RUSSIAN SECURITY OUTFIT Kaspersky is to relocate its core infrastructure to Switzerland as part of its transparency initiative. This means that, by 2020, customers based in Europe will have data stored and processed in Zurich, rather than Kaspersky's data centres in Moscow.
Activities moving west include core processes such as software assembly, threat detection updates and customer data storage, Kaspersky announced this week.
To improve transparency and integrity, the company said it is also looking for an independent third-party based in Switzerland to supervise its operations in order to assure customers that their data cannot be compromised by the Russian state.
Last October, the Moscow-headquartered company launched a worldwide transparency effort after the US claimed that the company had given Russian security agencies backdoor access to secretive data.
While unable to offer firm evidence of compromise, modern anti-virus software does scan files and sends data back to the software company for analysis. In one instance, this included US National Security Agency malware that a staffer had taken home to analyse.
As a result, the Trump administration banned government agencies and officials from using the Russian company's antivirus tools. The Dutch Government announced a similar move this week.
Kaspersky has repeatedly denied these allegations, but the company claims that it is working with others to "address growing challenges of industry fragmentation" and "a breakdown of trust".
After announcing the relocation plans, the firm said it understands that "trust is not given" and that it "must be repeatedly earned through transparency and accountability".
Next year, it is looking to build its first transparency centre in Zurich, where it will store and process data for users based not just in Europe, but also North America, Singapore, Australia, Japan and South Korea.
It said this information is shared voluntarily with the Kaspersky Security Network (KSN), which is a cloud platform that processes cyber threat data.
Zurich will also become home to the company's so-called "software build conveyer", a set of programming tools that can be used to create easily deployable software.
By the end of 2018, the firm's security products and threat detection rule databases will be assembled and signed with a Swiss digital signature.
Kaspersky said these plans will make sure that "newly assembled software can be verified by an independent organisation" and that "software builds and updates received by customers match the source code provided for audit".
Eugene Kaspersky, CEO of Kaspersky Lab, said the move will allow his firm to rebuild customer trust and deal with industry challenges.
"In a rapidly changing industry such as ours, we have to adapt to the evolving needs of our clients, stakeholders and partners," he said in a statement.
"Transparency is one such need, and that is why we've decided to redesign our infrastructure and move our data processing facilities to Switzerland.
"We believe such action will become a global trend for cybersecurity, and that a policy of trust will catch on across the industry as a key basic requirement." µ
The week in Google
The scandal that just keeps giving
Clip to the end....