VK (IT Infrastructure)

2024

VK stocked up on equipment worth billions of rubles and creates new data centers

VK's capital expenditures in 2023 amounted to 32.4 billion rubles. The company forms reserves of network and server equipment, invests in the construction of its own data centers in order to scale, increase the reliability and resiliency of the infrastructure, as well as in the introduction of advanced technologies and product development, according to the annual report of VK for 2023.

In 2023, the concepts of new VK data centers in Moscow, St. Petersburg and the Leningrad Region were developed, indicated there. But VK chose not to disclose details yet: "Projects for the construction of new data centers are at different stages of development, we will announce an additional commissioning," the company told TAdviser.

VK

Maintenance of the IT infrastructure of VK products and the development of the VK data center network is carried out by its subsidiary M100. In the interests of the latter, at the end of March 2024, a qualification selection was carried out for the right to be included in the register of potential participants in procurement for the functions of a general designer for the implementation of design and survey work in the field of data center construction^[1]

It follows from the published terms of reference that VK conceived the design of four data centers in various regions of the Russian Federation with a full capacity of 5 to 20 MW. The document specifies that we are talking about the design of only new buildings and structures on the land plot, without reconstruction.

As of the end of 2023, VK had two data centers - in Moscow and in the Leningrad Region. In the reporting period, the company continued the construction of another data center, in Domodedovo. In early June, Glavgosstroynadzor of the Moscow Region announced the completion of work on its construction. The building has an area of ​ ​ about 5.4 thousand square meters. m there are areas for unloading and unpacking equipment, machine rooms, communication centers, power supplies and batteries.

From 2021 to 2023, electricity consumption by VK data centers increased from 53 million kVt⋅ h to 59.7 million kVt⋅ h. This is due to their modernization and a change in the calculation system, the company explains. Also, the growth of the indicator is influenced by the increased load of data centers associated with an increase in the audience of VK services and an increase in the consumption of content by users.

VK directs efforts to reduce specific power consumption through the most efficient use of IT equipment, modern cold supply systems, power supply and distribution, as well as redundancy schemes that minimize the number of losses during power transmission. In 2023, the company established an increased temperature regime for IT equipment, which allows you to spend less energy on air cooling. In this case, the thermal overload of server rooms is used for heating warehouses.

Payment of 240 million rubles to security researchers

VK has processed over 18 thousand reports from baghunters and paid more than 236 million rubles over 10 years of the Bug Bounty vulnerability search program. The company announced this on April 16, 2024.

VK is one of the first companies in to Russia pay external security researchers for vulnerabilities found. VK launched its own Bug Bounty program on the platform in HackerOne April 2014. The first project was, Mail Mail.Ru later added and. social networks Vkontakte Over the OK entire period of cooperation with HackerOne, VK received more than 16 thousand reports, which made it possible to significantly strengthen the protection of the company's products. The total amount of payments exceeded 185 million rubles, and the maximum reward for critical vulnerability reached 1.5 million rubles.

In 2022, VK placed the Bug Bounty program on the Standoff365 and BI.Zone Bug Bounty platforms, in early 2023 - on BugBounty.ru, thus becoming a company represented on all domestic platforms. During working with Russian partners, the company processed over 2.5 thousand reports and paid more than 52 million rubles to external security researchers. In 2023, the total remuneration exceeded 39 million rubles, which is three times more than in 2022, and the maximum lump sum payment amounted to 2.4 million rubles.

Since 2014, VK has been developing a baghunter community that helps us further test the safety of our products. In 2024, we rethought the generally accepted approach to payments in the industry: we abandon fixed maximum amounts and implement the Bounty Pass mechanism, which applies a progressive reward scale taking into account the personal achievements of the baghunter. On the occasion of the 10th anniversary of VK Bug Bounty, the program budget in 2024 will exceed 200 million rubles, - said Anton Karpov, Vice President, Director for Information Security of VK.

