Kaspersky Lab announces that threat-related data shared by European users will now be processed in two data centers located in Zurich, Switzerland, along with the opening of the company’s first Transparency Center. These activities initiate the first part of a relocation commitment made by the company in late 2017 as part of the Global Transparency Initiative.
The relocation of data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks. The move also reflects the company’s determination to assure the integrity and trustworthiness of its products, services and internal processes.
Kaspersky Lab products in Europe will start to be processed in two data centers, which are world-class facilities in compliance with industry standards to ensure the highest levels of security. The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.
Protection of customers’ data, together with the safety and integrity of infrastructure, is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019. The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during future phases of the Global Transparency Initiative.
Today also marks the opening of Kaspersky Lab’s first Transparency Center in Zurich, enabling authorized partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities. Through the Transparency Center, Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment.
According to independent rankings, Switzerland is among the world’s top locations in terms of the number of secure internet servers available, and the country has an international reputation as an innovative center for data processing and high quality IT infrastructure. Being in the heart of Europe and, at the same time, a non-EU member, Switzerland established its own data privacy regulation, which is guaranteed by the state’s constitution and federal laws. In addition, there are strict regulations on processing data requests received from authorities.
Liv Minder, investment promotion director from Switzerland Global Enterprise, said:
“The settlement of Kaspersky’s Transparency Center in Switzerland underlines that our country has become a global center for innovation and technology with a strong cyber security cluster, offering advanced and secure digital infrastructure within a strong framework of security and privacy that attracts ever more technology leaders"
In October 2017, the Kaspersky Lab Global Transparency Initiative was announced, and these initiatives in Switzerland mark continued progress of the company’s plans. These two major developments will be followed by the relocation of data processing for other regions and, in phase two, the move of software assembly to Zurich as well.
Eugene Kaspersky, CEO of Kaspersky Lab, said:
“Transparency is becoming the new normal for the IT industry – and for the cybersecurity industry in particular. We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world. The promises made in our Global Transparency Initiative are coming to fruition, enhancing the resilience and visibility of our products. Through the new Transparency Center, also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning, for the company, and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard"
In addition to the Transparency Center opening and the IT infrastructure relocation, a number of other actions are being undertaken. In particular, Kaspersky Lab has engaged one of the Big Four professional services firms to conduct an audit of the company's engineering practices around the creation and distribution of threat detection rule databases, with the goal of independently confirming their accordance with the highest industry security practices.
The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records, created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for Q2 2019.
Additionally, Kaspersky Lab continues to improve the security of its products with the help of a community of security enthusiasts from all over the world through its bug bounty program. Within one year, Kaspersky Lab resolved more than 50 bugs reported by security researchers, of which several were acknowledged to be especially valuable.