Managed Cloud roles and responsibilities

Version:

This topic describes the roles, responsibilities, and security model for Managed Cloud solutions. Roles and responsibilities are described using the RACI model, where R = Responsible, A = Accountable, C = Consultant, and I = Informed.

Sitecore customers on Managed Cloud own the data and can apply changes to the Managed Cloud environment. This also means that customers are responsible for the confidentiality, integrity, and availability of Sitecore Managed Cloud resources and data.

The following tables indicate the roles and responsibilities associated with the various security functions in Sitecore Managed Cloud solutions.

Activation and termination

This table shows the responsibilities for order activation and termination of Sitecore Managed Cloud environments.

ActivityCustomer/PartnerSitecore
Request environment and specify characteristicsR, AI
Sitecore Managed Cloud activationIR, A
Sitecore Managed Cloud terminationIR, A
30 days data retention after terminationIR, A

Provisioning of Sitecore environments

This table shows the responsibilities for the provisioning, resetting, and deprovisioning of Managed Cloud environments.

ActivityCustomer/PartnerSitecore
Create new environment, installation, and initial set up:CR, A
Delete existing environmentCR, A
Reset existing environmentCR, A

Sitecore application design and implementation

This table shows the responsibilities for Sitecore application design and implementation.

ActivityCustomer/PartnerSitecore
Initial application security setupIR, A
Resource sizing (as dictated by custom solution)R, AC, I
Sitecore software upgrade planningR, AI
Design, configuration, or customization of Sitecore solutionR, AI
Application optimization (such as performance tuning, optimizing, database, and so on)R, AI
Application performance tuning (Sitecore products)R, AI
Perform in-place Sitecore version upgrade

(In-place upgrades of Managed Cloud environments are not recommended)
R, AI
Sitecore platform hotfix and patch installation and configurationR, AC

Infrastructure and server management

This table shows the responsibilities for Sitecore Managed Cloud infrastructure and server management.

ActivityCustomer/PartnerSitecore
Perform initial provisioning checkIR, A
Scale infrastructure services (Web App, Solr, Azure SQL, Redis cache, and so on)AR
Initial Web Application Firewall - deployment and configuration (subject to purchase)AR
Initial security setup (Azure SQL firewall)CR, A
Network firewalls and post-deployment security setup (Azure SQL firewall)R, AC
Set up third-party services (DevOps tools, CDN, databases, and so on)R, AC
Custom domain setup (a record)R, AC
Initial setup and configuration of backup services (blobs, database) - subject to purchaseIR, A
Customization of backup schedules and servicesRA
Consolidation of billingIR, A
Infrastructure performance optimizationR, AI

Monitoring and incident notification

This table shows the responsibilities for Sitecore Managed Cloud monitoring and for notification if there is an incident.

ActivityCustomer/PartnerSitecore
Managed Cloud infrastructure monitoring (CPU/RAM, network and so on)IR, A
Sitecore Managed Cloud platform consumption usage monitoringC, IR, A
Take action on recommendations from infrastructure alert(s)AR
Sitecore application monitoringR, AI
Monitoring for application security events and notificationR, AC
Monitoring for data-related security events and notificationR, AC
Monitoring for infrastructure resource availabilityCR, A
Web Application Firewall monitoring and alerting (ongoing)R, AI
Notification of security events related to the Azure platformCR, A
Infrastructure incident notificationIR, A
Security incident management in infrastructureIR, A

Security: access and user administration

This table shows the responsibilities for user access and administration in Managed Cloud solutions.

ActivityCustomer/PartnerSitecore
Set up Identity and Active Directory infrastructure including account administrationCR, A
Sitecore CMS user access administration (initial setup)CR, A
Sitecore CMS user access administration (ongoing)R, AC, I
Define Sitecore environment access permissions and security configurationR, AC, I
Implement customer-defined Sitecore environment access and security configurationA, CR

Security: physical

This table shows the responsibilities for the physical components of a Managed Cloud solution.

ItemCustomer/PartnerSitecore
Physical data centerIR, A
Physical networkIR, A
Physical hostsIR, A

Security: Sitecore application

This table shows the responsibilities for the security of different aspects of the Sitecore application in a Managed Cloud solution.

ActivityCustomer/PartnerSitecore
Base application securityIR, A
Deployment and security hardeningR, AC
Implementation of authentication mechanismR, AC
Custom code deploymentR, AC
Sitecore application and customer solution change managementR, AC
Configuring application security loggingR, AI
Set up initial security in customized Sitecore application codeR, AI
Azure App service operating system maintenance, including regular security patching and updates (delivered by Microsoft)C, IR, A

Security: Azure platform

This table shows the responsibilities for the security of different aspects of the Azure platform in a Managed Cloud solution.

ActivityCustomer/PartnerSitecore
Configuration of encryption at rest and in motion (part of initial environment provisioning)C, IR, A
Configure and perform disaster recovery (Available as an add-on purchase)C, IR, A
Configure host security - hardened OSIR, A
Operating system (PaaS)IR, A
Sitecore Cloud operations change management (via ServiceNow)C, IR, A
Azure DDoS IP Protection initial setup (if purchased by customer)C, IR, A
Azure DDoS IP Protection post-provisioning (if purchased by customer)RA
Define basic Web Application Firewall requirements - rule management (Azure Front Door)R, AC
Initial deployment security hardening of Sitecore product (PaaS)CR, A
Ongoing security hardening of Sitecore applicationR, AC

Security: certificates and key management

This table shows the responsibilities for certificates and key management in a Managed Cloud solution.

ActivityCustomer/PartnerSitecore
Self-signed certificate for non-production environmentsIR, A
Obtain public SSL certificates from Trusted Root AuthorityR, AC
SSL certificate deploymentRA
SSL certificate configurationR, AC, I
Encryption key upload (Azure Key Vault) – initial product deploymentC, IR, A
Encryption key upload (Azure Key Vault) – ongoing management of customer owned keys and certificatesR, AC, I

Privacy and data protections laws

In Sitecore Managed Cloud, we process the data that we receive from our customers. In GDPR terminology, we are a Data Processor. Under the CCPA, we are a Service Provider. Accordingly, we have Data Processor Agreements with the relevant clauses in place with our customers to ensure compliance.

For more information, visit our Trust Center.

Cloud operations procedures

Sitecore Cloud operations procedures include formal standards for the following:

  • Customer onboarding, including the creation of user accounts.
  • Infrastructure resource creation and setup.
  • Data creation and setup.
  • Disposal standards to securely delete infrastructure resources.
  • Data disposal standards.
  • Capacity management to identify capacity and availability-related issues.
  • Issues and event management.
If you have suggestions for improving this article, let us know!