2023

Construction of own data centers in Moscow and St. Petersburg for tens of billions

VK has started building its own data centers in Moscow and St. Petersburg and will spend tens of billions on them. This became known in mid-May 2023.

According to Vedomosti, the Internet holding, in addition to the Pakhra data center in the town of Domodedovo near Moscow, which is scheduled to launch at the end of 2023, VK is going to build two more of its own centers in the Moscow region. The company also plans to invest in cloud infrastructure in St. Petersburg. By mid-May 2023, VK is completing the procedure for buying land for construction. The company will begin commissioning new data centers in 2025.

VK started building its own data centers in Moscow and St. Petersburg

VK told the publication that by mid-May 2023, the company uses the rental capacities of third-party providers and the capacities of its two own data centers in St. Petersburg and Moscow for 1200 racks in total.

VK may invest up to 40 billion rubles in the construction of centers within several years, suggested Linxdatacenter product manager Stanislav Bratchikov. This amount consists not only of the cost of purchasing servers, but also of land, power supply and equipment replacement during operation. Experts interviewed by the newspaper say that renting one rack costs VK 85-100 thousand rubles a year. The company leases about 3 thousand racks and spends 3-3.6 billion rubles on them annually, they say.

Vedomosti sources said that VK management, through the construction of its own data centers, wants to reduce rental costs and shift them to capital costs for the construction of its own capacities. At the same time, VK is likely to remain on the market of commercial data centers as a large tenant client, experts say.^[2]

VK names new CIO

As TAdviser found out, in March 2023, Roman Tretyakov was appointed VK Information Technology Director. His area of ​ ​ responsibility includes the management of the VK information technology department: the development and maintenance of back-office systems and internal services of the company. Read more here.

Placing a vulnerability search program on the BugBounty.ru platform

On January 24, 2023, VK announced the placement of its bug bounty program on the platform BugBounty.ru. The VK program for January 2023 includes 27 projects: VKontakte, Odnoklassniki, Mail.Ru Mail, RuStore and other services used by millions of Russians. For each vulnerability identified, security researchers can receive rewards from the company from three thousand rubles to 1.8 million rubles, depending on the level of criticality of the threat.

Millions of people use VK products, so our duty and the most important priority is to ensure the highest level of security of services and user data. Connecting our bug bounty program to all three domestic vulnerability search platforms allows us to attract the maximum number of security researchers to test the security of projects. In 2022, VK adopted more than 750 reports, the total amount of payments exceeded 13 million rubles, - said the vice president, director of information security at VK Aleksei Volkov.

We are glad that such a player in the Russian IT market has appeared on our site. It has an extensive community of baghunters, meets all the current requirements of bug bounty platforms and is actively increasing its functionality. We are confident that our platform will become an additional security tool in creating products and developing VK infrastructure, "said Luka Safonov, founder Bugbounty.ru.

2022

Payment of white hackers more than 37 million rubles

For 2022, in which the VK bagbount program began to be implemented on a domestic platform, the company paid a total of more than 37 million rubles to white hackers. At the same time, the strategic goal of the IT company is to ensure the full integration of baghunters into the information security architecture due to the effective results of such programs.

VK is one of the first Russian companies to begin integrating the work of white hackers into the information security infrastructure, initially providing a large number of products of its own ecosystem. After the departure of Western vendors from the Russian market (including HackerOne), the company switched to domestic analogues of system placement platforms, primarily to The Standoff 365 Bug Bounty, developed by Positive Technologies. As of December 2023, 34 programs of the company are presented on the platform, including Mail, social networks "VKontakte" and Odnoklassniki, as well as Cloud, shared with TAdviser on December 5, 2023 in the press service of the State Duma deputy RFAnton Nemkin.

The driver of the development of "bagbounty" was products Mail.ru. Thus, security vulnerabilities were discovered, as well as violations of general business logic. At the same time, up to 70% of errors were detected in the client side. The most expensive discovery of the vulnerability cost the company 3,213,000 rubles.

Bagbounty is an effective tool for ensuring information security, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications.

