MS Obtains Public Cloud Service Security Certification
Cloud Leaders AWS and Google Also Undergoing Certification Review
Industry Expresses Concern Over Potential Encroachment of Public Market
Microsoft (MS) has become the first overseas big tech company to obtain security qualifications to supply cloud services to domestic public institutions. As foreign companies dominating the private cloud market set their sights on the public sector, concerns among domestic companies are growing.
On the 2nd, MS announced that it had acquired the 'Ha' grade certification under the Cloud Service Security Authentication Program (CSAP) from the Korea Internet & Security Agency (KISA). This is the first time a foreign cloud company has received CSAP certification.
CSAP is a security certification that cloud service providers must obtain to offer services to the government and public institutions. Previously, providing public cloud services required a physically separated network. This was why big tech companies with servers overseas could not enter the domestic public market. However, last year, the government introduced a CSAP grading system divided into high, medium, and low levels, opening the door for these companies. Systems handling publicly available public data without personal information can apply the 'Ha' grade, which relaxes standards to allow logical network separation. Applying software (SW) that achieves the effect of network separation enables obtaining security certification.
With CSAP certification, MS can now enter the domestic public cloud market. Hyun Kyung Yoo, head of the Public Sector Division at Microsoft Korea, said, "We will do our best to meet the high reliability demands of domestic public institutions and contribute to accelerating innovation for public sector customers in Korea through AI and cloud."
Following MS, Amazon Web Services (AWS) and Google, considered part of the cloud big three, are expected to join the public market competition. AWS and Google have also applied for the CSAP 'Ha' grade, and their evaluations are underway.
As big tech's entry into the public market becomes more visible, domestic companies such as Naver Cloud, KT Cloud, and NHN Cloud are growing increasingly anxious. There are concerns that foreign companies, which already occupy more than 80% of the private market, might also take over the public market. Especially with high interest in generative AI services, if big tech provides cloud and related services together, domestic companies fear they could fall behind in competition.
The public cloud market, although smaller than the private market, has served as a stepping stone for domestic companies to grow. By building business references in the less competitive public market, they created opportunities in the private sector. The market size is also growing. In October, the Ministry of Science and ICT announced plans to expand the adoption of private cloud services in the public and financial sectors from the current 500 billion KRW scale to 1 trillion KRW by 2027. A cloud industry insider said, "Domestic companies have grown centered on the public market because security certification acted as a breakwater. Although only the 'Ha' grade is being opened, most services that can transition to the cloud are concentrated there, so it is almost equivalent to full opening."
The impact is expected to be even greater when combined with the multi-level security system (MLS) transition promoted by the National Intelligence Service. MLS is a new network policy that allows work to be done connected to the external internet network if appropriate security measures are taken according to the grade. Public systems are divided into three grades?Confidential (C), Sensitive (S), and Open (O)?with differentiated security measures based on data importance. The MLS guidelines will also include requirements for public institutions to utilize the cloud, with specific details expected to be announced early next year.
Currently, it is highly likely that MLS evaluations will be conducted in conjunction with CSAP. For providers who have obtained CSAP, there is a strong possibility of measures allowing easier participation in the O-grade market, which permits the use of private cloud services. Analysts suggest that if foreign companies obtain both CSAP and MLS certifications, entering the public cloud market will become even easier.
However, there is also a positive assessment for domestic cloud management service providers (MSPs), who act as distribution partners for foreign companies. Since MSPs connect cloud service providers (CSPs) with customers and handle cloud adoption consulting, construction, and operation, business opportunities are expanding. Megazone Cloud and Bespin Global are representative examples, and IT service companies like Samsung SDS and LG CNS also operate MSP businesses. An industry insider said, "Because it becomes possible to enter industries with high security requirements such as public and financial sectors together with CSPs, business opportunities can be expanded."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
