Data privacy
Sitecore recommends that customers gain an understanding of how their compliance obligations can be achieved when using Content Hub. Sitecore is committed to ensuring the security and privacy of customer data with Content Hub, and this commitment is reinforced by Sitecore’s compliance with globally recognized standards.
A shared responsibility
The foundation for Content Hub’s data security and privacy approach is built upon a shared responsibility model. With the shared responsibility model, Sitecore delivers a solution that safeguards the customer’s data, while customers properly implement Content Hub and their front-end application to meet their data security and privacy obligations.
Sitecore's responsibility
Sitecore ensures that Content Hub implements controls for securing and protecting customer data. The controls are in place at each tier of the Content Hub architecture, and they include, but are not limited to:
-
Public cloud infrastructure
-
Sitecore secures, manages, and monitors the cloud infrastructure used to run the Content Hub services in partnership with its public cloud partner: Microsoft Azure.
-
Sitecore applies regular operating system updates.
-
Sitecore applies and monitors network and host-level controls, via the Sitecore Security Operations Center (SOC).
-
-
Storage
-
Content Hub segregates database and file storage between customers.
-
Content Hub manages customer data through Elastic, Redislabs and Azure Blob storage, with all data encrypted both at rest and in transit.
-
Content Hub maintains database and storage backups in geo-redundant locations to ensure availability if a data center region is impacted.
-
Customer data in Content Hub is not accessed without the customer’s explicit consent.
-
-
Application
-
Content Hub is implemented through a secure software development lifecycle to ensure that the Content Hub application is implemented with security best practices.
-
Content Hub uses scanning and third-party penetration testing to validate its products.
-
Content Hub logically separates customer environments.
-
Content Hub provides a role-based access control model that enables customers to define which users have access to their environments, Sitecore applications, and data.
-
Content Hub supports single sign-on (SSO) with OpenID Connect (OIDC) and SAML identity providers.
-
-
Delivery
-
Content Hub users can only access their content in Content Hub using a secure access token.
-
Content Hub utilizes a web application firewall (WAF), content delivery network (CDN), and rate limiting to ensure a predictable quality of service.
-
The customer's responsibility
Customers are responsible for implementing Content Hub and their front-end head applications in a manner that enables them to meet their compliance obligations.
Data privacy implementation considerations
Content Hub is a content management system and, by design, does not capture personal data. Some implementations of Content Hub might allow capturing personal data. These implementations and decisions regarding the handling of personal data should align with the customer's data policies and architectural guidelines.
When managing data that interfaces with Content Hub, customers must be aware of the following product functionality and implementation considerations.
Content Hub user information
The Sitecore identity service manages the Content Hub customer's users and their roles, and requires their names and email addresses. The identity service can be configured to use multi-factor authentication through the customer’s OpenID Connect (OIDC) or SAML SSO provider. The service does not store names or email addresses of the customer's website visitors.
Personal data
As a full-fledged content management system (CMS), Content Hub can be configured to store any type of content. However, Content Hub should never be used to store personally identifiable information (PII) or protected health information (PHI). Instead, Sitecore recommends that customers using PII or PHI follow modern web development best practices and keep that data in their system of record and not in Content Hub.
Customers taking this approach can ensure that the personal data is managed within a single source, controlling where that data resides across their enterprise application, for ease of compliance.