Kaspersky lab relocates data processing to Switzerland

Kaspersky Lab is adapting to the needs of an ultra-connected world. A world in which people and organizations require greater transparency and trust. Starting from 2018, we are redesigning our infrastructure and moving the location for where we store and process some of our data, and build new software: the stuff that keeps our customers the world over safe from existing, new and emerging threats.

Data, Software Assembly and more...

Within the framework of our Global Transparency Initiative we are relocating to Switzerland the data storage and processing for a number of regions as well as our software assembly infrastructure. We have also opened our first Transparency Center in the country.

User Data

User Data

Information received from users of Kaspersky Lab products in Europe, to be followed by other countries including the U.S., Canada, Australia, Japan, South Korea and Singapore, will be processed and stored on Swiss servers.

Software Assembler

Software assembly

Relocation of assembly line of Kaspersky Lab products and threat detection rule databases (AV databases) to Switzerland, where they will also be signed with a digital signature before delivery to the endpoints.

Transparency Center

Transparency Center

A facility for trusted partners and government stakeholders to review the company's code, software updates and threat detection rules. By 2020, Transparency Centers will also be opened in Asia and North America.

How it works

Why Switzerland?

- Long and famous history of neutrality, similar to our policy for the detection of malware: we detect and remediate any malware attack

- Robust approach to data protection legislation

The Independent third-party organization

A new, non-profit organization qualified to conduct technical software reviews. The organization is currently working to onboard several partners.

TRANSPARENCY CENTER IN ZURICH

Kaspersky Lab’s first Transparency Center is now open in Switzerland and serves as a facility for trusted partners to access reviews of the company’s code, software updates and threat detection rules, along with other activities. Through the Transparency Center, we will provide governments and partners with information on our products and their security, including essential and important technical documentation, for external evaluation in a secure environment. Kaspersky Lab will prepare bi-quarterly public reports on every entry to the Transparency Center.

No other cybersecurity provider has done anything as far reaching as this. In opening the Center, Kaspersky Lab makes a significant step towards becoming completely transparent about its protection technologies, infrastructure and data processing practices.

To request access to the Transparency Center, please contact TransparencyCenter@kaspersky.com




The next level of Data Protection!

While Kaspersky Lab’s current data protection practices are implemented in accordance with the highest industry standards and provide an extremely high level of security for any information processed by the company’s products and services, the company continuously improves its procedures for the protection of its customers’ data.

From November 13, malicious and suspicious files voluntarily shared by users of Kaspersky Lab products in Europe have started to be processed in two datacenters in Zurich. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

The integrity and security of data processing and storage from users of Kaspersky Security Network’s (KSN) will be regularly checked and confirmed by an independent, third-party, Swiss-based organization. Moreover, every interaction between the data centers and Kaspersky Lab’s security researchers around the world will be logged, and assessed if needed by the organization.


How our trusted Software Assembler works

Conveyor

Latest news on the Global Transparency Initiative

To keep you up-to-date with news on the relocation to Switzerland and the other activities that form part of our Global Transparency Initiative, we’ll be posting regular updates and progress reports in this section.


Our answers to your questions

  • Why is it important?

    Supply chain issues and ‘balkanization’ are major challenges for the security of today’s ultra-connected global landscape. To overcome them, the world needs trust and transparency in cybersecurity. We believe that companies will need to increase transparency in their products and business operations in order to earn and maintain trust. Our new measures demonstrate our approach for achieving that: through tangible, practical steps implemented within the overall framework of our Global Transparency Initiative

  • What is Kaspersky Lab’s Global Transparency Initiative?

    Kaspersky Lab’s Global Transparency Initiative (GTI) is a reaffirmation of the company’s commitment to earning and maintaining the trust of its most important stakeholders: its customers. It includes a number of actionable and concrete measures to involve external independent cyber security experts and others in validating and verifying the trustworthiness of the company’s products, its internal processes and business operations, and to introduce additional accountability mechanisms by which the company can further demonstrate that it addresses any security issues promptly and thoroughly.

    In the context of GTI, the storage and processing of user data from some regions, shared voluntarily with the Kaspersky Security Network, together with our software development infrastructure will all be relocated from Russia to Switzerland.

    In addition, in November 2018 we opened our first Transparency Center, in Switzerland, which will serve as a facility for trusted partners and government stakeholders to review the company’s code, software updates, and threat detection rules.

  • Why did you decide to relocate infrastructure?

    The relocation reflects our willingness to address customer concerns by, firstly, moving some of our data storage and processing to a neutral region while maintaining our high global standards of data security and integrity. And secondly, by assembling software and database updates so that an independent third party can easily ensure the source code from which final products and threat detection rule updates are assembled is the same as that available for security assessment in the European Transparency Center.

    This move further demonstrates our enduring commitment to assuring the integrity and trustworthiness of Kaspersky Lab solutions in the service of our customers, and to addressing any concerns outlined by regulators.

  • Why is data from some countries not moved to Switzerland, but will be processed in Russia? Based on what principle did you divide the countries for the relocation of data processing?

    The current list is an initial one. The list of countries for which data will be processed and stored in Switzerland will be further extended.

  • How will the relocation affect the data of other users?

    There will be no difference between Switzerland and Russia in terms of data processing. In both regions we will adhere to our fundamental principle of respecting and protecting people’s privacy, and we will use a uniform approach to processing users’ data, with strict policies applied.

  • What is a new independent, third party organization that will be reviewing your processes in Switzerland?

    Since transparency and trust are becoming universal requirements across the cybersecurity industry, Kaspersky Lab is supporting the creation of a new, non-profit organization to take on this responsibility, not just for the company, but for other partners and members who wish to join. The details of the new organization are currently being discussed and will be shared as soon as they are available.

  • What will be available for independent review and assessment in the Transparency Center?

    Trusted partners will have access to the company’s code, software updates and threat detection rules, among other things.

    The Transparency Center’s functions include:

    - Access to secure software development documentation
    - Access to the source code of any publically released product
    - Access to threat detection rule databases
    - Access to the source code of cloud services responsible for receiving and storing the data of Kaspersky Lab customers
    - Access to software tools used for the creation of a product (the build scripts), threat detection rule databases and cloud services

    Besides that, the Transparency Center will provide technical consultations on code and technologies.

  • Who is be able to review?

    The Swiss Transparency Center is open for inspections by trusted partners and government stakeholders. Please refer to our Access policy for more information.

  • What are further steps to be taken in the framework of Global Transparency Initiative?

    We will continue to expand our Transparency policy to further demonstrate that we address any security issues promptly and thoroughly. By 2020, two additional Transparency Centers will be opened, in Asia and North America. More information about our transparency principles is available here.