Kaspersky Lab Partners Put In Tough Position As Public Sector Pressure Mounts Over Russia Allegations

Partners said they are facing increasing questions from customers regarding Kaspersky Lab and allegations about the extent of its ties to Russia, causing some of them to slow or even halt their work with the vendor.

Kaspersky, which is globally headquartered in Moscow and has North American headquarters in Woburn, Mass., is in the federal government's crosshairs because several government officials believe it has direct ties to the Russian government and use of its software poses a security risk.

The federal government removed Kaspersky from the GSA Schedule in July, and this week the Department of Homeland Security said in a directive that all Kaspersky products much be removed from federal networks within the next 90 days. The DHS said it banned Kaspersky's products from U.S. government networks because it was "concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."

[Related: Kaspersky Removed From GSA Schedule, Limiting Federal Sales For Its Security Software]

Sponsored post

Kaspersky's troubles aren't limited to the public sector. This week, electronics retail giant Best Buy announced it would no longer sell the company's consumer security software in its retail stores. One recent report said the FBI had put pressure on the private sector to cut ties with the vendor.

The company's CEO Eugene Kaspersky (pictured) has vehemently denied that his company is part of a broad Russian conspiracy. In a statement this week, Kaspersky said it does 85 percent of its sales outside of Russia and has a "20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development." The company also reaffirmed its commitment to the North American market, saying it plans to open three new offices in 2018 in Chicago, Los Angeles, and Toronto.

Partners say they are feeling the hit of the allegations. Multiple partners have told CRN on background that they are either slowing their sales with the vendor or halting them all together, as they face increasing questions from customers regarding the security software.

One partner, who did not want to be named, said he was moving all of his clients off of Kaspersky to Webroot, driven he said by customer concern over the software.

Another partner, Chris Johnson, cybersecurity compliance strategist at OnShore Security, said he has had to start the process to pull Kaspersky products from two of his largest clients. One of the clients, with 500 to 600 seats of Kaspersky, had just renewed the solution and will likely have to pull the product after the DHS ruling this week because of work it does with multiple federal agencies.

"It's scary," Johnson said. "We put our reputations on the line, and now we have this added stress ... It's putting our whole industry at risk." He said the two clients would likely move to Webroot or Sophos.

CRN reached out to Kaspersky directly, but a spokesperson referred us to a blog post the company issued in response to the DHS directive this week. The company did not make new channel chief Jason Stein available for comment on the partner concerns.

Richard Delaney, CTO and principal solutions architect at Mahwah, N.J.-based Delaney Computer Services, wouldn't comment on if the company was pulling customers from Kaspersky, but said clients are becoming more vocal in general about the security solutions they recommend and what they hear in the news.

"I have seen a trend with clients being more aware of cybersecurity in general and having an opinion on the location of their security vendors and actively ask questions about the security solutions that we use and recommend," Delaney said.

Other vendors have also actively moved in to take advantage of the situation. VIPRE, for one, announced in May a new buyback program for those concerned about their data under Kaspersky. It said current Kaspersky customers could get six months free of any VIPRE security solution.

While he has had to pull some clients from the software, OnShore's Johnson said he worries what precedent the moves will set. While Kaspersky is affected right now, Johnson said there are multiple other antivirus vendors with headquarters or significant locations abroad, including AVG and Sophos.

"What does this all mean for us? The channel at large? I'm concerned. I think we should all be concerned because … Where does the line get drawn?" Johnson said. Johnson said that creates a lot of uncertainty for partners, who want to be able to offer trusted, long-term solutions to clients but might face tough questions on if the government could pull support.

Johnson said partners should step up in a situation like this, making themselves part of the due diligence process for clients and the government when it comes to software. He said it would help if the government provided documentation of why it was pulling support for Kaspersky security software, instead of just saying it was classified. Otherwise, Johnson said he worried other vendors could be impacted down the line by similar government edicts, creating challenging situations for partners and their clients.

"I think we have an obligation in our community to be vocal … There will be another vendor that will get put in the same crosshairs. I find it hard to believe that Kaspersky is going to be the exception to the rule," Johnson said.