Since the Trump administration in 2017 banned agencies from using Kaspersky software over Russian spying fears, Kaspersky has made several attempts to refute these allegations. In 2019, Kaspersky extended its collaboration with INTERPOL by signing a new five-year cooperation agreement. Kaspersky offers INTERPOL security experts and training, while they actively share current cyber threat information.
The aim of opening ‘Transparency Centers’ across the U.S. was to engage the broader cybersecurity community and stakeholders in validating and verifying the trustworthiness of its products, internal processes, and business operations.
As such, the company has also provided the source code of its software for independent reviews, undertaken a number of third-party assessments including the SOC2 audit by a ‘Big Four’ auditing company, and has attained ISO27001 certification for its data services. Kaspersky has also moved its data processing infrastructure from Russia to Switzerland and today announced the successful completion of this transition.
“Since we announced our Global Transparency Initiative with a number of bold steps, including data-processing and storage relocation, Kaspersky has not only reconfirmed its commitment to being a trusted partner, but anticipated expectations from the market and regulators,” said Eugene Kaspersky, CEO of Kaspersky. “In the three years since the announcement we have seen the major transformation of approaches and regulations in data security. We see that investment in trust and transparency is gradually becoming an industry standard, and I am proud of our company for being among the transparency pioneers and trailblazers.”
Reviewing Source Code
Kaspersky opens its Transparency Center in North America together with the CyberNB Association. CyberNB is a non-profit organization, based in Fredericton, New Brunswick, Canada, that takes an ecosystem approach to improving cybersecurity outcomes through engagement and collaboration with private sector, government, academia, knowledge- and skills-building, and talent acquisition and workforce development stakeholders.
The facility will start operating in early 2021. It will provide partners the opportunity to review its source code and to learn more about engineering and data-processing practices, as well as its product portfolio. Earlier in 2020, Transparency Centers in Sao Paulo and Kuala Lumpur became fully operational. Kaspersky has also relaunched its first Transparency Center in Zurich that has been relocated to the Interxion data center. Moving forward, Kaspersky will provide unique access to its customers and trusted partners to experience data security controls and to directly access the company’s data management practices for external review and examination.
“The work of our Global Transparency Initiative has been important in North America and we’re now accelerating our impact with the opening of a Transparency Center,” said Rob Cataldo, managing director, Kaspersky, North America. “Having a physical location in our region will open new doors for our customers, partners and interested stakeholders to experience all the center has to offer. We also look forward to working with CyberNB and further advocating for higher industry transparency standards through our partnership.”
Given the challenging travel and visitor restrictions, customers and partners now also have an opportunity to review the source code remotely. To request remote access to Kaspersky Transparency Centers, visit their website here.
“CyberNB is pleased that Kaspersky has joined our Critical Infrastructure Protection Network (CIPnet) and is excited to welcome the company to the Cyber Centre in early 2021,” said Tyson Johnson, CEO of CyberNB. “Kaspersky has demonstrated its commitment to transparency as a key component of customer trust, and we know the company will be actively involved with fellow CIPnet members on many important research and development initiatives going forward.”
Data Storage and Processing
In addition to Europe, the United States, and Canada, Kaspersky has also relocated data storage and processing for a number of Asia-Pacific countries. The list of Asia Pacific countries includes Australia, New Zealand, Japan, Bangladesh, Brunei, Cambodia, India, Indonesia, South Korea, Laos, Malaysia, Nepal, Pakistan, Philippines, Singapore, Sri Lanka, Thailand, and Vietnam.
The customer threat-related data shared by users who are based in these locations is now processed in two data centers in Zurich, Switzerland, and includes suspicious or previously unknown malicious files that the company’s products send to the Kaspersky Security Network (KSN) for automated malware analysis.