On AWS GovCloud (US), Infor SaaS Brings Streamlined Compliance to Regulated Industries

Companies in highly regulated industries such as the public sector, healthcare, and manufacturing have stringent compliance requirements. Keeping pace with modern technologies that manage critical business processes and customer data must be balanced with meeting complex regulatory compliance and security standards. Infor, the third-largest enterprise resource planning (ERP) company in the world, fills the gap for regulated industries with its software as a service (SaaS) built entirely on Amazon Web Services (AWS).

As AWS Partner Network (APN) Advanced Technology Partner, Infor is the world’s largest ERP solution built on AWS, using more than 50 AWS services. Key to Infor’s SaaS success in regulated industries is AWS GovCloud (US), which is designed to host sensitive data and regulate workloads in the public sector and beyond; it provides Infor with the flexibility to architect secure cloud solutions that comply with a host of established industry-specific standards while cutting compliance costs for end users.

Infor provides ERP business applications and technology with intuitive interfaces to 22 discrete sectors, from manufacturing and healthcare to finance and fashion. Within an industry, Infor provides edge application solutions for back-office areas such as financials and human resources and mission-critical industry-specific applications such as clinical integration in the healthcare industry. Under Infor Regulated Industries SaaS (IRIS), Infor’s CloudSuite products help customers meet security and privacy standards and frameworks.

The company now offers its cloud-native, industry-specific SaaS solutions, including its security-configured CloudSuite products, on AWS GovCloud (US). But Infor’s products weren’t always built in the cloud. As its customer base became more comfortable with the cloud and needed faster provisioning, Infor saw the opportunity to migrate. Infor started migrating workloads to AWS in 2011 and in 2014 made the decision to go all in on AWS as its sole cloud service provider. As the company’s then CEO Charles Phillips announced at the 2014 AWS Summit, “Friends don’t let friends build data centers.” Well aware of the larger trend toward cloud computing, Infor spent the next several years rearchitecting its on-premises software to run in the AWS Cloud. “The amount of services AWS offers—from a commercial cloud perspective and also all the security features—really enabled us to build on AWS and feel confident that the support was going to be there every step of the way,” says Joe Arthur, vice president of regulated industry SaaS at Infor.

Infor runs its enterprise applications on Amazon Elastic Compute Cloud (Amazon EC2), which provides secure, resizable compute capacity in the cloud, and uses Amazon Elastic Block Store (Amazon EBS) to store Amazon EC2 instances, which are then backed up to Amazon Simple Storage Service (Amazon S3). Infor also maximized its all-in investment by capitalizing on the ability to simply integrate other AWS services to form a more well-rounded cloud offering. “Using a multitude of AWS services enables us to take advantage of the innovations that AWS puts out there, which is key for us to work toward a zero-downtime offering,” says Arthur. Infor is using AWS tools—for security, containerization, automation, artificial intelligence, storage compute network components, and more—and those tools drive down the time it takes to deploy updates in a highly secure and multifaceted compliant environment. All in all, Infor uses over 50 AWS services.

Standardizing its cloud provider and taking advantage of an array of AWS services helped Infor avoid the downtime involved in pushing out updates across a hybrid cloud. The company saves money by not building its platform with multiple cloud providers, and it saves considerable resources in training while building deep cloud expertise. “In a multicloud strategy, a company would have to have interconnection security agreements with all its cloud providers,” says Arthur. “There are also other hidden costs associated with compliance, such as documentation and multiple audits.”

With the support of its AWS-powered infrastructure, Infor has been able to drive growth for IRIS, delivering its SaaS CloudSuite solutions to difficult-to-serve, highly regulated industries. Businesses operating in regulated industries must meet complex international, federal, state, and local compliance standards. Depending on the approach taken, obtaining SaaS compliance can take 12–24 months and cost over $2 million to meet a specific standard with a $1 million recurring cost to maintain per application. Adding additional compliance areas will drive initial certification costs as well as ongoing sustainment costs. Having this covered by the SaaS provider lowers companies’ initial investment and operational cost. To offer companies compliant business software, Infor turned to AWS GovCloud (US), which has helped make Infor a one-stop shop for customers that must meet compliance requirements in a range of industries—not just government-related ones.

