Kaspersky Lab to shift US customer data from Russia to Switzerland

Kaspersky Lab also plans to move the tools and systems used to compile products from its source code to the country.

Kaspersky finds backdoor in business software that left hundreds of companies vulnerable

Kaspersky Lab plans to move core components of its infrastructure from Russian shores to Switzerland.

On Tuesday, the cybersecurity firm said that "a number of core processes" will be shifted from Russia, including customer data storage systems and processing "for most regions."

By the end of 2019, Kaspersky Lab hopes to have moved the infrastructure used for US customer data storage and processing to Zurich. Customer data from Europe, Singapore, Australia, Japan, and South Korea will also be moved, with other countries to follow.

The company, headquartered in Moscow, Russia, says the transition is part of the Global Transparency Initiative.

Announced in October last year, the Global Transparency Initiative is an effort to re-establish both trust and reputation in the wake of accusations that Kaspersky Lab's operations were tied to the Russian government.

In 2017, the US Department of Homeland Security (DHS) ordered federal agencies to stop using Kaspersky products and removed the company from a list of approved vendors.

According to the agency, Russian laws allows the Kremlin to potentially lean on Kaspersky Lab to perform cyberespionage and intercept communications connected to Russian networks.

The DHS suggested that due to these laws, the Russian government could use Kaspersky products as a conduit to compromise US national security.

The cybersecurity firm has firmly denied these accusations, as well as having "inappropriate ties to any government, including Russia."

The Global Transparency Initiative emerged from this situation and is Kaspersky's "ongoing commitment to assuring the integrity and trustworthiness of its products."

"The new measures are the next steps in the development of the initiative, but they also reflect the company's commitment to working with others to address the growing challenges of industry fragmentation and a breakdown of trust," the cybersecurity firm says. "Trust is essential in cybersecurity, and Kaspersky Lab understands that trust is not a given; it must be repeatedly earned through transparency and accountability."

Kaspersky also intends to relocate the tools used to assemble software to Zurich, and by the end of 2018, the company says that both Kaspersky Lab products and threat detection rule databases will begin to be assembled and signed off in the country.

"The relocation will ensure that all newly assembled software can be verified by an independent organization, and show that software builds and updates received by customers match the source code provided for audit," Kaspersky added.

The transition of systems and data will be overseen by an unnamed independent third party that is based in Switzerland.

See also: This malware is harvesting saved credentials in Chrome, Firefox browsers

In addition, the cybersecurity firm has pledged to open its first Transparency Center in Switzerland this year. Eventually, the center will make the source code of Kaspersky products available for review by stakeholders.

"In a rapidly changing industry such as ours, we have to adapt to the evolving needs of our clients, stakeholders and partners," said Eugene Kaspersky, CEO of Kaspersky Lab. "Transparency is one such need, and that is why we've decided to redesign our infrastructure and move our data processing facilities to Switzerland. We believe such action will become a global trend for cybersecurity, and that a policy of trust will catch on across the industry as a key basic requirement."

Previous and related coverage