"In the context of the growth of cyber attacks on business and the state, the issue of information security is especially acute. You need to understand that one of the advantages of an attacker is that he acts outside the rules and often shows flexibility, thinks outside the box. At the same time, the information security policy of many companies is often, on the contrary, a monolithic and sometimes clumsy system that cannot show the very flexibility in trying to detect threats and respond to them in a timely manner. Therefore, the work of "white" hackers should be considered as an additional tool for assessing their own protection, which often shows effective results, "the parliamentarian is convinced.

Meanwhile, active work continues in Russia to legalize the activities of "white" hackers. According to the deputy, a package of bills aimed at legalizing the work of white hackers was recently prepared. In particular, it is proposed to amend the Criminal Code (Criminal Code) of the Russian Federation, the Civil Code of the Russian Federation, as well as the federal law "On Information, Information Technologies and Information Protection."

"Despite the fact that the work of" white "hackers is of obvious benefit, the hackers themselves continue to be in a vulnerable legal situation, which is unacceptable. At the same time, the Ministry of Digital Development adheres to this position, which launched the second stream of the bagbounty program, "added Anton Nemkin.

2.5-fold increase in cybersecurity budget

On December 28, 2022, it became known about VK's decision to increase the budget for information security by 2.5 times. We are talking about expenses in 2023, the vice president and director of information security of the Aleks ei Volkov holding told TASS.

According to him, in the second half of 2022, more than 100 specialists began to work at VK, who came "from information security departments of organizations in various sectors of the economy."

VK Holding Office

We plan to recruit employees in 2023, but we will not disclose specific plans yet, "Volkov said.

He stressed that in 2022 VK strengthened the direction that provides the so-called practical security - the protection of infrastructure and applications, and also created a customer protection department and updated the VK Protect program aimed at protecting users. The company began to transform its security operations center (or Security Operation Center) to identify attack attempts as early as possible and reduce the time to respond to an incident.

The information security director of VK also revealed that this year the company repelled all cyber attacks on its services, their volume was comparable to cyber attacks on other companies in Russia.

The number of cyber attacks on our services has also grown. In general, we survived them in the same way as other companies - we faced a comparable amount of DDoS attacks, point cyber attacks, and attempts to unauthorized access to our systems. All the attacks were repelled, "Volkov said.

At the same time, the largest number of cyberattacks survived the social networks "VKontakte" and "Odnoklassniki."

These sites have the most users, the volume of content, people spend a lot of time here, "Volkov explained. - We recorded the peak of cyber attacks in the first months of the year, then the growth dynamics decreased, - Volkov summed up.[3]

Placement of a vulnerability search program on the BI.Zone Bug Bounty platform

VK has placed its bug bounty program on the BI.ZONE Bug Bounty platform. BI.Zone announced this on November 21, 2022. Read more here.

Receiving 300 vulnerability reports from external experts

On October 18, 2022, VK announced that it had received 300 vulnerability reports from external experts for three months of the bug bounty program on the Standoff 365 Bug Bounty platform, developed by Positive Technologies. VK experts recognized more than half of the messages as significant, the vulnerabilities identified on their basis were eliminated. Read more here.

Joining The Standoff 365 vulnerability search platform from Positive Technologies

On August 8, 2022, VK announced its participation in The Standoff 365 Bug Bounty platform, developed by Positive Technologies. The IT company has placed a bug bounty program on the platform, which, with the help of external experts, helps to find flaws in the security system and fix them before being discovered by attackers. Read more here.

2021: $40,000 Researcher Bonus Payment

Mail.ru Group paid another bonus to the researcher in the amount of 40,000. dollars This became known on July 8, 2021. More. here

2019: Mail.ru Group upgrades servers and reduces number of data centers in Russia

In 2019, the Mail.ru Group reduced the number of data centers used in Russia from 11 to 9, and abroad, on the contrary, increased - from 2 to 3 data centers, follows from the company's annual report published in April 2020. Russian data centers of the company are located in Moscow and St. Petersburg, foreign - in Amsterdam (Netherlands) and San Jose (USA).

