ROOTKey Cloud natively inherits the most demanding certifications from the leading cloud providers with which it operates:

• ISO 27001, SOC 2, GDPR, and other international security and privacy standards;

• Log retention and digital evidence management capable of responding to regulatory audits in real time

We complement these certifications with our own security and compliance policies - including secret management, environment segregation, the least privilege policies, and full encryption - that make ROOTKey Cloud an infrastructure ready to meet the regulatory and operational challenges of today and tomorrow.

ROOTKey Cloud is not just an infrastructure. It is the foundation on which we build digital trust in a scalable, secure, and verifiable way.

Every day, we invest and prepare ourselves to support increasingly regulated customers, fast-growing technology companies, and organizations that place cyber resilience at the heart of their strategy, and this is just the beginning.

New capabilities, availability zones, and integrations are already on the roadmap.

Want to know more? Schedule a meeting with our technical team and find out how we can accelerate your journey to digital trust.