Global cyber security firm Kaspersky Lab has confirmed plans to transfer data of its customers based in Europe, North America, Singapore, Australia, South Korea and Japan to a new data center located in Switzerland.
The move follows accusations of spying for the Russian state, which have mired the company’s reputation worldwide. Kaspersky Lab continues to deny the allegations, but has acknowledged that the international community’s concerns must be addressed.
The facility, due for launch in late 2019, will be built in Zurich, the country’s financial capital, at a cost of £12 million ($16.26m). As well as moving select customers’ data out of Russia, the company is planning to relocate its programming team to Switzerland, where it will open a “transparency center” to allow foreign bodies to verify and vet its anti-virus software as it is being developed.
Additionally, an independent organization will be created to supervise the implementation of new processes throughout Kaspersky Lab.
Cutting the Kremlin cord
Under Russian law, businesses are required to collaborate with law enforcement and intelligence agencies if requested to do so. With all of Kaspersky Lab data centers located within Russian borders, ascertaining that customer data is safely kept out of the government’s reach is nearby impossible.
Switzerland is known for its tough data privacy regulations, and thus will provide an appropriate location for Kaspersky to prove its willingness to uphold security and privacy standards.
Anton Shingarev, Kaspersky Lab’s VP for public affairs, told the Financial Times that the company needs to “show customers we are taking them seriously.”
Co-founder and CEO Eugene Kaspersky said: “In a rapidly changing industry such as ours we have to adapt to the evolving needs of our clients, stakeholders and partners. Transparency is one such need, and that is why we’ve decided to redesign our infrastructure and move our data processing facilities to Switzerland. We believe such action will become a global trend for cybersecurity, and that a policy of trust will catch on across the industry as a key basic requirement.”
Alerts from the international intelligence community suggested that the company has been collecting sensitive customer data on behalf of the Russian establishment (perhaps knowingly, or perhaps not) and that using its software would put one’s systems at risk.
UK government departments and US agencies were subsequently banned from using the software. And despite Kaspersky Lab’s assurances that it has never colluded with Russian officials, followed by its decision to build the Swiss facility, a level of wariness remains: earlier today, the Netherlands outlawed any use of the Kaspersky anti-virus software at the national government level, and has advised that key infrastructure providers avoid its use.
The UK’s National Cyber Security Centre (NCSC) chief executive, Ciaran Martin, stated that the move constituted a ”step in the right direction,” but that it would require further assurances from the company to drop its ban on the software.