Until there's some evidence, don't kick out Kaspersky

IDC analysts Dominic Trott and Martin Whitworth advise against a knee-jerk reaction to Kaspersky Lab following its potential EU ban

On 14 June, 2018, the European Parliament voted by 476 votes to 151 to ban Kaspersky Lab's products. The decision was made without any evidence being presented to the Parliament to demonstrate that Kaspersky Lab is a malicious actor, either knowingly or unknowingly. IDC believes that, before making their own decisions, organisations should demand convincing evidence and, until this is presented, continue buying and using Kaspersky Lab's products.

Kaspersky Lab has been under attack for some time, and this resolution comes after the US prohibited the use of its products by government agencies and the UK, the Netherlands and Lithuania have all moved to ban the use of Kaspersky Lab software on sensitive systems.

But, no evidence of wrongdoing has been provided and decisions appear to have been made under the belief that Kaspersky Lab's products are confirmed as malicious - or, worse still, based on negative media reports. CEO Eugene Kaspersky and many security researchers have been quick to condemn this decision by the parliamentarians.

IDC believes that significant decisions such as this should only be made in the light of incontrovertible evidence - not purely based on political pressure - and this substantiation has certainly not been forthcoming in this instance. As such, we believe that, until convincing evidence is provided, there is no reason for organisations to stop using Kaspersky Lab products.

IDC does not assert that Kaspersky Lab is a perfect security vendor. However, it has surpassed other major security vendors in its transparency. This is exemplified by Kaspersky Lab's Global Transparency Initiative (see details here), committing to make the source code of its products available to partners and customers. Buyers are, however, advised to assess the risk that foreign-owned antimalware providers represent for them, a concern not limited to one vendor or country.

Two clarifications are required for fair understanding of Kaspersky Lab. First, no evidence has been presented showing Kaspersky Lab to be a malicious actor, knowingly or unknowingly. Second, the "bans," such as they are, relate specifically to central government agencies handling sensitive data in certain countries. They are not a "blanket ban" for the market at large. Until evidence is presented that shows otherwise, IDC recommends that organisations should continue to work with Kaspersky Lab where risk-aware vendor selection processes identify it as the right provider for them.

For deeper insights into IDC's perspective on Kaspersky Lab, its Global Transparency Initiative and the 'bans' imposed by various governments, please see this 'Link' report on the topic, authored by myself and my colleague Martin Whitworth.

This blog first appeared on Linked In

Dominic Trott is associate research director - European Security at IDC and Martin Whitworth is research director, European Data Security & Privacy at IDC