Infor Cloud security
Infor® takes security seriously. We have the tools, processes, and policies in place to safeguard the confidentiality, integrity, and availability of Infor products, services, and customer data.
Not only are security requirements for each Infor Cloud product defined and architected into the software design, they are constantly reviewed, tested, and updated to help ensure threats and vulnerabilities are mitigated.
A cloud environment is only as secure as its weakest link in the cloud security chain. Infor Cloud employs a “defense-in-depth” strategy. Multiple layers of overlapping security safeguard customer data through each link of the chain. These security controls are enforced by a team of specialists who continuously monitor and improve Infor Cloud security posture to stay ahead of threats and vulnerabilities.
Our dedicated Infor Cloud security staff works 24/7, vigilantly monitoring the cloud environment. If a customer requires more active collaboration to address security issues or concerns, our staff is readily available and easily engaged.
The Infor Cloud team is committed to protecting the privacy of customer data. Specific security/privacy policies, procedures, and technical controls are applied to our operations to ensure we provide unparalleled support, without infringing on confidentiality.
- Apply, review, and update security best practices
- Top 10 Open Web Application Security Project (OWASP)-based code review
- Formal configuration and change management practices via enforced and audited processes
- Vulnerability and penetration testing throughout product lifecycle
- Security principles of “least privilege” and “need to know” enforced by Role Based Access Controls (RBAC)
- Rigid protocols enforce security even when customers use compromised systems or don’t apply security best practices
- Infor Cloud is separate from Infor corporate network
- Proactive defense
- Real-time monitoring
- Firewall segmentation
- Two-factor authentication supported
- Digital certificates ensure Infor Cloud sessions occur only with authenticated systems
Physical security (IAAS PARTNER data centers)
- Guard-controlled access with man-trap technology
- Registered guest restrictions
- Locked cage spaces
- Closed-circuit television monitoring
- Additional systems for physical intrusion monitoring, detection, and alerting
- Restricted access
- Limited user-account permissions
- Hardening and managed patching of operating systems
- Separation of server duties and least privilege access
- Backup management
Incident recognition and response
- Monitoring, characterizing, reporting, and automated logging of system activity and events
- Intrusion Protection Engine captures and analyzes intrusion attempts
- Technical escalation and customer notification paths
- Collaboration with customers to investigate attempts at intrusion—whether accidental or purposeful.
Encryption and privacy
- In-transit data encrypted using appropriate mechanisms that include TLS, PGP, and secure FTP
- Data-at-rest encrypted using database, file system, or other appropriate encryption capabilities
- Infor Privacy
Dynamic password management
- Centrally managed passwords
- Forced password change
- Unsuccessful password attempts and patterns registered, network management staff automatically alerted
- Customers own their data—if an engagement should terminate, the data is returned to the customer
- Customer data not captured by monitoring processes
Compliance, policies, and best practices
Infor SaaS Solutions
Infor Government SaaS
Specific Infor Applications/SaaS Solutions
Please click on the link to see the latest solutions certified for ISO 27001
Security vulnerability reporting
Security is important for Infor and its customers, and we work hard to maintain secure customer environments. If you are a security researcher and would like to report a security flaw, please send us an email at firstname.lastname@example.org with your name and contact information. Please use PGP; here is our key. Please provide technical details to help us reproduce the vulnerability. We will verify each vulnerability, we will respond to legitimate ones, and we will work to remediate them. We thank you for the coordinated disclosure.