Recently,
as part of its Global Transparency
Initiative, Kaspersky Lab announced
that it is adapting its
infrastructure to move a number of core processes from Russia to Switzerland
and set up its first Transparency Center.
According
to the company, the move is to adapt to the needs of an
ultra-connected world in which people and organisations require greater
transparency and trust. As announced in October 2017, the
Global Transparency Initiative reflects Kaspersky
Lab’s ongoing commitment to assuring the integrity and
trustworthiness of its products.
“In a
rapidly changing industry such as ours we have to adapt to the evolving needs
of our clients, stakeholders and partners. Transparency is one such need, and
that is why we’ve decided to redesign our infrastructure and move our data
processing facilities to Switzerland. We believe such action will become a
global trend for cybersecurity, and that a policy of trust will catch on across
the industry as a key basic requirement,” said Mr Eugene Kaspersky, CEO of
Kaspersky Lab.
The
company also stated in its press release that trust is essential in
cybersecurity, and that it understands that trust is not a given; it must be
repeatedly earned through transparency and accountability.
To keep
customer safe from existing, new and emerging threats, the company is redesigning its infrastructure and moving the
location for where it stores and processes some of its data, and build new software, starting from 2018.
The
relocation of data storage and processing includes customer data storage and
processing for most regions such as Europe, North America, Australia, Japan, South
Korea and Singapore. By the
end of 2019, Kaspersky Lab will have established a data center in Zurich and in
this facility will store and process all information for users in these regions,
with more countries to follow. This information is shared voluntarily by users
with the Kaspersky Security Network (KSN) an advanced,
cloud-based system that automatically processes cyberthreat-related data.
The move
includes software assembly and threat detection updates. Kaspersky
Lab will relocate to Zurich its ‘software build conveyer’ — a set of
programming tools used to assemble ready to use software out of source code. By
the end of 2018, Kaspersky Lab products and threat detection rule databases (AV
databases) will start to be assembled and signed with a digital signature in
Switzerland, before being distributed to the endpoints of customers worldwide.
The relocation will ensure that all newly assembled software can be verified by
an independent organisation, and show that software builds and updates received
by customers match the source code provided for audit.
The
source code of Kaspersky Lab products and software updates will be available
for review by responsible stakeholders in a dedicated Transparency Center that
will also be hosted in Switzerland and is expected to open this year. This
approach will further show that generation after generation of Kaspersky Lab
products were built and used for one purpose only: protecting the company’s
customers from cyberthreats.
To ensure
full transparency and integrity, Kaspersky Lab is arranging for the data
storage and processing, software assembly, and source code to be independently
supervised by a third party qualified to conduct technical software reviews. The
independent third party is also based in Switzerland.
Since
transparency and trust are becoming universal requirements across the
cybersecurity industry, Kaspersky Lab supports the creation of a new,
non-profit organisation to take on this responsibility, not just for the
company, but for other partners and members who wish to join. The
company also has plans to set up Transparency Centers in Asia and North America by 2020.
The new
measures are the next steps in the development of the initiative, but they also
reflect the company’s commitment to working with others to address the growing
challenges of industry fragmentation and a breakdown of trust.
As a
leading global cybersecurity solutions provider, Kaspersky Lab has always been
committed to the most trustworthy industry practices, including strong
protection for transmitted data, strict internal policies for data access,
ongoing security testing of its infrastructure, and more.
With this new set of measures, Kaspersky Lab
aims to significantly improve the resilience of its IT infrastructure to any
trust risk – even theoretical ones – and to increase its transparency to
current and future clients as well as to the general public.