In a bid to ensure transparency and data integrity, Kaspersky Lab is moving a number of its core processes from Russia to a brand-new Transparency Centre. Based in Zurich, Switzerland, the new facility reflects the company’s determination to assure trustworthiness of its products, services and internal processes.
In a suburb of Zurich sits a nondescript building that, at first glance, appears not to differ from the average office block.
However, the high metal fence across the front, and the hefty metal gates, two of which visitors must pass through to reach the steps leading up to the lobby, indicate that this is no ordinary place of work.
Pass into the lobby and, on the left, is a large room filled with television screens showing images from the 200 or so CCTV cameras monitoring the building.
So, what makes security such a priority? Is there a vault of gold bars? Or perhaps high-value artwork or other such investments?
No, instead this facility safeguards what The Economist has described as “the oil of the digital era”: data.
One of the customers using this data centre, which is run by Amsterdam-based Interxion, is Kaspersky Lab, the Russian cybersecurity company.
Last year Kaspersky Lab’s revenues grew eight percent to $698 million, an impressive result that, in isolation, masks challenges the company has been facing.
As anyone involved in cybersecurity knows, concerns have been raised that Kaspersky Lab products have been used as an entry point for cyberespionage efforts by the Kremlin.
Over the past year, Kaspersky Lab – which describes itself as “the world’s largest privately held vendor of internet solutions for businesses and consumers” – has launched its Global Transparency Initiative (GTI), aimed at dispelling these fears.
A key part of the GTI is the relocation to two Zurich data centres, including this one, of the processing and storage of information for users in North America, Australia, Europe, Japan, South Korea and Singapore. The processing in Zurich of malicious and suspicious files from European users went live in November.
Build systems that compile and create Kaspersky Lab products and updates are also being relocated to Zurich, with a third-party monitoring the compilation and signing of software.
Also, Kaspersky Lab has set up a Transparency Centre in Zurich where customers and regulators can review code, software updates and threat detection rules.
More Transparency Centres – and associated data centres nearby – are due to be set up in North America and Asia by 2020.
At a recent Global Transparency Summit in Zurich, the company said it would consider opening one in Dubai too. It also predicted that its model of dispersing data and functions across the globe to increase confidence would be followed by other cybersecurity companies.
Speaking in a panel discussion at the event, Jan-Peter Kleinhans, project director at Stiftung Neue Verantwortung, a German think tank, described the GTI as “the right first step”.
“In the coming years we’ll figure out whether it’s a reasonable measure to build trust. There are a lot of good first initiatives, but we’ll see much, much more over the years from a variety of stakeholders,” he said.
According to Anton Shingarev, Kaspersky Lab’s vice president for public affairs, an important factor determining the success of the Global Transparency Initiative would be feedback from regulators.
“The initial feedback from regulators is pretty positive. They say we’re moving in the right direction,” he said.
Through the Transparency Centre, Kaspersky Lab is letting regulators and partners look at source codes. While finding irregularities is something of a needle-in-a-haystack exercise, Shingarev said experts who know what to look for can zone in on areas of interest.
So far, Kaspersky Lab has put about $3 million (AED 11 million) into the GTI, a significant sum, but an understandable investment given the difficulties the cyberespionage concerns have created.
In the United States, in December 2017 – two months after the GTI was announced – the president, Donald Trump, banned the use of Kaspersky Lab products in federal systems. Some retailers in the US stopped stocking Kaspersky Lab software.
The Dutch government made a similar move to the administration in Washington, while in June the European Parliament voted in favour of a non-binding resolution calling for Kaspersky Lab products to no longer be used by EU institutions.
The company emphasises its independence and has addressed the cyberespionage concerns head on.
In a briefing document, the company noted that it “does not have ties to any government”.
“The company has never helped, nor will help, any government in the world in its cyberespionage efforts,” the document stated.
The document goes on to say that the only links that the co-founder and CEO, Eugene Kaspersky, has ever had to the KGB, the defunct Soviet intelligence agency, “was studying cryptography and mathematics at the Higher School, co-sponsored by the KGB and the Soviet Ministry of Defence”.
“Eugene has no relationship with high-ranking governmental officials in Russia,” the document said.
More than four-fifths of company revenue is generated outside Russia, while the holding company is based in the United Kingdom. Research and development functions are not restricted to Russia, with the company having a research centre in Ireland, for example.
The GTI will not, however, involve moving additional research work to Europe. As the company noted in Zurich, five top-level software developers can be hired in Russia for the price of one in Switzerland.
As Kaspersky Lab continues its fightback, its bottom line is being affected. Revenues in North America are down in 2017 and last year’s eight percent growth worldwide is not likely to be repeated in 2018, with revenues set to flatline. But the Middle East its showing brisk growth, with double-digit revenue increases this year.
And what we have seen of the GTI so far could just be the beginning.
“If we see that the Global Transparency Initiative works, we would like to invest more,” Shingarev told summit delegates.