The bunker deep in the Swiss Alps an hour’s drive south of Zurich was designed to withstand nuclear blasts and protect soldiers from a foreign invasion that never came. Today, it’s used to guard digital data.
As Switzerland yields to pressure from the U.S. and the European Union to relax its bank secrecy rules, it’s repositioning itself as the global vault for online identities. With consumers and companies uploading ever more confidential information to make online transactions, there’s increasing demand for services that keep data out of reach of criminals and government spies.
“This is the future of this country: It’s not to store any more money, it’s actually to store data, which is the next currency,” said Carlos Moreira, founder and chief executive officer of WISeKey SA, which encrypts and stores information in the bunker. “The Swiss respect the privacy of people.”
In the wake of reports about the extent of government spying, demand for WISeKey’s services is growing 300 percent every month, he said in a cavernous bunker room with a vaulted concrete ceiling. Moreira said he plans to fill the room, the far side of which is barely visible in the gloomy distance, with racks upon racks of computers that could hold the data of as many as 6 million people.
The bunker, near the town of Attinghausen, was built to be self-sustaining, drawing on mountain water and powered by nearby hydroelectric plants. WISeKey has servers in four bunkers across Switzerland, providing the service to 2,000 companies and 2 million consumers.
“It’s a very sensible move” for Switzerland, said Rik Turner, an analyst at researcher Ovum Ltd. in London, “to rebrand themselves as a safe haven for data.”
Other companies are joining the effort. SIAG Secure Infostore AG, based in Zug, runs two underground data centers, branded “Swiss Fort Knox,” in a joint venture with the government. Safe Host SA owns a 10,000 square meter data center near Geneva and expects to start building a second one nearby in March.
A key advantage is that “the Swiss have strict data privacy laws” due to the country’s tradition as a private banking center, said Safe Host CEO Gerard Sikias.
Since former U.S. National Security Agency contractor Edward Snowden began documenting the extent of government surveillance, WISeKey has seen increasing demand in the U.S., Moreira said.
With a large share of the closely-held company’s growth expected to come from the U.S. this year, the CEO plans to list the company on Nasdaq in 2015. A $35 million financing round in 2011 valued the company at $360 million.
For the past three years, WISeKey has hosted parties at the World Economic Forum’s annual Davos meeting to promote the notion that Swiss trustworthiness in banking can be replicated on the Internet.
WISeKey, with about 180 employees, offers applications that let customers secure their Web accounts with access codes called digital keys that can be hundreds of characters long. In online banking, customers share a public key with banks that are used for authorization. But without the client’s private key, stored on his mobile device or computer, the data cannot be decrypted.
“It’s like a safe in the bank,” Moreira said in the maze-like bunker, hundreds of meters below the mountaintop above. “You need your key and the bank’s to open the safe. We do the same, only digitally.”
Moreira acknowledges that even blast-proof doors can do little against an attack via the Web. A skilled digital intruder could manage to siphon data from the servers to his own computer. And in today’s arms race between hackers and security firms, ever more powerful computers will require increasingly strong encryption, Moreira said.
The keys at Attinghausen are in turn locked by a so-called root key that sits on a computer, unconnected to the Internet, in another bunker near Bern. Whenever it needs to be changed to keep decrypters guessing, Moreira and other executives must all be present, bringing different pieces of an authentication puzzle with them.
“From a pure data center perspective it is a bit gimmicky” to place the servers in a bunker, said Steve Wallage, managing director of BroadGroup Consulting, which advises clients on data storage. But, he said, “some people might be impressed by that. It is like going to a Swiss bank.”
While some bunkers are used to keep art and other valuables, underground data storage is the fastest growing business of Deltalis SA, the company that owns the Attinghausen site, said CEO Stephan Grouitch. Deltalis bought the decommissioned 1950s bunker, one of Switzerland’s largest former command posts, from the Swiss government in 2007 and opened it as a storage facility in 2010.
“We cater to any company that is looking for a stable place in Europe, out of U.S. reach,” said Grouitch, a karate black belt and former French Air Force officer. “It matters to our customers.”
The Attinghausen bunker still shows signs from days gone by, with the former planning center, a cage that blocks radio signals once used to make top secret phone calls, and faded maps of Europe and Switzerland replete with movable NATO-style brigade tokens.
“With the growth of the company,” Moreira said, “we need 20 or 30 more spaces like this in the Swiss Alps.”
To contact the editor responsible for this story: Kenneth Wong at firstname.lastname@example.org