Seeking to regain the trust of US and global customers, Russian cybersecurity firm Kaspersky Lab said on Wednesday it was moving some of its key operations, including customer data storage and software assembly, from Moscow to Zurich, Switzerland.
The company, founded by Eugene Kaspersky in 1997, was also making sure that all of its data storage and processing and source codes would be independently supervised by a third party qualified to conduct technical software reviews.
The security software firm has been under scrutiny in an escalating conflict in cyberspace between the United States and Russia regarding its alleged ties to Russian intelligence. Last year the US Department of Homeland Security banned federal agencies from using Kaspersky software on concerns that its software, used by companies and governments globally, might provide a secret backdoor into users’ computers for Russian intelligence officials. The Russian-based company has been accused of being a vehicle for hackers to steal security secrets from the US National Security Agency.
Federal Bureau of Investigation acting director Andrew McCabe said in May last year that the bureau does not use Kaspersky software on its networks due to these security concerns.
Kaspersky has said it is a pawn in a game between the US and Russia. Its anti-virus software is used by over 400 million people globally, including government agencies and some 270,000 corporate clients.
“We are implementing these measures first and foremost in response to the evolving, ultra-connected global landscape and the challenges the cyber-world is currently facing,” the company said in an emailed statement to The Times of Israel. “This is not exclusive to Kaspersky Lab, and we believe other organizations will in future also choose to adapt to these trends.”
“The overall aim of these measures is transparency, verified and proven, which means that anyone with concerns will now be able to see the integrity and trustworthiness of our solutions,” the company said.
Kaspersky’s Global Transparency Initiative, announced in October 2017, “reflects Kaspersky Lab’s ongoing commitment to assuring the integrity and trustworthiness of its products,” the company said in a separate statement. They also reflect the company’s commitment to addressing “the growing challenges of industry fragmentation and a breakdown of trust.”
Data storage and processing for a number of regions will be moved to Switzerland, the statement said. By the end of 2019, Kaspersky Lab will have established a data center in Zurich and in this facility will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow, the statement said.
Kaspersky Lab will also relocate to Zurich its “software build conveyer,” a set of programming tools used to assemble ready to use software. Before the end of 2018, its products and threat detection databases will start to be assembled and signed with a digital signature in Switzerland, before being sold worldwide.
“The relocation will ensure that all newly assembled software can be verified by an independent organization and show that software builds and updates received by customers match the source code provided for audit,” the statement said.
“The third-party organization will be assessing the trustworthiness of everything going on in our Zurich facility,” the company said in a Q&A sheet about its initiative. “This organization will have as much access as possible.”
The Russian firm inaugurated its new offices and R&D center in Israel last year.
The company said that these latest steps “do not impact our business operations in Israel, and for the time being data storage and processing for users in Israel will remain unchanged. The possibility of relocating this to Switzerland is under consideration.”
(This story was updated to include Kaspersky’s comment about its Israeli operations)