Achieve Data Privacy Compliance with Sitecore (GDPR, CCPA, CDPR)

It started in April 2016 with EU's General Data Privacy Regulation (GDPR), then came China's Cybersecurity Law (CSL) in Nov 2016, also known as China Internet Security Law, then add China's Data Protection Regulation (CDPR) to that and now California's Consumer Production Law (CCPA) went into effect in January 2020.

With ever increasing data privacy regulations across the globe going into effect, we are seeing an increase in demand for compliance from large and small, private and public enterprises alike. Although achieving full data privacy compliance for each of the regulations may be a tall order, there is a silver lining here. All of the data privacy regulations seem to have evolved from GDPR and hence you see a lot of similarities across them The means that there is a common denominator to achieving some level of compliance across all the regulations and that is what I will attempt to cover in this post.

If you deployed a leading Digital Experience Platform (DXP)…

Sitecore Omni: Sitecore APIs Explained

Whether you are looking to leverage the headless CMS capabilities of Sitecore XP or simply looking to federate content and presentation via Sitecore's APIs, Sitecore Omni has exactly what you are looking for.

Peeling the layers behind Sitecore Omni, here is everything you can get from Sitecore XP.

For the purpose of this post, I will focus on the API layer of Sitecore. Sitecore provides the following APIs:

Sitecore Services Client APISitecore GraphQL API Sitecore Layout Services API Sitecore Services Client APIUses ASP.NET Web API as foundation for a RESTful API.Provide ItemService (Sitecore content items) and EntityService (custom business objects).Allows execution of Sitecore Search. Pros Available OOTB in older and newer versions of Sitecore XP.Provides read-only access to content item as JSON OData. No server-side code needed.Provide RESTful API for CRUD operations on items and executing Sitecore Search queries.Supports authentication and authorization.No extra licensing cost.S…

Decision tree for selecting the best cloud hosting option (App service, VM, Containers, Serverless)

While working on a project last year, we were looking at various options for our Microservices hosting strategy. My colleague came across this decision workflow from Microsoft for their Azure hosting service options and I thought of sharing it here.

This decision workflow can help in the following scenarios (and others):

Hosting options for new build vs migrationOverall cloud migration strategyWeb & API hosting optionsIaaS vs PaaS vs serverlessMicroservices deployment and scaling strategy Feel free to comment on ways in which this may have helped you.

Performance Monitoring, Testing & Optimization - Part 1

Part 1 - Performance Monitoring When somebody raises the issue of performance my first question to them is, "show me the data".

Quite often I notice, there isn't sufficient data to support the perception. So my first suggestion is let's do some baselining.

Broadly speaking, performance of web based software solution can be split into two categories:
Server Side PerformanceClient Side Performance Performance testing requires the following components:
Performance KPIsPerformance monitoring toolsPerformance testing toolsTest environmentsLoad distribution modelTest scenariosReporting data In this article (Part 1) we will cover #1 & #2 as the first step towards setting up a holistic performance testing practice is to know what to measure and how to measure it. Performance KPIs Baselining performance requires monitoring a comprehensive set of client-side and server-side KPIs.
Server-side KPIsKPI Description Response Time Response Times for each transaction in seconds Hits …

Sitecore Symposium 2019: Marketing personalized at scale with Sitecore + SFMC = Success

Here is the slide deck from my presentation at Sitecore Symposium 2019:

Marketing personalized at scale sitecore + sfmc = success final final from VarunNehra

Quick guide to attending Sitecore Symposium

Sitecore symposium is their biggest annual event hosted by Sitecore. It's usually during the month of October or November and officially lasts 5 days Day 1 is considered pre-conference dayDay 2, 3, 4 are actual conference days with the Symposium Party on Day 3 and the closing note on day 4 at noon.Day 5 is MVP summit and open to Sitecore MVPs only The attendance is almost a 50-50 distribution of clients and partners. Buying a passIf you are selected as a speaker you get a free pass.Early bird pricing can save you hundreds so look out for early bird pricing dates.If early bird pricing has expired.If you are a partner, you could become a sponsor and score some free passes.If you are a client or prospect, you should get in touch with your vendor partner as they may have discounted passes or even free passes they can offer you.If you are an individual looking for a last min discount, follow #SitecoreSym on Twitter for $100 discount code from Sitecore MVPs.If you just woke up and realiz…

Sitecore PaaS deployment topologies for Multi-regional scaling

As we all know, there are two main deployment topologies for Sitecore XP:
Single - mostly for developer and integration environmentsScaled - for all other environments This post is intended to cover regional deployment and scaling options for a fully scaled production PaaS deployment.
There are three ways in which you can regionally scale Sitecore: Regionally scaled content delivery with shared xDBRegionally scaled content delivery with isolated xDBRegionally isolated Sitecore deploymentOption #1 is the most common scaling option and works in the the following scenario: Content & experience management is regionally centralizedMarketing operations, marketing automation and digital marketing activities in general are regionally centralizedWeb analytics collection is regionally centralized This basically means that operationally speaking, the organization is fairly centralized in their management and governance for the following: Content creation, publishing, permissions, versioning, ar…

Sitecore, GDPR, China's Cyber Security Law (CSL) & Data Protection Regulation (CDPR)

China has had strong data protection regulation for a while and it only seems to be getting tighter in 2019.  Increasingly, clients running Sitecore as their digital CXM platform require multi-regional deployments, and deploying solutions in the APAC region usually tends to pose a challenge.

A couple of years ago, it may have been easy enough to simply carve out some infrastructure local to China and direct all local language variant traffic to the instance. But this is no longer sufficient.
China seems to have taken a lot of articles from GDPR and continues to add to them and make privacy law even from stringent.
Sitecore has quite a few provisions OOTB for handling some of the GDPR articles and the other can be handled via either solution design, custom implementation or system architecture.
Here is are some of the ToDos related to CSL, CDPR as they relate to GDPR.
Compliance via solution design & custom implementation CSL & GDPR: Implement consent and opt-in/opt-out prefer…

Sitecore Symposium 2018: Session Recommendation Engine

Here is the slide deck from my presentation at Sitecore Symposium 2018.

Update: Uploaded deck to SlideShare.

Sitecore: Session recommendation engine from VarunNehra

Accelerating Time To Market with Sitecore & Helix

Here is my slide deck for my talk at Sitecore Digital Destiny Tour 2018.

Update: Link to SlideShare

Accelerating Time To Market with Sitecore & Helix from VarunNehra