Cyber security company Kaspersky takes us on a tour of its transparency centre in Zurich. It is the company’s ninth centre dedicated to this initiative but has only had a few visitors on the floor due to some corona years. Still, the company believes it is important to keep the centres open. “We are experiencing a lot of geopolitical setbacks,” Yuliya Shlychkova, head of Global Public Affairs at Kaspersky, told.
Kaspersky felt it was time to re-run its annual summit. “Now the situation with corona allows it again,” it sounded official at the company, although the precarious situation around the company will also be in between for something.
The buses are ready before the first rays of sunshine can even shoot through between the mountains to send a group of about twenty journalists on tour to the transparency centre. For the occasion, we received an invitation for a short trip to Zurich, Switzerland earlier in the month. Our tour leads us to the outskirts of the centre, where we stepped out among the industrial buildings.
Minor interest
The transparency centre in Zurich is one of nine centres that Kaspersky built. Despite the opening that took place back in 2018, only 57 companies and government employees still visited the building. That, of course, includes a period of limited visitation due to corona measures.
The reception in a transparency centre is not with cava or toast. As a visitor, you undergo a security check before access is granted. We only get a visitor’s pass after the ID check. The PR people were well aware of that, so we were tossed around asking if we definitely had our ID cards in our pockets. No journalist stayed behind to guard the bus and we made our way through the transparency centre. The elevator was waiting for us and a corridor took us to Kaspersky’s little room.
Transparent and unique
“In our transparency centre we receive partners, customers or government officials,” explains Yuliya Shlychkova, head of Global Public Affairs at Kaspersky. It is mainly the latter category that Kaspersky appears to hope to receive. “We built our centre to address concerns of government agencies about our company. We face a lot of geopolitical problems to operate easily.”
We don’t look surprised at that statement. Kaspersky is originally a Russian company and therefore many democratic governments put the company in the same corner as China’s Huawei. “There is no guarantee that Russian spying is not possible through its products,” the reasoning goes. Furthermore, the Russian invasion of Ukraine did not make things any better. Companies decided to close their business in Russia even before there was an official requirement, and companies operating in Europe but headquartered in Russia still feel the burden.
Transparency centres are not a standard among cybersecurity companies. A lot of parties save themselves from the trouble of security protocols. All rooms must be monitored via camera or security and the building must not be hard to enter. Kaspersky will have to deal with security not only on a digital level but now has a physical location that must be shielded from people with malicious intentions.
Disillusion
What we usually imagine of a centre are several halls where we can find all kinds of history or information. The centre we are visiting now is very compact in that view. We take a seat on the table around which eight comfortable chairs with wide armrests are arranged. In front, two Kaspersky employees install their PowerPoint presentations. Around those presentations and two Dell monitors the entire center appears to revolve.
“Here in our centre, visitors get a chance to see the source code of all the on-prem devices. The other activities through which we want to be transparent in the way we work, we can only tell. We still work with third parties to make reviews of our products, we have a bug bounty program, we issue regular reports on our activities, and we train government officials or other visitors to be able to perform source code reviews,” we hear from Shlychkova. She recites the presentation on the “transparency initiative” that all visitors to the transparency centre will hear.
Operating from Russia
Then Igor Kumagin, a cyber security expert at Kaspersky, takes the floor. He shows what a source code looks like. Normally after the presentation, the source code review starts for the visitors, but with only two dedicated computers that will not be possible today.
Our eye catches the documentation in Russian before the English documentation. “The original team of developers is still based in Russia,” Kumagin explains. “Every part of the code does undergo a review before it goes live,” Shlychkova rushes to his aid. “These reviews are not limited to Russia, but take place through our international team.”
The company’s original roots have not become a thing of the past at Kaspersky due to political tensions. We can see that on LinkedIn, where 2,412 employees say they live in Russia. A total of 3,807 of the company’s employees are known on the social media site.
Insufficient vigour
Kaspersky is trying to reassure democratic countries and its customer base with a transparency centre. As a Russian company in Europe, the company is having a hard time winning over that trust. A transparency centre appears to lack the decisiveness to succeed in that goal. We see this in the Netherlands, where the company opened a centre in Utrecht. That did not change anything about the Dutch government’s ban on Kaspersky software.
Also read: Kaspersky Lab sees government, KPN and therefore business leave
The company is trying to keep its back straight, but it can only attract a small audience to its transparency centre. Provoking publications to reach a larger audience with its initiative is better seen as a last effort to convince the public of the company’s sincerity.