We have onboarded Akamai as a new subcontractor to enhance the protection of our web applications – including your d.vinci – with a Web Application Firewall (WAF). This complements our existing firewall, providing significantly enhanced protection against modern cyberattacks and effective measures against DDoS attacks.
What does this mean in practice?
-
Web Application Firewall (WAF) – Your digital protective wall
A Web Application Firewall acts like an intelligent gatekeeper for your web application. It analyzes all incoming requests and blocks harmful access before it can reach your systems. This protects against:- Hacker attacks (e.g., SQL injection, cross-site scripting)
- Automated bots and malware
- Security vulnerabilities in web applications
-
DDoS Protection – Defense against overload attacks
DDoS attacks (Distributed Denial of Service) aim to paralyze systems through massive artificial traffic. Akamai's global network detects and filters such attacks before they can impact your availability.
Transition Process
The phased activation of the Web Application Firewall will begin on April 1, 2026, and will apply to all d.vinci products. The activation will take place during ongoing operations. For you, nothing will change. The transition will occur in the background – without downtime and without requiring any technical adjustments on your part. All URLs and access data will remain unchanged.
Important Information about the Partnership with Akamai
We subject every potential partner to rigorous scrutiny regarding data protection and information security – based on the requirements of the GDPR and ISO 27001. Collaboration only takes place if all requirements are fully met. This ensures that d.vinci always complies with the highest data protection and security standards, allowing you to work with us without hesitation. This has, of course, also been done with Akamai.
- Akamai is a leading cloud provider that handles about one-third of global internet traffic through its network and protects over 100,000 companies worldwide, including numerous DAX corporations
- Akamai is certified according to ISO/IEC 27001:2022 (Information Security Management)
- Akamai is certified according to ISO/IEC 27017:2015 (Cloud Security)
- Akamai is certified according to ISO/IEC 27018:2019 (Cloud Data Protection)
- Akamai is certified according to ISO/IEC 27701:2019 (Privacy Information Management)
- Akamai is certified according to SOC 2 Type II (Independent Audit of Security Controls)
- Akamai complies with PCI DSS Level 1 (Highest Standard for Payment Security)
- Data processing is GDPR-compliant and exclusively within the European Economic Area (EEA)
Data Protection & Data Processing
Data Processing Exclusively in the EU
All your data is processed within the European Union. Akamai uses the so-called “Data Boundary” function, which ensures that your data never leaves EU borders. This guarantees full compliance with the GDPR. More information about Data Boundary can be found in the attachment on this page or in Akamai's Trust Center.
What data can Akamai access?
As a security service provider, Akamai analyzes all traffic to your d.vinci applications. This is technically necessary as the traffic must be decrypted and analyzed to detect threats. Akamai can therefore fundamentally access all transmitted data but processes it exclusively for security analysis purposes and in accordance with strict confidentiality agreements.
Data Processing Agreement (DPA)
A Data Processing Agreement (DPA) exists with Akamai, which legally secures GDPR-compliant processing. This is already included in our list of subcontractors.
Documents for Further Information
To provide you with further information about the partnership with Akamai, we offer the following documents. You can find them by clicking the link or at the bottom of this page.
- Akamai - Data Processing Agreement (DPA) including Technical and Organizational Measures (TOM)
- Akamai - ISO/IEC 27001:2022 Certification (Available as a document)
- Akamai - Data Boundary Product Brief: Details on Log Localization & Security Event Data Localization in the EU (Available as a document)
- Visit Akamai's Trust Center
Frequently Asked Questions (FAQ)
Do we need to do anything as a customer?
No. The transition is entirely managed by d.vinci. No adjustments to your systems, firewall rules, or contracts are required.
Will there be changes to access URLs or IP addresses?
No. All URLs remain unchanged. Akamai operates transparently as a protective layer in front of our infrastructure.
Do we need to update our data processing list?
This depends on your contractual agreement:
- If d.vinci is already allowed to use subcontractors: No update needed – Akamai is listed in our subcontractor list.
- If you have agreed to a permission requirement: Please check your contracts. In most cases, you have already approved the use of subcontractors.
Do we need to inform our data protection officers?
Informing them is recommended but not mandatory, as:
- Data processing remains within the EU
- A valid DPA exists
- No new type of data processing is taking place
Is there a right to object?
Since the WAF and DDoS protection are integral components of our security architecture, Akamai cannot be excluded. Its use is a prerequisite for the secure provision of our services.
Will latency increase or performance decrease?
No, on the contrary. Akamai's global Content Delivery Network (CDN) can even improve loading times in many cases by delivering content closer to end users.
What happens if Akamai fails?
Akamai operates a highly redundant global network with guaranteed 100% availability. In the unlikely event of a disruption, automatic failover mechanisms are in place.
Will existing SSL/TLS certificates be changed?
No. Your usual certificates remain unchanged. Akamai uses SSL/TLS bridging to inspect traffic without altering the certificates.
If you have further questions about this partnership, feel free to contact us.