A global investment firm focused on data sovereignty implemented a self-hosted, private cloud infrastructure to secure internal operations and protect sensitive financial data with Defguard as a core fundament.
The solution enabled secure, role-based access (through enterprise VPN) across international teams, Defguard as a Single Sign-On (SSO) to authorize access to business applications (file sharing, chat, …), and centralized user onboarding and enrollment — all while maintaining full control over infrastructure. By leveraging open-source technologies, the organization built a scalable, cost-effective alternative to traditional cloud-based systems, tailored to the needs of modern financial institutions.
About the Client — Acquinox Capital
Acquinox Capital is a growth-focused Private Equity firm, based in Luxembourg, specializing in transformative technologies across Next-Gen Industries. With a presence in Europe and North America, the firm applies a rigorous, research-driven approach to identifying high-conviction opportunities.
Acquinox invests in high-growth ventures like Epic Games, Bolt, Global Ledger, and Fabbler.ai, alongside gaming studios, immersive platforms, and deep tech startups—reflecting its focus on future-shaping technologies across industries.
Uncompromising Security for Private Cloud Environment
As an investment firm operating in high-stakes sectors, Acquinox Capital manages extremely sensitive data across its operations—from internal communications and investor documentation to proprietary deal flow intelligence.
When Kacper, Venture Partner and Security lead joined Acquinox, he knew right away that ensuring airtight security is non-negotiable. At the same time, the company founder maintained a strong strategic mandate to operate in a fully on-premise and largely open source environment.
This applied across the board, including document storage, communication infrastructure, internal systems, and access control. Balancing modern usability with enterprise-grade security in a self-hosted setup presented a unique set of technical and operational challenges.
“Trying to solve the remote access problem, I’ve looked into popular solutions like Tailscale, Netbird or Firezone offering VPN management with Wireguard, but their focus lies in the cloud/SaaS and does not fit our scenario perfectly. Then I’ve discovered Defguard which is designed with private cloud use cases in mind and offers built in identity and SSO. With Defguard documentation and support the evaluation was fast and easy.”
— says Kacper Wiśniewski
Acqinox did a quick evaluation, with Defguard support, and confirmed that the solution fits perfectly into their private cloud strategy.
Defguard provides the fundamental security layer for Acquinox
To meet internal security and operational requirements, the investment firm deployed a fully self-hosted (private cloud) infrastructure, using a trusted stack of open-source tools.
“Defguard as a management tool with all of its features combined with selfhosted services such as element and matrix for secure encrypted communications, jisty (alternative to google meet), docs, vault (for credentials) provides a secured environment for remote work and team management.”
— says Kacper
Acquinox leveraged Defguard VPN enterprise features including full stack identity and SSO. This approach minimized the maintenance burden and deployment costs. It solved a lot of integration issues and external tools dependencies.
The aspect of vendor lock-in was not overlooked - because of the fact that Defguard supports third party identity and SSO providers, Acquniox can switch easily to other options whenever there is a need.
Other decision factors in choosing Defguard were its support for built-in multi-factor authentication (MFA) that operates on WireGuard protocol level. The fact that it’s handled by Defguard on-prem instance means, that unlike other VPN solutions, no data ever leave Acquinox infrastructure. Multifactor authentication soon will be mandatory and required from many (especially financial) organisations by NIS2 and DORA regulations.
The Result
That design and architecture proposed by Defguard allowed Acquinox to use it as a backbone of the entire private cloud infrastructure. Now Acquinox can securely connect to multiple online environments with the most secure VPN solution while maintaining full privacy.
—
Michał Gryczka Co-founder, CRO, Defguard
mike@defguard.net
defguard.net