The year 2023 marks the five-year anniversary of Kaspersky’s Global Transparency Initiative (GTI), the company’s flagship program which aims to set an industry benchmark in tackling supply chain risks. As the overall attitude regarding risks associated with the use of third-party software is growing and businesses and regulators are keener to know how safe the software they use is, Kaspersky announces its plans to further expand the initiative by growing its network of Transparency Centers worldwide and broadening source code review options.
Demand for greater digital trust is increasing amid a growing tendency toward digital sovereignty, with major milestones set by the emergence of regulations such as the European Cyber Resilience Act proposal. The latter has raised questions about the evidence-based criteria of appropriate digital products and measures to verify their compliance, with universal trust-building frameworks in demand as never before.
Aimed at highlighting the trustworthiness of Kaspersky solutions and promoting transparency standards in the cybersecurity industry as a whole, the GTI has been developing and growing in scale, with the company’s total investment in the project having totaled US$7.9 million since its launch. Today, the GTI encompasses six main pillars, namely data relocation, opening of Transparency Centers worldwide, regular independent audits, vulnerability management program, educational Cyber Capacity Building Program, and Transparency Reports.
One of the GTI’s early actions was the relocation of the cyberthreat-related data received from users of Kaspersky products to data centers in Switzerland, known for its robust data protection and neutrality. Today, the data of Kaspersky users in Europe, North and Latin America, the Middle East, and also several countries in the Asia-Pacific region is stored and processed in two data centers in Zurich.
“At Kaspersky, we have always been extremely serious about how we protect user data. To ensure the data our customers trust us with is secure, we’ve been following an integrated approach, bringing our data management practices in compliance with the leading industry standards,” comments Anton Ivanov, Chief Technology Officer at Kaspersky. We have also invited third-party auditors to verify this and also chosen world-class facilities in compliance with industry standards for data storage and processing. With this holistic view, we hope to give the users of Kaspersky products a complete peace of mind on the security and privacy of their data.”
Together with the data relocation launch, Kaspersky started creating its global network of Transparency Centers — facilities where customers and partners as well as government regulators responsible for cybersecurity can check the integrity of the company’s solutions by reviewing their source code and also learn more about the company’s internal processes. Since the opening of the first Transparency Center in Zurich in November 2018, Kaspersky has opened eight more centers in Europe, North and Latin America, and also Asia-Pacific. To date, Kaspersky has organized briefings for nearly 60 requesting parties at its Transparency Centers worldwide, including national regulators and businesses from around the world.
By mid-2024, Kaspersky plans to expand its network of Transparency Centers to the Middle East and Africa and open its first Transparency Centers in each region, along with setting up a new center in the Asia-Pacific region. The three new facilities will serve as briefing centers for the company’s stakeholders to find out more about Kaspersky’s internal engineering and data management practices, but also about applicable industry standards and best practices.
In addition, Kaspersky is expanding the scope of the source code review offering at its Transparency Centers. Previously, Kaspersky offered for review only the source code of its flagship consumer and enterprise products, but starting from July 2023, the company is removing limitations in this regard and making the source code of all of its on-premise solutions available for our enterprise customers and partners. The decision came as a result of customers’ heightened interest in the inspection of source code of additional Kaspersky products. Another novelty in the offering of Kaspersky’s Transparency Centers will be the results of Kaspersky’s products self-certification, including such elements as design documents and threat models that relates to the recommendations outlined in the European Cyber Resilience Act proposal.
“When Kaspersky launched its Global Transparency Initiative, it was a pioneer in advancing digital trust and advocating vendor accountability to its customers,” comments Yuliya Shlychkova, Public Affairs Director at Kaspersky. “But today we see that transparency is in increasing demand by organizations worldwide, which are taking a more mature attitude toward their cyber protection and paying more attention to the reliability of their software vendors. This proves Kaspersky to be a visionary, anticipating the industry’s future areas of development and trends to reign.”
Other GTI highlights include: