Kaspersky starts processing threat data in Europe as part of trust reboot

Security firm Kaspersky Labs has opened its first self-styled ‘Transparency Center’ and begun processing threat-related data from European users in data centers located in Switzerland — flipping the switch on the start of a relocation commitment it announced late last year in the face of suspicion that its antivirus software had been compromised by the Russian government and used to suck up US intelligence. 

The first stage of its fightback strategy to reboot trust, a code review plan, was announced a year ago.

Then, in May, the company announced it would be moving some core infrastructure processes to Zurich in Switzerland, saying also that it would arrange for its processes to be independently supervised by a third party qualified to conduct technical software reviews.

This facility has now begun processing data, starting with European users. Although this is just the start of the reconfiguration.

Software assembly will also move to Zurich in time — but not until phase two of the project, after processing for customers in other regions has also been relocated there.

It writes today:

From November 13, threat-related data coming from European users will start to be processed in two datacenters. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The data, which users have actively chosen to share with Kaspersky Lab, includes suspicious or previously unknown malicious files and corresponding meta-data that the company’s products send to Kaspersky Security Network (KSN) for automated malware analysis.

Files comprise only part of the data processed by Kaspersky Lab technologies, yet the most important one. Protection of customers’ data, together with the safety and integrity of infrastructure is a top priority for Kaspersky Lab, and that is why the file processing relocation comes first and is expected to be fully accomplished by the end of 2019. The relocation of other types of data processed by Kaspersky Lab products, consisting of several kinds of anonymized threat and usage statistics, is planned to be conducted during later phases of the Global Transparency Initiative.

By the end of 2019 the company has said the Zurich facility will be storing and processing all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries slated to follow in future. Kaspersky is not exiting Russia entirely, though, as products for the Russian market will continue to be developed and distributed out of Moscow.

The Zurich Transparency Center will also provide authorized partners with access to reviews of Kaspersky code, and software updates and threat detection rules — as well as functioning as a secure location where governments and partners can come and ask questions and review documentation.

We’d wager journalists will also be invited on inspection tours.

Commenting in a statement, CEO Eugene Kaspersky claims: “Transparency is becoming the new normal for the IT industry — and for the cybersecurity industry in particular.”

“We are proud to be on the front line of this process. As a technological company, we are focused on ensuring the best IT infrastructure for the security of our products and data, and the relocation of key parts of our infrastructure to Switzerland places them in one of the most secure locations in the world,” he goes on, reiterating that the the intent of the Global Transparency Initiative is to increase “the resilience and visibility of our products”.

Which of course sounds a lot better than saying it’s responding to a trust crisis.

“Through the new Transparency Center, also in Switzerland, trusted partners and governments will be able to see external reviews of our products and make up their own minds. We believe that steps such as these are just the beginning – for the company and for the security industry as a whole. The need to prove trustworthiness will soon become an industry standard,” he adds.

Kaspersky says it has engaged “one of the Big Four professional services firms” to conduct an audit of its engineering practices around the creation and distribution of threat detection rule databases — “with the goal of independently confirming their accordance with the highest industry security practices”.

We’ve asked which third party has been selected to oversee the facility.

“The assessment will be done under the SSAE 18 standard (Statement of Standards for Attestation Engagements). The scope of the assessment includes regular automatic updates of antivirus records, created and distributed by Kaspersky Lab for its products operating on Windows and Unix Servers. The company is planning the assessment under SSAE 18 with the issue of the SOC 2 (The Service and Organization Controls) report for Q2 2019,” it further notes.

A year ago the security firm also announced a hike in its bug bounty rewards — saying it would now pay up to $100K per discovered vulnerability in its main Kaspersky Lab products.

Since then it says it has fixed more than 50 bugs reported by security researchers, claiming several were “acknowledged to be especially valuable”.