The position between the government and foreign cloud companies is still parallel to the `Cloud security verification system`, which is mandatory for public service organizations in Korea.

According to the industry sources on May 29, Korea Internet and Security Agency (KISA) evaluates and certifies among foreign cloud service companies such as Amazon Web Service (AWS), Microsoft (MS) and IBM that have a domestic data center and serve public cloud in Korea and there is no place to look for applications for certification. So far, KT, the Naver Business Platform (NBP), and Gabia have only received cloud security certifications from the government to provide private cloud services that have been proven to be reliable for public organizations.

The government has been known to be seeking to involve foreign companies with technology competitiveness in the public market to revitalize the private cloud.

However, foreign companies are wary of the Korean public market, and they are in the rationale that it is difficult to enter the market due to the excessive regulation of the Korean government. Foreign companies are claiming that the provision for KISA certification is excessive and barriers to entry into the public market are high. According to KISA, only the cloud system and data applied by the public organizations should be limited to the Korean physical location for security certification, and separate from the private sector to establish a separate public zone. However, Amazon Web Services does not disclose customer server locations because of data movement.

A representative from a foreign company stated, "The certification system implemented by the Korean government is very time-consuming due to unnecessary paperwork."

Meanwhile, KISA explains that major industrialized countries such as USA, UK, and Germany have limited public system location in their own country and operate the private system and physical network separately.

Lim Cha-tae, the head of cloud security management team at KISA, pointed out, "Foreign companies claim that they cannot disclose where their data is located in the policy, which is not technically difficult, and without this provision the meaning of network separation will disappear." The main goal of foreign companies is to minimize investment facilities in Korea and enter the Korean public market.

A representative of multiple cloud company stated, "It is true that Japan and Singapore will limit data location to domestic market, but there is a difficulty in domestic regulations because they do not regulate the physical network. In the meantime, foreign companies will decide how much public institutions will use their private cloud instead of G-Cloud.” He also said, "Foreign companies will try to apply for certification regardless of how much the investment cost is required in the case of the demand for private cloud use by public agencies grows."

By Lee Gyung Tak kt87@


[ copyright ⓒ The Digitaltimes ]