Storage at rest
Sitecore Content Hub™ provides customers with the ability to store data in an encrypted format. The cloud provider should not have any requirements that would prevent the use of a gateway encryption service or an application to encrypt data before reaching the service.
Interoperability and portability
Unstructured data can be exported in bulk with metadata and security Access Control Lists (ACL) attached in a non-proprietary format, either by the user or Sitecore Product Support Services. Automated export processes are not required.
Databases can be exported into a non-proprietary format, either by the user or the service provider. Automated export processes are not required. Service level agreements exist so that data is available when the customer needs it, preventing a “run-on-the-bank” scenario.
Vulnerabilities might be found by the customer, the application vendor, or a third-party. High-risk vulnerabilities can be:
Any bug that allows for circumvention of the authentication mechanism.
Any bug that enables disclosure of credential information, including but not limited to: usernames, passwords, or API tokens.
Any bug that allows for an attacker to run arbitrary code, including but not limited to SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Remote Code Execution.
Any report of the application logging confidential data includes confidential data not required for the log's purpose, passwords, or API tokens.
Any bug that affects log data or enables an attacker to destroy existing log data or prevent logging of their actions.
Once the vulnerability has been disclosed to the vendor, the following service levels are delivered:
|Service level||Remediation time|
|Critical||On the same day|
|High||5 business days|
|Medium||15 business days|
|Low||30 business days|
We can disable a customer’s instance of the hosted application immediately upon request in response to a vulnerability.
Can we improve this article ? Provide feedback