From today, malicious and suspicious files shared by users of Kaspersky Lab products in Europe will start to be processed in data centers in Zurich, initiating the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative. The move reflects Kaspersky Lab’s determination to assure the integrity and trustworthiness of its products and is accompanied by the opening of the company’s first Transparency Center, also in Zurich.
The relocation of data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks, and to further prove the trustworthiness of its products, services and internal processes.
From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.
The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.
Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. Protection of customers’ data, together with the safety and integrity of infrastructure is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019. The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.
Today also marks the opening of Kaspersky Lab’s first Transparency Center in Zurich, enabling authorized partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities. Through the Transparency Center, Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment.
These two major developments will be followed by the relocation of data processing for other regions and, in phase two, the move to Zurich of software assembly.
According to independent rankings, Switzerland is among the world’s top locations in terms of the number of secure internet servers available, and it has an international reputation as an innovative center for data processing and high quality IT infrastructure. Being in the heart of Europe and, at the same time, a non-EU member, it has established its own data privacy regulation that is guaranteed by the state’s constitution and federal laws. In addition, there are strict regulations on processing data requests received from authorities.
Commenting on the start of data processing in Europe and the opening of the first Transparency Center, Eugene Kaspersky, CEO Kaspersky Lab said:
“Transparency is becoming the new normal for the IT industry – and for the cybersecurity industry in particular. We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world. The promises made in our Global Transparency Initiative are coming to fruition, enhancing the resilience and visibility of our products. Through the new Transparency Center, also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning – for the company and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard.”
Commenting on Kaspersky Lab’s infrastructure move to Switzerland, Liv Minder, Investment Promotion Director from Switzerland Global Enterprise, added:
“The settlement of Kaspersky’s Transparency Center in Switzerland underlines that our country has become a global center for innovation and technology with a strong cyber security cluster, offering advanced and secure digital infrastructure within a strong framework of security and privacy that attracts ever more technology leaders.”
Kaspersky Lab’s Global Transparency Initiative was announced in October 2017 and continues to make good progress. In addition to the Transparency Center opening and the IT infrastructure relocation, a number of other actions are being undertaken.
In particular, Kaspersky Lab has engaged one of the Big Four professional services firms to conduct an audit of the company’s engineering practices around the creation and distribution of threat detection rule databases, with the goal of independently confirming their accordance with the highest industry security practices.
The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records, created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for Q2 2019.
Additionally, Kaspersky Lab continues to improve the security of its products with the help of a community of security enthusiasts from all over the world. Within one year, Kaspersky Lab resolved more than 50 bugs reported by security researchers, of which several were acknowledged to be especially valuable.
Learn more about Kaspersky Lab transparency principles and the Global Transparency Initiative here: www.kaspersky.com/about/transparency
photo: Adrian Bretscher