From Moscow to Zurich: Kaspersky Is Moving Customer Data Away from Russian Spies’ Reach
The Russian cybersecurity giant Kaspersky, desperate to regain trust after U.S. pushback against its alleged ties to Russian intelligence, is moving some of its key operations from Moscow to Zurich, Switzerland.
The antivirus maker said Tuesday that it’s moving its “assembly line” to Zurich so that its software can be finalized and verified by a third-party organization before making its way to customers.
Kaspersky is also moving the servers that store and process much of its Security Network information to Zurich, covering the data of customers in the U.S., Canada, Europe, Australia, Japan, South Korea and Singapore.
“We chose [Zurich] for two reasons,” Kaspersky said in a Q&A. “First, Switzerland has maintained its policy of neutrality for two centuries. Second, the country has strong data protection legislation. We believe these two qualities make Switzerland the perfect place to move part of our sensitive infrastructure.”
Kaspersky Security Network is the cloud-based system through which Kaspersky collects data from the computers of its business customers, in order to spot and combat threats.
The Department of Homeland Security last year banned federal agencies from using Kaspersky software because Russia’s intelligence agencies could force the company to help spy on its customers. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the department said at the time.
“Storing [the Kaspersky Security Network data] in Switzerland under the supervision of an independent organization means that any access to this data is meticulously logged—and the logs can be reviewed at any moment should any concerns arise,” Kaspersky said.
The relocation is part of Kaspersky’s “Global Transparency Initiative” and it creates the company’s first “transparency center.” It is common for companies with government contracts to allow the secure inspection of their code, to check for hidden backdoors, and that’s what will also be on offer at Kaspersky’s Zurich facility.
As for the third-party organization that will review Kaspersky’s source code and keep an eye on its employees’ access to customers’ metadata, Kaspersky said it “supports the creation of a new, non-profit organization to take on this responsibility, not just for the company, but for other partners and members who wish to join.”
The plan is to relocate Kaspersky’s “assembly line” by the end of this year, and the data processing side by the end of 2019. Kaspersky also says it will open transparency centers in North America and Asia by 2020.