West Virginia University is issuing a request for proposals (RFP) from anti-virus software providers on Friday, Sept. 15 as part of a plan to replace the current Kaspersky software by summer 2018. Information Technology Services has been actively monitoring developments with Kaspersky and working on this RFP for some time. ITS will seek proposals from vendors considered leading providers by Gartner, an IT research firm that helps shape industry standards.
The General Services Administration, the federal agency in charge of government purchasing, has removed Russia-based Kaspersky from its list of approved vendors. The GSA expressed concerns that the Russian government could compel Kaspersky to provide information that it has collected from its clients. On Wednesday, the Department of Homeland Security gave Kaspersky 90 days to prove that its products are not a security risk. If the company cannot do so, the Washington Post reported, federal agencies must begin to remove the software.
ITS regularly works with law enforcement agencies to ensure that WVU has taken the appropriate steps to reduce security risks. ITS has put controls in place to ensure that all WVU data remains within University systems (on premises), and is not sent back to Kaspersky for analysis. At WVU, Kaspersky software simply identifies viruses, then shares information that ITS can use to block those viruses. ITS quarantined more than 222,000 viruses in June 2017, meaning they did not reach the intended recipients.
ITS is confident in Kaspersky’s ability to provide quality anti-virus protection to WVU’s 17,000 computers. Independent testing labs around the world have repeatedly and consistently given Kaspersky high scores for its technical performance.
As a public institution funded in part by state dollars, WVU must proceed with any change in provider transparently, cautiously and in compliance with West Virginia rules, regulations and processes, including public RFP requirements.