1. Getting started with Managed Cloud Standard

Managed Cloud roles and responsibilities

Version:

This topic describes the roles, responsibilities, and security model for Managed Cloud solutions. Roles and responsibilities are described using the RACI model, where R = Responsible, A = Accountable, C = Consultant, and I = Informed.

Sitecore customers on Managed Cloud own the data and can apply changes to the Managed Cloud environment. This also means that customers are responsible for the confidentiality, integrity, and availability of Sitecore Managed Cloud resources and data.

The following tables indicate the roles and responsibilities associated with the various security functions in Sitecore Managed Cloud solutions.

Activation and termination

This table shows the responsibilities for order activation and termination of Sitecore Managed Cloud environments.

Activity

Customer/Partner

Sitecore

Request environment and specify characteristics

R, A

I

Sitecore Managed Cloud activation

I

R, A

Sitecore Managed Cloud termination

I

R, A

30 days data retention after termination

I

R, A

Provisioning of Sitecore environments

This table shows the responsibilities for the provisioning, resetting, and deprovisioning of Managed Cloud environments.

Activity

Customer/Partner

Sitecore

Create new environment, installation, and initial set up:

C

R, A

Delete existing environment

C

R, A

Reset existing environment

C

R, A

Sitecore application design and implementation

This table shows the responsibilities for Sitecore application design and implementation.

Activity

Customer/Partner

Sitecore

Initial application security setup

I

R, A

Resource sizing (as dictated by custom solution)

R, A

C, I

Sitecore software upgrade planning

R, A

I

Design, configuration, or customization of Sitecore solution

R, A

I

Application optimization (such as performance tuning, optimizing, database, and so on)

R, A

I

Application performance tuning (Sitecore products)

R, A

I

Perform in-place Sitecore version upgrade

(In-place upgrades of Managed Cloud environments are not recommended)

R, A

I

Sitecore platform hotfix and patch installation and configuration

R, A

C

Infrastructure and server management

This table shows the responsibilities for Sitecore Managed Cloud infrastructure and server management.

Activity

Customer/Partner

Sitecore

Perform initial provisioning check

I

R, A

Scale infrastructure services (Web App, Solr, Azure SQL, Redis cache, and so on)

A

R

Initial Web Application Firewall - deployment and configuration (subject to purchase)

A

R

Initial security setup (Azure SQL firewall)

C

R, A

Network firewalls and post-deployment security setup (Azure SQL firewall)

R, A

C

Set up third-party services (DevOps tools, CDN, databases, and so on)

R, A

C

Custom domain setup (a record)

R, A

C

Initial setup and configuration of backup services (blobs, database) - subject to purchase

I

R, A

Customization of backup schedules and services

R

A

Consolidation of billing

I

R, A

Infrastructure performance optimization

R, A

I

Monitoring and incident notification

This table shows the responsibilities for Sitecore Managed Cloud monitoring and for notification if there is an incident.

Activity

Customer/Partner

Sitecore

Managed Cloud infrastructure monitoring (CPU/RAM, network and so on)

I

R, A

Sitecore Managed Cloud platform consumption usage monitoring

C, I

R, A

Take action on recommendations from infrastructure alert(s)

A

R

Sitecore application monitoring

R, A

I

Monitoring for application security events and notification

R, A

C

Monitoring for data-related security events and notification

R, A

C

Monitoring for infrastructure resource availability

C

R, A

Web Application Firewall monitoring and alerting (ongoing)

R, A

I

Notification of security events related to the Azure platform

C

R, A

Infrastructure incident notification

I

R, A

Security incident management in infrastructure

I

R, A

Security: access and user administration

This table shows the responsibilities for user access and administration in Managed Cloud solutions.

Activity

Customer/Partner

Sitecore

Set up Identity and Active Directory infrastructure including account administration

C

R, A

Sitecore CMS user access administration (initial setup)

C

R, A

Sitecore CMS user access administration (ongoing)

R, A

C, I

Define Sitecore environment access permissions and security configuration

R, A

C, I

Implement customer-defined Sitecore environment access and security configuration

A, C

R

Security: physical

This table shows the responsibilities for the physical components of a Managed Cloud solution.

Item

Customer/Partner

Sitecore

Physical data center

I

R, A

Physical network

I

R, A

Physical hosts

I

R, A

Security: Sitecore application

This table shows the responsibilities for the security of different aspects of the Sitecore application in a Managed Cloud solution.

Activity

Customer/Partner

Sitecore

Base application security

I

R, A

Deployment and security hardening

R, A

C

Implementation of authentication mechanism

R, A

C

Custom code deployment

R, A

C

Sitecore application and customer solution change management

R, A

C

Configuring application security logging

R, A

I

Set up initial security in customized Sitecore application code

R, A

I

Azure App service operating system maintenance, including regular security patching and updates (delivered by Microsoft)

C, I

R, A

Security: Azure platform

This table shows the responsibilities for the security of different aspects of the Azure platform in a Managed Cloud solution.

Activity

Customer/Partner

Sitecore

Configuration of encryption at rest and in motion (part of initial environment provisioning)

C, I

R, A

Configure and perform disaster recovery (Available as an add-on purchase)

C, I

R, A

Configure host security - hardened OS

I

R, A

Operating system (PaaS)

I

R, A

Sitecore Cloud operations change management (via ServiceNow)

C, I

R, A

Azure DDoS IP Protection initial setup (if purchased by customer)

C, I

R, A

Azure DDoS IP Protection post-provisioning (if purchased by customer)

R

A

Define basic Web Application Firewall requirements - rule management (Azure Front Door)

R, A

C

Initial deployment security hardening of Sitecore product (PaaS)

C

R, A

Ongoing security hardening of Sitecore application

R, A

C

Security: certificates and key management

This table shows the responsibilities for certificates and key management in a Managed Cloud solution.

Activity

Customer/Partner

Sitecore

Self-signed certificate for non-production environments

I

R, A

Obtain public SSL certificates from Trusted Root Authority

R, A

C

SSL certificate deployment

R

A

SSL certificate configuration

R, A

C, I

Encryption key upload (Azure Key Vault) – initial product deployment

C, I

R, A

Encryption key upload (Azure Key Vault) – ongoing management of customer owned keys and certificates

R, A

C, I

Privacy and data protections laws

In Sitecore Managed Cloud, we process the data that we receive from our customers. In GDPR terminology, we are a Data Processor. Under the CCPA, we are a Service Provider. Accordingly, we have Data Processor Agreements with the relevant clauses in place with our customers to ensure compliance.

For more information, visit our Trust Center.

Cloud operations procedures

Sitecore Cloud operations procedures include formal standards for the following:

  • Customer onboarding, including the creation of user accounts.

  • Infrastructure resource creation and setup.

  • Data creation and setup.

  • Disposal standards to securely delete infrastructure resources.

  • Data disposal standards.

  • Capacity management to identify capacity and availability-related issues.

  • Issues and event management.

If you have suggestions for improving this article, let us know!