Kaspersky Labs has initiated a ‘World Transparency Tour’ to explain its view
Moscow-based Anton Shingarev, Vice President for Public Affairs and head of the CEO office spoke to the media conference. Stephan Neumeier Managing Director, Kaspersky Lab, APAC put a local perspective on the issues.
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move several core processes from Russia to Switzerland. This includes
- Customer data storage and processing for most regions.
- The opening of the first Transparency Centre.
- Software assembly, including threat detection updates to prove the code is clean.
- Supervision by an independent third party based in Switzerland.
The customer data comes from 400+ million endpoints. Users opt to share it with the Kaspersky Security Network (KSN). This is an advanced, cloud-based AI/ML system that processes cyberthreat-related data.
The software assembly issue is interesting. It is a ‘software build conveyer’ – a set of programming tools used to assemble ready-to-use software from source code. By the end of 2018, assembly and signing of Kaspersky Lab products and threat detection rule databases will have a Swiss digital signature. The software will be verified by an independent organisation to show that software builds, and updates received by customers match the source code provided for audit.
The source code of Kaspersky Lab products and software updates will be available for review by in a dedicated Transparency Centre.
Kaspersky hopes these measures will enable it to earn the trust that it needs to survive and thrive again.
Shingarev made some very good points.
First, no country should put at risk its critical infrastructure by using any security software that has not been thoroughly vetted and produced by a ‘friendly’ company. Does the US have such relationships? You bet.
Second, like all reputable security companies, Kaspersky Labs must cooperate with law enforcement and others with legitimate interests. If that means the FBI, CIA, Homeland, KGB, FSB, Europol, Scotland Yard or more then so be it. The Global Transparency Initiative to isolate data in Switzerland adds an extra layer of protection that other cybersecurity companies do not have.
Third, if you have nothing to hide you have no more worries about Kaspersky than using Amazon or any other cloud-based product. In fact, do not connect to the internet if you want to be secure. So, unless you are running critical infrastructure, then Kaspersky is as safe as it gets.
Finally, Kaspersky focuses on consumer, small business, corporate and enterprise (1000+ seats). It has won masses of cybersecurity awards. Nothing will stop them from detecting and preventing even state-sponsored malware from infecting its clients.
GadgetGuy’s take. A PR stunt or a sincere move to clear Kaspersky Labs name
Kaspersky Labs is ‘damned if it does, and damned if it does not’ try to clear its name. It is classic PR crisis management. Faced with this desperate situation, it could have done nothing, got on with business and tried to starve the oxygen from the fire. Or it could have reacted as it has.
On the one hand, critics are saying ‘Methinks thou doth protest too much’. But I can’t help but feel that it is also Eugene Kaspersky’s ‘personal’ moral response to the scurrilous treatment of him and his company. I think the response is sincere.