Because AWS GovCloud (US) provides regulatory compliance for multiple industries, Infor can use it as a launchpad to help businesses meet their unique regulatory requirements—even businesses with multilayered compliance needs. For example, a manufacturing company that serves the Department of Defense by producing medical devices would need to meet an extensive list of compliance standards, such as Food and Drug Administration and HIPAA requirements, plus demonstrate Cybersecurity Maturity Model Certification (CMMC). If the manufacturer uses Infor’s AWS GovCloud (US)–backed SaaS, all those compliance standards are met at a much lower cost than if it sought compliance elsewhere. “Customers can go to one solution and meet layers of regulatory requirements with the same software, saving them millions of dollars on compliance costs,” says Arthur. And Infor and AWS adjust the offering to meet any revisions to security requirements at no extra cost. The cost-effective compliance also makes regulated verticals accessible to small companies that previously couldn’t afford to meet the security requirements or maintain the software. According to Arthur, about 300,000 companies have historically been unable to acquire CMMC but now can due to Infor’s cost-effective CMMC-compliant SaaS offering.

By using certified AWS services and support, Infor is able to quickly promote the same code base it uses in commercial industries into AWS GovCloud (US) and meet compliance standards. “Working on AWS across AWS GovCloud (US) domains lets us propagate and promote our code all the way up the line,” says Arthur. “I don’t know of any other company out there that can deploy its code that way.” As a result, Infor can spin up within regulatory parameters to add new services and accommodate new workloads for its more than 68,000 customers as needed. “We’ve been doing well over 100 percent growth each year in our regulated industry SaaS,” says Arthur. Infor also uses AWS services, like AWS CodeDeploy, AWS Step Functions, and Amazon Elastic Container Service (Amazon ECS), to support its automation tools to reduce the time it takes to update its software monthly across multiple AWS Regions to provide customers the latest version of the software when they are ready to use the new features and functionality. It would take weeks to months to deploy these changes without automation.

Infor works closely with the AWS GovCloud team to facilitate parity across AWS Regions that includes the availability of services, compliance programs authorizations, and the release of new services and features. This collaboration is essential for providing its CIA triad (confidentiality, integrity, and availability), designed to help guide policies for information security.

On AWS, Infor has delivered 11 nines of availability to its customers. And by hosting its infrastructure across three AWS Availability Zones, it has kept its promises of disaster recovery and continuity as stipulated in its service-level agreements. Even the AWS name itself gives Infor a competitive edge. “The AWS name is beyond reproach,” says Arthur. “The infrastructure and components will be there for the long run, with phenomenal software language engineering and an in-market presence.” At this point, AWS is fully integrated into Infor’s software development, security, and information technology operations. According to Arthur, “Working on AWS helps us continually refine our processes to provide quick and agile sprints of our fixes, patches, updates, and so forth. We use so many different AWS services; they are built into and throughout each and every one of our applications.”

Currently, Infor is encouraging its remaining on-premises customers to move to the AWS Cloud. “As we move customers to the cloud, we’re really standardizing them in accordance with best practices, which makes those businesses much more agile and flexible and enables us to keep them current on the latest innovation,” says Joseph Bardwell, senior director for alliances for the public sector at Infor. The company also plans to use AWS services to expand IRIS outside the United States to other global regions that are interested in adopting stricter security frameworks.

On AWS GovCloud (US), Infor bundles business-applications software and regulatory compliance for customers in a SaaS model that saves them time, money, and effort spent on compliance and security requirements. In doing so, Infor is able to serve customers that participate in a wide range of regulated industries and even in multilayered industries. Infor has the power to bring its core code used in commercial industries into the world of regulated verticals to give customers a cloud-based SaaS that provides the security and compliance they need—especially when making that first leap into the cloud.