High-Level Architecture
AskQ operates as a secure analytics service consisting of the following layers:
- Integration Layer – Securely retrieves data from ERP systems via Infor APIs
- Data Storage Layer – Stores data in an encrypted, high-performance database
- AskQ Application Layer – Executes analytics, learning, and query logic
- AI Processing Layer – Uses large language models to interpret questions and generate responses
- User Interface – Securely presents results to authorized users
All communication between layers is encrypted using HTTPS / SSL.
Secure Data Ingestion
AskQ retrieves Infor data exclusively through Infor-supported APIs.
- Data is accessed using a dedicated Infor service account
- All API communication uses HTTPS with SSL/TLS encryption
- Authentication credentials are never exposed to end users
AskQ does not require direct access to ERP databases.
Data Storage & Encryption
Once retrieved, data is stored within the AskQ environment in a high-performance, managed database hosted on an AWS US-based Commercial cloud.
Security controls include:
- Encryption at rest using AWS-managed encryption
- Encryption in transit for all internal communications
- Isolated, tenant-aware data storage
- No direct database access from outside the AskQ service
Customer data is logically isolated and accessible only to authorized users within the customer’s workspace.
AskQ Application Security
The AskQ service layer is responsible for:
- Data modeling and optimization
- Query execution and aggregation
- Security enforcement (row-level and column-level controls)
- Audit-safe request handling
Access to AskQ is controlled through:
- Authenticated user accounts
- Role- and permission-based access
- Workspace-level isolation
AI Processing & Data Usage
AskQ uses large language models (LLMs) to interpret user questions and generate responses.
When AI processing is required:
- Only the minimum data necessary is sent to the AI service
- Data is transmitted securely using HTTPS / SSL
- Data is combined with AskQ’s proprietary logic and metadata controls to produce accurate results
- Responses are returned securely to the AskQ service and presented to the user
AskQ does not allow AI models to independently access customer systems or databases.
Third-Party AI Provider (OpenAI)
AskQ integrates with OpenAI via their secure API platform.
Key safeguards:
- All communication uses HTTPS / SSL
- API keys are securely managed and never exposed to users
- Data is processed transiently for response generation
- AskQ controls what data is sent and how it is structured
OpenAI does not have direct access to AskQ systems or customer environments. OpenAI does not learn from the data sent to the AI service.
Secrets & Credential Management
All sensitive credentials are managed using a secure secrets management service within a protected environment.
This includes:
- API credentials
- Encryption keys
- Service authentication tokens
Secrets are:
- Encrypted at rest
- Accessible only to authorized services
- Never stored in application code or logs
Network & Transport Security
AskQ enforces encryption across all network communication:
- HTTPS / SSL for all external access
- Encrypted internal service-to-service communication
- No unsecured endpoints exposed
Summary
AskQ’s security model ensures that:
✔ Data is retrieved securely from ERP systems
✔ Data is encrypted at rest and in transit
✔ Access is tightly controlled and audited
✔ AI processing is isolated, secure, and controlled
✔ Secrets and credentials are protected at all times
AskQ is designed to meet the expectations of enterprise security, IT, and compliance teams while remaining simple to deploy and operate.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article