Changing the total number of data centers is normal practice. We rent part of the capacity, as products from small data centers grow, we "move" to larger ones. This is a common optimization, - explained TAdviser in the Mail.ru Group.

In 2019, Mail.ru Group increased both capacity and the number of servers "(photo - Mail.ru)"

In 2019, the total number of servers in the company's data centers increased. So, in Russian data centers there were 58.5 thousand servers, in foreign - 1.55 thousand, indicated in the annual report. In 2018, there were 56.3 thousand and 1.4 thousand, respectively.

At the same time, the performance of the servers used has increased, according to the Mail.ru Group. The report states that many hardware upgrades have been carried out, which has achieved a balanced configuration based on the latest processors and avoided a large increase in computing equipment.

Replacing old servers with new servers has improved the average efficiency of a single server. At the same time, as projects expand and the load on them increases, the total number of servers still increased. In 2019, the need to expand capacity increased in proportion to the development and scale of products, - explained TAdviser in the Mail.ru Group.

The total cost of servers and computers owned by the Mail.ru Group from December 2018 to December 2019 increased by 21%, to 5.084 billion rubles, follows from the company's annual report. We are talking about the net book value less accumulated depreciation. And the cost of servers and computers, including depreciation charges, in 2019 amounted to about 16.5 billion rubles, an increase of 25%.

According to the Mail.ru Group, in 2019, the peak volume of network traffic increased to 6.9 terabits/s, and the total amount of outgoing data reached 10.856 petabytes. In 2017, similar values ​ ​ were 5.24 terabits/s and 10.249 petabytes, respectively.

The Mail.ru Group suggests that in 2020 they will need additional capacity, as the audience of the vast majority of projects and user involvement are growing, the company noted.

2018: The cost of Mail.ru Group's IT infrastructure has grown 3.3 times in 5 years

The total cost of servers and computers owned by the Mail.ru Group from December 2013 to December 2018 increased 3.3 times, to 4.195 billion rubles, follows from the company's annual report.

We are talking about the net book value less accumulated depreciation. The cost of servers and computers, including depreciation, in 2018 amounted to 13.146 billion rubles, which is about 4.4 times higher than in 2013.

In total, Mail.ru Group uses 11 data centers. Some of them belong to her, and some are rented. The company's two data centers are located in the Netherlands and the United States to serve customers in Europe and North America.

According to the report, in 2018 there were about 57.7 thousand servers in the data centers of the Mail.ru Group, 1.4 thousand of which were in foreign data centers. Compared to 2017, the total number of servers that the company uses has decreased: then there were more than 67 thousand of them.

VKontakte data center "(photo - VKontakte blog on habr.com)"

In 2018, the Mail.ru Group optimized its server infrastructure, as a result of which the number of servers it uses decreased by 15%, the company said in its annual report. At the same time, the company replaced old computing systems with new higher density, which allowed to increase the total total capacity of servers and reduce operating costs, says Mail.ru Group.

According to the Mail.ru Group, in 2018, the peak volume of network traffic increased to 5.86 terabits/s, and the total amount of outgoing data reached 10.856 petabytes. In 2017, similar values ​ ​ were 5.24 terabits/s and 10.249 petabytes, respectively.

Servers and social media infrastructure accounted for the bulk of fixed asset investments in 2018. In total, the volume of such investments increased by 70.9%. The Mail.ru Group explains their growth by the need to comply with the latest changes in Russian legislation. The total capital expenditures of Mail.ru Group in 2018 increased by 51.7%, to 6.648 billion rubles.

Among the new services provided on the basis of the computing infrastructure of the Mail.ru Group since 2018 are PaaS service for analyzing Big Data, a number of SaaS services, cloud computing based on Nvidia GPUs.

For comparison, the total cost of Yandex's IT infrastructure in 2018 amounted to 49.57 billion rubles, an increase of 45%. This amount includes the cost of servers and network infrastructure less accumulated depreciation. Read more here.