Margrith Appleby (Kaspersky)
Kaspersky has finalised the migration of its customers’ and partners’ data from Russia to Switzerland as part of its ongoing transparency initiative.
The relocation of data processing and data storage, initially announced in November 2018 as part of a broader transparency effort, includes the data of the company’s users across a number of regions, including Asia Pacific.
In addition to Europe, the United States and Canada, Kaspersky has now also relocated data storage and processing for a number of countries, including Australia, New Zealand, Japan, Bangladesh, Brunei, Cambodia, India, Indonesia, South Korea, Laos, Malaysia, Nepal, Pakistan, Philippines, Singapore, Sri Lanka, Thailand and Vietnam.
The customer threat-related data shared by users who are based in these locations is now processed in two data centers in Zurich, Switzerland, and includes suspicious or previously unknown malicious files that the company’s products send to the Kaspersky Security Network (KSN) for automated malware analysis.
The move comes roughly three years after the Russia-founded cyber security vendor announced its Global Transparency Initiative (GTI), aimed at introducing a new approach based on greater transparency and accountability.
In 2017, Kaspersky came under fire from the US government, with the Trump administration at the time telling US government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardise national security.
In November 2018, the company began processing malicious and suspicious files voluntarily shared by its European users in two data centers in Zurich.
The next step, according to the company, was moving data from customers from the United States and Canada — among other regions — to Switzerland, a process that is now complete.
“Since we announced our Global Transparency Initiative with a number of bold steps, including data-processing and storage relocation, Kaspersky has not only reconfirmed its commitment to being a trusted partner, but anticipated expectations from the market and regulators,” Kaspersky CEO Eugene Kaspersky said.
“In the three years since the announcement we have seen the major transformation of approaches and regulations in data security. We see that investment in trust and transparency is gradually becoming an industry standard, and I am proud of our company for being among the transparency pioneers and trailblazers,” he added.
Among the measures taken by the company is the release of the source code of its software for independent reviews, along with a number of third-party assessments including a SOC 2 audit by a 'Big Four' company, along with the attainment of ISO27001 certification for its data services.
A big part of the raft of measures was the migration of the company’s data processing infrastructure from Russia to Switzerland, along with the launch of so-called 'Transparency Centres’ in a number of regions, at which Kaspersky partners can review the company’s source code and learn more about its engineering and data-processing practices, as well as its product portfolio.
Earlier in 2020, Transparency Centers in Sao Paulo and Kuala Lumpur became fully operational. Kaspersky has also relaunched its first Transparency Center in Zurich that has been relocated to the Interxion data center.
Moving forward, Kaspersky plans to provide unique access to its customers and trusted partners to experience data security controls and to directly access the company’s data management practices for external review and examination
“For 23 years, Kaspersky remains at the forefront of developing cyber security technologies and with this announcement we continue to build trust and transparency with our customers and partners,” Kaspersky A/NZ general manager Margrith Appleby said.
