Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/18/2020
04:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Kaspersky Opens New Transparency Center in North America & Completes Data-Processing Relocation to Switzerland

The opening marks the realization of major measures initially announced within the Global Transparency Initiative.

Woburn MA – November 17, 2020 - Kaspersky is announcing the completion of major Global Transparency Initiative milestones by opening the company’s fifth Transparency Center in North America, and moving data storage and processing activities from Russia to Switzerland. With the increased transparency, the company calls for collaborative efforts to enhance the security and integrity of modern software products.

It’s been three years since Kaspersky, a leading global cybersecurity company, announced its Global Transparency Initiative (GTI) to pioneer a new approach for the cybersecurity industry based on greater transparency and accountability. The aim was to engage the broader cybersecurity community and stakeholders in validating and verifying the trustworthiness of its products, internal processes, and business operations. As such, the company has provided the source code of its software for independent reviews, undertaken a number of third-party assessments including the SOC2 audit by a Big Four company, and has attained ISO27001 certification for its data services. Kaspersky has also moved its data processing infrastructure from Russia to Switzerland and today announced the successful completion of this transition.

“Since we announced our Global Transparency Initiative with a number of bold steps, including data-processing and storage relocation, Kaspersky has not only reconfirmed its commitment to being a trusted partner, but anticipated expectations from the market and regulators,” said Eugene Kaspersky, CEO of Kaspersky. “In the three years since the announcement we have seen the major transformation of approaches and regulations in data security. We see that investment in trust and transparency is gradually becoming an industry standard, and I am proud of our company for being among the transparency pioneers and trailblazers.”

Kaspersky announces the opening of its North American Transparency Center in partnership with the CyberNB Association in New Brunswick, Canada.
In line with commitments made at the start of GTI in October 2017, the company opens its Transparency Center in North America together with the CyberNB Association. CyberNB is a non-profit organization, based in Fredericton, New Brunswick, Canada, that takes an ecosystem approach to improving cybersecurity outcomes through engagement and collaboration with private sector, government, academia, knowledge- and skills-building, and talent acquisition and workforce development stakeholders.

The facility will start operating in early 2021 and will become the company’s fifth location where Kaspersky partners will be provided with the opportunity to review its source code and to learn more about engineering and data-processing practices, as well as its product portfolio. Earlier in 2020, Transparency Centers in Sao Paulo and Kuala Lumpur became fully operational. Kaspersky has also relaunched its first Transparency Center in Zurich that has been relocated to the Interxion data center. Moving forward, the company will provide unique access to its customers and trusted partners to experience data security controls and to directly access the company’s data management practices for external review and examination.

“The work of our Global Transparency Initiative has been important in North America and we’re now accelerating our impact with the opening of a Transparency Center,” said Rob Cataldo, managing director, Kaspersky, North America. “Having a physical location in our region will open new doors for our customers, partners and interested stakeholders to experience all the center has to offer. We also look forward to working with CyberNB and further advocating for higher industry transparency standards through our partnership.”

“CyberNB is pleased that Kaspersky has joined our Critical Infrastructure Protection Network (CIPnet) and is excited to welcome the company to the Cyber Centre in early 2021,” said Tyson Johnson, CEO, CyberNB. “Kaspersky has demonstrated its commitment to transparency as a key component of customer trust, and we know the company will be actively involved with fellow CIPnet members on many important research and development initiatives going forward.”

Given the challenging travel and visitor restrictions, customers and partners now also have an opportunity to review the source code remotely. To request remote access to Kaspersky Transparency Centers, please follow this link.

The relocation of data processing and data storage, announced in November 2018, has been fully completed.
In addition to Europe, the United States, and Canada, Kaspersky has also relocated data storage and processing for a number of Asia-Pacific countries. The list of Asia Pacific countries which have become the part of the GTI relocation plans includes Australia, New Zealand, Japan, Bangladesh, Brunei, Cambodia, India, Indonesia, South Korea, Laos, Malaysia, Nepal, Pakistan, Philippines, Singapore, Sri Lanka, Thailand, and Vietnam.

The customer threat-related data shared by users who are based in these locations is now processed in two data centers in Zurich, Switzerland, and includes suspicious or previously unknown malicious files that the company’s products send to the Kaspersky Security Network (KSN) for automated malware analysis.

Product scope for Kaspersky’s Bug Bounty Program has been extended to include Kaspersky VPN Secure Connection.
Researchers can now submit vulnerability reports relating to Kaspersky VPN Secure Connection, including third-party software modules that are a part of the VPN solution. Overall, since March 2018, 76 bugs have been resolved, and 37 reports rewarded with total bounties equating to $57,750.

Within its GTI, the company has also completed other goals, including improvements to its Cyber Capacity Building program announced earlier in May. To learn more, please read the latest update here.

Moving forward, Kaspersky will continue to work with the community to prioritize transparency and accountability, and to enhance the security of modern software products, to further build consumer trust. The company has already supported and worked with the Geneva Dialogue on Responsible Behavior in Cyberspace – the international conversation on security of digital products, led by the Federal Department of Foreign Affairs (FDFA) of Switzerland and implemented by DiploFoundation.

The company’s core belief is that through collaborative multi-stakeholder efforts we are able to enhance confidence and trust in technology. We can therefore ensure that the digital future – cyber-secure and cyber-resilient – is not a scary unknown, but a place with endless opportunities for growth and prosperity.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.