Russian security software company Kaspersky Lab has announced plans to shift some of its infrastructure from Russia to Switzerland as it looks to regain trust following allegations that it had ties with state-sponsored espionage programs in Russia.
The allegations that surfaced last year suggested Kaspersky had built backdoors into its security software, enabling Russian intelligence agencies to spy on the U.S. Following an audit, it was found that around 15 percent of U.S. agencies had traces of Kaspersky Lab software on their machines, leading President Donald Trump to ban use of Kaspersky Lab software within the U.S. government.
While the value of the U.S. government’s business was minimal, the reputational damage from the fallout was far-reaching, as it led to retailers such as Best Buy pulling Kaspersky’s products. Elsewhere, the Dutch government announced yesterday that it was to begin phasing out Kaspersky Lab’s anti-virus software, while the U.K. government previously warned its various internal departments about the risks of using Russian security software, though bans were only implemented for departments specifically responsible for national security.
With Russia rarely out of the headlines for its alleged role in election meddling, Kaspersky Lab is now looking to distance itself from its domestic troubles by moving some of its data storage and processing infrastructure to Switzerland — a country often considered to have some of the strongest data privacy regulations in the world. Indeed, both Microsoft and Google have recently revealed plans to open datacenters in the region, and the country is home to encrypted email service ProtonMail.
Kaspersky Lab’s move will be overseen by an “independent third party, also based in Switzerland,” according to a statement issued by the company. By 2019, Kaspersky Lab will have an operational datacenter in Zurich that will underpin its business for customers in North America, Europe, Australia, Japan, South Korea, and Singapore. The company will extend support to additional countries from its Swiss hub at a later date.
Additionally, Kaspersky Lab said it will relocate its software assembly tools — used to turn source code into software — to Switzerland by the end of 2018. “The relocation will ensure that all newly assembled software can be verified by an independent organization, and show that software builds and updates received by customers match the source code provided for audit,” the company noted.
The move is part of Kaspersky Lab’s transparency initiative that was announced in September. Through this initiative, the company promised to allow third parties to review its source code and conduct independent reviews of its internal processes, as well as creating a trio of brick-and-mortar “transparency centers” to facilitate these reviews.
“The new measures are the next steps in the development of the initiative, but they also reflect the company’s commitment to working with others to address the growing challenges of industry fragmentation and a breakdown of trust,” Kaspersky said. “Trust is essential in cybersecurity, and Kaspersky Lab understands that trust is not a given; it must be repeatedly earned through transparency and accountability.”
The Kaspersky Lab saga also helps illustrate the power the U.S. government holds over international tech companies. China’s ZTE was banned by Washington last month, but this restriction extended to all U.S. firms, barring them from supplying ZTE with components and other technologies. ZTE was effectively crippled by the ban, which in turn led Donald Trump to acquiesce to pressure from China to alleviate some of the sanctions.