Kaspersky Lab is opening a Transparency Center in Madrid, which in addition to a similar center opened in 2018 in Zurich, will serve as a trusted facility for the company’s partners and government stakeholders to come and check source code of the company’s products. In addition to being a code review facility, the new center will function as a briefing center where guests will be able to learn more about Kaspersky Lab’s engineering and data processing practices. The center will open for its first visitors in June.
The new center is being opened as part of the company’s Global Transparency Initiative – a set of measures being brought to life in order to fulfill growing demand from partners and government stakeholders for more information on how the Kaspersky Lab’s products and technologies work.
Since the company opened its first Transparency Center in Zurich in November 2018, it has been receiving requests from business customers to learn more about how it is transparent, including queries on product functionality and data processing. Along with being a place to undertake “standard” source code review, the Spanish facility will also serve as a briefing center, where visitors can learn more about the company’s portfolio, engineering and data processing practices.
This information will be delivered in an easily accessible way. The company has developed a review system, offering multiple options that adjust in line with what visitors are specifically interested in learning about. This system offers multiple review options, from a general non-technical overview of the company’s engineering practices and data protection standards, through to a deep and comprehensive review of the critical parts of the company’s source code. More information about the available options can be found on the Transparency Centers website.
Previously announced plans to open Transparency Centers in Asia and North America by 2020 are still ongoing.
In addition to the opening of the new Transparency Center, the company is publishing the results of a voluntary third-party legal assessment aimed at providing an independent evaluation of the obligations the company adheres to in line with Russian legislation. Conducted by a prominent Russian and international law expert, Dr. Kaj Hober, Professor of International Investment and Trade Law at Uppsala University in Sweden, the analysis covers three Russian laws related to data processing and storage*, which were widely reported as the ones which Kaspersky Lab – being a Russian based company – is obliged to comply with. The results following the analysis are freely available online and provide an unbiased and fair legal assessment to the company’s customers and partners looking for reliable information about Kaspersky Lab. Based on Dr. Kaj Hober’s review, the company does not fall under obligations of those legal acts primarily due to the nature of its activities.
“We see that businesses are most concerned about sensitive questions relating to data management processes – how data is stored and processed, and what the company does to keep users’ data safe. To meet those needs, we decided to open an additional Transparency Center where European clients, governments and regulators can receive answers to all their questions. This motivation was also behind our initiative to conduct a legal assessment,” says Anton Shingarev, Vice-president for Public Affairs at Kaspersky Lab.
“We understand that in the current geopolitical climate, when different countries create very different laws related to data processing, some of our partners and clients need as much information as possible in order to make the best possible choice of cybersecurity products and services. We are happy to provide them with such information because this is what the Global Transparency Initiative was originally created for. We are also happy to continue to extend the scope of the initiative and increase the number of measures supporting it.”
Kaspersky Lab’s Global Transparency Initiative was announced in October 2017 and continues to make good progress. In particular, the company:
• Started relocating customer data storage and processing infrastructure from Russia to Switzerland. Since November 13, 2018, threat-related data coming from European users is being processed in two datacenters in Zurich. The relocation of file processing is expected to be complete by the end of 2019.
• Has been working with one of the Big Four professional services firms on an audit of the company's engineering practices around the development and release of its anti-virus bases. This has the goal of independently confirming their adherence with the highest industry security practices. A final SOC 2 (The Service and Organization Controls) report for this assessment under the SSAE 18 standard (Statement of Standards for Attestation Engagements) is planned for Q2 2019.
• Has been developing the Bug Bounty program. Since the announcement of the program’s extension, the company resolved more than 50 bugs reported by security researchers and awarded more than $17,000 in bounty rewards. We recently extended the scope of products available for review, giving security researchers the possibility to research Kaspersky Password Manager and Kaspersky Endpoint Security for Linux among others.
Kaspersky Lab believes that today’s ultra-connected global landscape requires increased transparency and continues to implement concrete measures that further demonstrate our enduring commitment to assuring the integrity and trustworthiness of the company’s solutions in the service of our customers.