U.S. federal agencies must begin removing Kaspersky Lab security software from their networks within 90 days, according to a U.S. Department of Homeland Security action issued today that effectively bans the company's software from federal systems.
The U.S. government claims Kaspersky may have ties to Russia's government -- potentially opening the door for espionage activities. Kaspersky has repeatedly denied the claims.
As a result of the US government directive, departments and agencies must:
- Identify if Kaspersky products are installed and/or used on IT systems in the next 30 days;
- develop detailed plans to remove and discontinue present and future use of the products in the next 60 days; and
- within 90 days of this directive, unless directed otherwise by DHS based on new information, begin the remove of Kaspersky's software, the government said.
We assume that means federal agencies will be seeking Kaspersky alternatives...
The Investigation
A BusinessWeek article included alleged anecdotal evidence against Kaspersky, but the U.S. government has not mentioned a smoking gun in the case. In other words, there's no clear cut public proof that Kaspersky leaves back doors in its software for Russia officials to access.
CEO Eugene Kaspersky has offered to let U.S. officials examine the company's source code multiple times, but U.S. officials apparently didn't accept the offer. Moreover, retail giant Best Buy stopped selling Kaspersky's software without launching its own investigation into the U.S. government's concerns.
For its part, Kaspersky has downplayed its business exposure in the U.S. government. The company apparently has 10 employees or so focused on that sector, and there were signs that Kaspersky planned to wind down that effort in recent days.
Kaspersky and Kaseya: Still Partnering?
Meanwhile, it's unclear if the government debate has impacted Kaspersky's business in additional U.S. vertical markets. The company has been pushing an updated MSP partner program in recent months, but the privately held firm doesn't disclose exact financial growth metrics.
Kaseya, the MSP-centric software company, has stood by Kaspersky in recent months -- though Kaseya works with additional security companies. That's an important point for Kaseya MSPs that focus on the federal government, where a migration from Kaspersky to alternatives may now be required.