Kaspersky moves to build transparency in security

In a further move to allay fears in the West of possible security compromises due to its Russian origin, Kaspersky Lab has announced that malicious and suspicious files shared by users of Kaspersky Lab products in Europe will start to be processed in data centers in Zurich.

This initiates the first part of a relocation commitment made by the company in late 2017 under its Global Transparency Initiative. Kaspersky Lab says the move symbolises its determination to assure the integrity and trustworthiness of its products. It is accompanied by the opening of the company’s first Transparency Center, also in Zurich.

 The relocation of data processing is part of a major infrastructure move designed to increase the resilience of the company’s IT infrastructure to risks of data breaches and supply-chain attacks, and to further prove the trustworthiness of its products, services and internal processes.

The move comes a day after the Paris Call for trust and security in cyberspace unveiled at the Paris Peace Forum on November 12 by President Emmanuel Macron and Foreign Affairs minister Jean-Yves Le Drian.

The Paris Call lays out several important principles and guidelines for international cybersecurity. In particular, it recognises the responsibilities of key private sector actors in improving trust, security and stability in cyberspace, and encourages initiatives aimed at strengthening the security of digital processes and products across the supply chain. It also promotes broad digital cooperation and a multi-stakeholder approach to build confidence, capacity and trust.

Kaspersky Lab says the call coincides with its own championing of international cooperation on cyber issues and the need to counter the risk of balkanisation.

The company said in a statement: “Online crime is borderless; and so must be the world’s response. We cannot fight back if we are isolated and fragmented. Shared intelligence and public-private partnerships, for instance through cooperation between national police forces and cybersecurity companies, are necessary to ensure stronger protection for all.

“The solution is also to become more transparent and to give stakeholders proof that they can trust cybersecurity. We have started already through our Global Transparency Initiative (GTI), a programme designed to build trust, accountability, assurance and resilience. Within the GTI framework, we are relocating some of our infrastructure to Switzerland – starting from November 13, 2018, when we begin to process suspicious and malicious files shared by users in Europe, in Zurich, and open the doors of our first Transparency Center in the city. More data and processes, and more regions, will follow.”

Eugene Kaspersky, CEO of Kaspersky Lab, said today: “I’m very glad to see the wheels are turning to international cyberspace cooperation. The Paris Call for Trust and Security in Cyberspace announced by the French authorities is a very positive shift given the atmosphere of growing mistrust that the cybersecurity industry is experiencing now. This Call recognises the responsibilities of leaders of the private sector in improving trust, security and stability in cyberspace.

“That’s exactly what our efforts have been focused on lately in many of our company’s initiatives – to become more transparent, to prove our trustworthiness, and, as we love to do, become pioneers of a new industry standard. We’ll undoubtedly continue to push for cooperation in the industry and open doors in cyberspace, and it’s great to feel supported in this mission!”

From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.

Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymised threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.

Today also marks the opening of Kaspersky Lab’s first Transparency Center in Zurich, enabling authorised partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities. Through the Transparency Center, Kaspersky Lab will provide governments and partners with information on its products and their security, including essential and important technical documentation, for external evaluation in a secure environment. These two major developments will be followed by the relocation of data processing for other regions and, in phase two, the move to Zurich of software assembly.

According to independent rankings, Switzerland is among the world’s top locations in terms of the number of secure internet servers available, and it has an international reputation as an innovative center for data processing and high quality IT infrastructure. Being in the heart of Europe and, at the same time, a non-EU member, it has established its own data privacy regulation that is guaranteed by the state’s constitution and federal laws. In addition, there are strict regulations on processing data requests received from authorities.

“Transparency is becoming the new normal for the IT industry– and for the cybersecurity industry in particular,” said the CEO. “We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world.”

Liv Minder, Investment Promotion Director at Switzerland Global Enterprise, said: “The settlement of Kaspersky’s Transparency Center in Switzerland underlines that our country has become a global centre for innovation and technology with a strong cyber security cluster, offering advanced and secure digital infrastructure within a strong framework of security and privacy that attracts ever more technology leaders.”