Data privacy
Sitecore recommends that customers gain an understanding of how their compliance obligations can be achieved when using XM Cloud. Sitecore is committed to ensuring the security and privacy of customer data with XM Cloud, and this commitment is reinforced by Sitecore’s compliance with globally recognized standards.
A shared responsibility
The foundation for XM Cloud’s data security and privacy approach is built upon a shared responsibility model. With the shared responsibility model, Sitecore delivers a solution that safeguards the customer’s data, while customers properly implement XM Cloud and their front-end application to meet their data security and privacy obligations.
Sitecore's responsibility
Sitecore ensures that XM Cloud implements controls for securing and protecting customer data. The controls are in place at each tier of the XM Cloud architecture, and they include, but are not limited to:
-
Public cloud infrastructure
-
Sitecore secures, manages, and monitors the cloud infrastructure used to run the XM Cloud services in partnership with its public cloud partners: Microsoft Azure and Amazon Web Services (AWS).
-
Sitecore applies regular operating system updates.
-
Sitecore applies and monitors network and host-level controls, via the Sitecore Security Operations Center (SOC).
-
-
Storage
-
XM Cloud segregates database and file storage between customers.
-
XM Cloud manages customer data through Azure SQL and Azure Blob storage, with all data encrypted at rest and in transit. XM Cloud uses Transparent Data Encryption (TDE) for Azure SQL and service-side encryption (SSE) for Blob storage. Both use Microsoft-managed 256-bit AES encryption keys that are FIPS 140-2 compliant.
-
XM Cloud maintains database and storage backups in geo-redundant locations to ensure availability if a data center region is impacted.
-
Customer data in XM Cloud is not accessed by Sitecore without the customer's explicit permission.
-
-
Application
-
XM Cloud is implemented through a secure software development lifecycle to ensure that the XM Cloud application is implemented with security best practices.
-
XM Cloud uses scanning and third-party penetration testing to validate its products.
-
XM Cloud logically separates customer environments.
-
XM Cloud provides a role-based access control model that enables customers to define which users have access to their environments, Sitecore applications, and data.
-
XM Cloud supports single sign-on (SSO) with OpenID Connect (OIDC) and SAML identity providers.
-
-
Delivery
-
XM Cloud users can only access their content in XM Cloud using a secure access token.
-
XM Cloud utilizes a web application firewall (WAF), content delivery network (CDN), and rate limiting to ensure a predictable quality of service.
-
The customer's responsibility
Customers are responsible for implementing XM Cloud and their front-end head applications in a manner that enables them to meet their compliance obligations. Customers must be cognizant of personal site visitor data that's presented or captured through their front-end application.
Data privacy implementation considerations
XM Cloud is a content management system and, by design, does not capture personal data. Some implementations of XM Cloud might allow capturing personal data. These implementations and decisions regarding the handling of personal data should align with the customer's data policies and architectural guidelines.
When managing data that interfaces with XM Cloud, customers must be aware of the following product functionality and implementation considerations.
XM Cloud user information
The Sitecore identity service manages the XM Cloud customer's users and their roles, and requires their names and email addresses. The identity service can be configured to use multi-factor authentication through the customer’s OpenID Connect (OIDC) or SAML SSO provider. The service does not store names or email addresses of the customer's website visitors.
Personal data
As a full-fledged content management system (CMS), XM Cloud can be configured to store any type of content. However, XM Cloud should never be used to store personally identifiable information (PII) or protected health information (PHI). Instead, Sitecore recommends that customers using PII or PHI follow modern web development best practices and keep that data in their system of record and not in XM Cloud. If needed, the personal data can be accessed from the system of record through APIs to compose the content in the front-end head application.
Customers taking this approach can ensure that the personal data is managed within a single source, controlling where that data resides across their enterprise application, for ease of compliance.
Using visitor data for personalization
XM Cloud’s personalization service enables customers to deliver personalized experiences to their site visitors. The personalization service tracks site visit engagement by storing first-party cookies in visitors' web browsers. Further details on the cookie behavior can be found here.
Capturing visitor data using Forms
XM Cloud Forms enables customers to collect data from site visitors through form submissions. Submitted form data is stored encrypted within the customer's primary XM Cloud region for up to 24 hours before the configured webhook is called to transfer the forms data to the specified destination. When the webhook is successfully executed, the form submission data is deleted from XM Cloud. If a webhook fails, the data is lost and not saved within XM Cloud.