CloudSuite Industrial Cloud Security Architecture
CloudSuite Industrial's cloud security architecture implements defense-in-depth across network, application, data, and identity layers built on AWS infrastructure and Infor OS security services. Understanding this security model is essential for architects completing risk assessments, compliance audits, and security architecture reviews during cloud migration planning. This guide maps CSI's security controls to industry frameworks including NIST CSF, CIS Controls, and ISO 27001.
Identity and Access Management Security
CSI's identity layer is built on Infor Federation Services (IFS) providing centralized authentication with SAML 2.0 SSO, OAuth2 API authentication, and role-based access control (RBAC) that spans the Infor OS platform and CloudSuite applications. The security model enforces least-privilege access through CSI's form-level and field-level security configuration, where administrators grant permissions to named security groups that map to IFS roles. This maps to NIST CSF PR.AC (Identity Management and Access Control) and CIS Control 6 (Access Control Management).
- SAML 2.0 SSO integration with corporate IdP enforcing centralized authentication policies and MFA requirements (NIST PR.AC-1)
- OAuth2 client credentials for API access with scoped tokens limiting external system permissions (NIST PR.AC-7)
- CSI form-level security restricts access to specific forms and functions based on named security groups (CIS Control 6.8)
- Field-level security hides sensitive data elements (cost, margin, salary) from unauthorized users within accessible forms
- Quarterly access certification reviews supported by Infor OS audit reports for compliance with SOX Section 404
Data Protection and Encryption
CSI implements encryption at rest and in transit across all data layers. Data at rest in RDS databases and S3 storage is encrypted using AES-256 with AWS KMS-managed keys (or customer-managed keys in ST deployments). Data in transit uses TLS 1.2+ for all API communications, inter-service traffic, and database connections. Backup encryption ensures data protection extends to disaster recovery copies. These controls map to NIST CSF PR.DS (Data Security) and CIS Control 3 (Data Protection).
- AES-256 encryption at rest for all RDS database volumes, S3 object storage, and EBS volumes (NIST PR.DS-1)
- TLS 1.2+ enforced on all HTTPS endpoints including ION API Gateway, IFS authentication, and inter-service traffic (NIST PR.DS-2)
- AWS KMS key management with automatic key rotation every 365 days for data encryption keys (CIS Control 3.11)
- Customer-managed encryption keys (CMK) available in single-tenant deployments for organizations requiring key custody
- Encrypted database backups with point-in-time recovery capability and cross-region replication for DR compliance
Network Security and Threat Detection
CSI's network security uses AWS VPC isolation with security groups, network ACLs, and AWS WAF rules protecting the application perimeter. Infor's Security Operations Center (SOC) monitors all CloudSuite environments 24/7 using AWS GuardDuty for threat detection, CloudTrail for API audit logging, and custom SIEM integration for security event correlation. DDoS protection is provided by AWS Shield Advanced on all CloudSuite endpoints. These controls map to NIST CSF PR.PT (Protective Technology) and DE.CM (Security Continuous Monitoring).
- AWS VPC isolation with security groups restricting inbound traffic to HTTPS (443) and VPN (IPSec) ports only (CIS Control 12.2)
- AWS WAF rules on CloudSuite ALBs protecting against OWASP Top 10 including SQL injection and XSS (NIST PR.PT-3)
- AWS GuardDuty continuous threat detection with automated alerting to Infor SOC for suspicious API calls and network activity
- CloudTrail API logging capturing all management and data events for forensic analysis and compliance audit trails (NIST DE.CM-1)
- AWS Shield Advanced DDoS protection with automatic traffic scrubbing and Infor SOC escalation for volumetric attacks
Need a comprehensive security assessment for your CloudSuite Industrial migration? Netray delivers NIST-aligned security architecture reviews and remediation roadmaps.
Related Resources
CloudSuite Industrial Single-Tenant Deployment Setup
Configure CloudSuite Industrial single-tenant deployment with dedicated infrastructure, custom database access, and flexible upgrade scheduling for enterprise CSI.
MigrationCloudSuite Industrial Multi-Tenant Architecture Guide
Understand CloudSuite Industrial multi-tenant architecture including shared infrastructure, tenant isolation, upgrade cadence, and scalability for Infor CSI deployments.
ERPERP Security Best Practices Guide
Implement comprehensive ERP security best practices covering access control, encryption, monitoring, and compliance aligned with NIST CSF and CIS Controls frameworks.