Kaspersky
Solved

Kaspersky Security Network - Data Processing Location(s)

  • 23 March 2021
  • 3 replies
  • 61 views

Where does Kaspersky process Kaspersky Security Network related data from various geographic locations? From the documentation I have been able to find, I know Kaspersky maintains a facility in Switzerland. However, it is not clear to me that all data, or if any data, related to the Kaspersky Security Network is actually processed there. In particular, where is the data from Canada sent for processing?

icon

Best answer by Schulte 23 March 2021, 01:01

Hello @Gandalf, Welcome.

Please see

The next level of Data Protection!

Malicious and suspicious files voluntarily shared by users of Kaspersky products in Europe, the United States, Canada and several countries in the Asia-Pacific region* are processed and stored in two data centers in Zurich. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

https://www.kaspersky.com/transparency-center

 

View original

3 replies

Userlevel 7
Badge +7

Hello @Gandalf, Welcome.

Please see

The next level of Data Protection!

Malicious and suspicious files voluntarily shared by users of Kaspersky products in Europe, the United States, Canada and several countries in the Asia-Pacific region* are processed and stored in two data centers in Zurich. These provide world-class facilities in compliance with industry standards to ensure the highest levels of security.

https://www.kaspersky.com/transparency-center

 

Thanks. I didn’t find that information in my initial search.

I do have a follow-up question based arising from the reference you provided. The paragraph below the one you quoted in your response states …

“In addition, TÜV AUSTRIA has certified that Kaspersky applies a management system in line with the ISO/IEC 27001:2013 standard in the delivery of malicious and suspicious files using Kaspersky Security Network (KSN) infrastructure, as well as safe storage and access to these files in the company’s Distributed File System (KLDFS). This include the company’s data centers in Zurich, Switzerland; Frankfurt, Germany; Toronto, Canada; and Moscow, Russia.”

The initial reference you provided indicates that the files “are processed and stored in two data centers in Zurich””. In additional to being process/stored in Zurich, does the reference to the Distributed File System (KLDFS) highlighted in the the paragraph include the “malicious and suspicious files voluntarily shared by users of Kaspersky”? Most notably, are these user provided files then also stored on servers in Moscow?

Userlevel 7
Badge +7

Hello @Gandalf,

this question can only be answered definitively by a Kaperky employee who is familiar with KLDFS.

In any case, from my point of view, it does not make sense that a virus analyst in Moscow would not have access to the malware that arrived in Zurich.
What he doesn't need, however, is the donor's personal data.
From a malicious MS Office file, he only needs the macros or the VBS. This can be very easily separated from the possibly private data. The .docx, .pptx or .xslx files are structured like a ZIP archive.
This seems to be ensured by KLDFS, the certification attests that.
Every participant gets only the data he really needs.

Reply