Security Considerations

Primero is designed with the understanding that it manages extremely sensitive data. The application has mechanisms for ensuring data confidentiality and sharing of information based on consent and need. The system is designed for stability and durability.

Primero v2 has updated and revised its approach to security. Core components have been upgraded or redesigned. UNICEF has implemented Primero v2 as a SaaS solution called Primero X. It runs on Microsoft Azure infrastructure. Some additional security provisions are guaranteed with Primero X.

Functional Security

Some security precautions are implemented explicitly as application behavior. Primero is being developed following security recommendations set out by the OWASP (https://www.owasp.org).

Platform Security

Primero is designed, developed and deployed as a full service platform. This includes both the web and mobile applications as well as the operating system hosting them. Primero is being positioned for distribution as a service, running on the Microsoft Azure cloud (https://azure.microsoft.com). This allows us to leverage Azure cloud hosting tools and SLAs to ensure greater consistency of deployment and security.

Self-hosted Primero relies on Ansible (https://www.ansible.com), a devops automation tool, to deploy Primero Docker images. This guarantees that Primero servers are always in a known state which is integral to identifying and remediating system security issues.

Process

In 2014, Primero underwent a comprehensive security assessment and 3rd party security code review and penetration testing. A threat model was established for the product that has guided subsequent security work. The threat model is reviewed and updated with each major development effort.

UNICEF ICTD and Quoin collaborate in performing regular security scans of the system using Fortify on Demand, a 3rd party penetration testing tool.

(https://www.microfocus.com/en-us/cyberres/application-security/fortify-on-demand)

As the primary developer for Primero, Quoin regularly reviews public security vulnerability alerts for the open source components of Primero. Software engineers:

In addition, a security review based on the threat model and on common OWASP guidelines is performed for each significant development effort. The vulnerabilities are evaluated and prioritized based on potential risk. Security remediation work is queued up as part of Primero’s ongoing global support.

The Primero CI/CD pipeline is incorporating open source dynamic scans into its release process for Docker image builds based on OWASP ZAP (https://owasp.org/www-project-zap).

Updated versions of Primero are regularly tested by a dedicated UNICEF QA team and released for deployment.

FAQ

This list of frequently asked questions will be updated periodically.

Last updated on 29 April 2021