Global Transparency Initiative status update

August 29, 2018

In October 2017 we announced the Global Transparency Initiative to prove that we have nothing to hide, so that our customers can trust us — not just because of what we say, but because of what we do.

We’ve faced a lot of false allegations of wrongdoings from different sources. Although there is not even a single fact presented to support those allegations, we believe it is our responsibility to prove that Kaspersky Lab can, and should, be trusted. There are fundamental reasons to put trust in us. This is what our Global Transparency Initiative is all about and here is where we are now.

Updated November 13, 2018

Our first Transparency Center is officially open, enabling authorized partners to access reviews of the company’s code, software updates and threat detection rules.

Starting today, we will also process all of the malicious and suspicious files shared by users of Kaspersky Lab products in Europe in our two world-class data facilities Zurich.

As promised, Kaspersky Lab has also contracted with one of the Big Four professional services firms to conduct an audit, under the SSAE 18 standard, of the company’s engineering practices around the creation and distribution of threat detection rule databases, to independently confirm their accordance with the highest industry security practices.

At what stage is Global Transparency Initiative right now?

As of 29 August, 2018, we’re making good progress. We’ve already implemented one major change, having raised our bug bounty rewards to $100,000. This, we hope, will make our products more secure and reliable. Today we’re glad to announce that things are moving on, and another part of the Global Transparency Initiative project has been initiated — we’ve started installing the equipment necessary for relocating our user data processing to Europe.

Kaspersky Lab has signed contracts with two European providers — Interxion and NTS — that will provide facilities to host our servers. To address concerns from public and private sector stakeholders regarding unauthorized access to customer data, these data centers will host the new infrastructure necessary to collect, process, and store customer data in Zurich, Switzerland, by the end of 2018. Relocating data processing and storage for European customers will begin later this year, with other countries to follow. Full relocation for European countries is planned to be finalized in Q4 2019.

The choice of location is rather obvious here — on the one hand, Switzerland is located in the heart of Europe, on the other, it is not part of EU, which makes it an independent country that can make its own decisions. And since one of the main principles of our Global Transparency Initiative is to show that we are independent, there’s just no better place than Switzerland to start.

Switzerland is also well known for its highly innovative and advanced IT landscape, and for its strict regulations on processing data requests received from authorities. So, our customer data will be stored and processed in one of the most secure locations in the world.

What is next for our Global Transparency Initiative

Other elements of our Global Transparency Initiative are also being developed.

We’re planning on opening our first Transparency Center in Switzerland. This is currently being set up and will be opened once we’re ready to start processing data in the Zurich data centers (this is scheduled for later this year).

Another part of our scope is moving the software and threat detection rules database assembly process to Switzerland. However, addressing concerns over unauthorized user data access was higher priority, so this move will happen after we have kicked off the data relocation process.

We’re determined to relocate the facilities that are tasked with customer data processing for other countries too. This is quite a complicated process, so in order to minimize any potential disruption in protecting our customers, we’ve decided to stick to an incremental approach. So we’ll get back to this after we’ve finished relocating the data processing facilities for European citizens to Switzerland.

The third-party code and processes review is also due to happen following the relocation, as we are now looking for a suitable partner.

Implementing the Global Transparency Initiative is a very important process for us. We’re absolutely confident that investing time and effort into this lengthy project is necessary to prove that Kaspersky Lab is fully transparent, independent, and has every reason to be trusted. Once we have more news about the ongoing processes of our Global Transparency Initiative, we’ll update this blog as well as our Transparency Center website, so that everyone can find information about our transparency-related activities in one place.