Jungwon Yoon: "Cloud Utilization Will Increase in the Public Sector"
AWS Achieves "Low" Grade in Cloud Security Certification
On the Requirement for Physical Network Separation in the Certification System
"Logical Network Separation Is Also Safe... Even the U.S. Department of Defense Allows It"
Amazon Web Services (AWS), the world’s leading cloud provider, is making a full-scale entry into the domestic public cloud sector, which has traditionally been dominated by local companies. AWS argued that the requirements for “network separation,” a top-level condition in the cloud certification system, should be eased.
Jungwon Yoon, Head of AWS Korea Public Sector, stated at the “AWS Public Sector Press Conference” held on the morning of April 18 at the AWS Korea office in Gangnam-gu, Seoul, “It appears that the trend of utilizing cloud services, rather than developing solutions in-house, will continue in Korea’s public sector.”
Yoon Jungwon, Head of AWS Korea Public Sector, is speaking at the 'AWS Public Sector Press Conference' held on the morning of the 18th at the AWS Korea office in Gangnam-gu, Seoul. Provided by AWS Korea
Earlier this month, AWS received the “Low” grade of Cloud Security Assurance Program (CSAP) certification from the Korea Internet & Security Agency (KISA), allowing it to supply cloud solutions to domestic public institutions. CSAP is a security certification that cloud service providers must obtain to offer services to the government or public institutions.
Previously, providing public cloud services required a physically separated, dedicated network. For this reason, foreign cloud services with servers located overseas were unable to enter the domestic public market. However, with the government’s introduction of a three-tier CSAP grading system (high, medium, low) in 2023, opportunities opened up for these providers. Specifically, only for the “Low” grade, security certification is permitted for “logical network separation.” Logical network separation is achieved by applying software (SW) that provides the effect of network separation.
Before AWS, other foreign cloud services such as Microsoft Azure and Google Cloud also obtained CSAP “Low” grade certification. As a result, the three major global cloud platforms have entered the public cloud market, which was previously dominated by local providers. The existing public cloud market had been a battleground for domestic companies such as Naver Cloud, KT Cloud, and NHN Cloud.
Criticism has also been raised regarding the physical network separation requirement, which led to the granting of CSAP “Low” grade certification. With the “Low” grade, providers can only enter sectors that handle public information, such as running government websites or providing tourist information. Yoon pointed out, “Currently, the main distinction between the ‘Low’ and ‘Medium’ grades is (physical) network separation. Globally, services that use physically separated networks are becoming less common. Even the U.S. Department of Defense has published reports on the safety of logical network separation and has allowed it to a significant extent.”
However, there are expectations that foreign cloud providers, including AWS, may attempt to obtain CSAP “Medium” grade certification. This comes as the United States Trade Representative (USTR) has called for the easing of barriers in Korea’s CSAP certification system. In its “2025 National Trade Estimate Report on Foreign Trade Barriers,” the USTR pointed out that a substantial barrier exists, as cloud providers are restricted from participating in public projects without CSAP “Medium” grade or higher certification. The “Medium” grade allows providers to enter sectors that operate non-public information systems, such as reservation systems requiring personal data.
Yoon explained, “There are many cloud companies with excellent solutions in the public sector. Due to issues of cost and time, the system is shifting away from turnkey projects by large system integrators (SI) for government service development, toward the rapid adoption of cloud company solutions.”
He also emphasized the strong security of AWS Cloud. “AWS complies with more than 230 security regulations worldwide,” he said. “Companies or institutions expanding overseas can use AWS to comply with over 230 security regulations or requirements.”
Yoon introduced several cases of AWS cloud platform adoption, including Seoul Women’s University, which integrated university data by implementing an AWS cloud-based intelligent data analytics platform; Cheonan Girls’ Commercial High School, which is operating a business platform curriculum in partnership with AWS; and Yonsei University Health System, which developed a medical big data platform using AWS services.
In the subsequent discussion, Sunghoon Kim, CEO of Upstage; Kwonho Jung, CEO of JNP Medi; and Kwangsoo Kim, Professor of Convergence Medicine at Seoul National University Hospital, participated in a roundtable on AWS use cases and prospects. Kim said, “Upstage uses a large number of GPUs to train large language models, and the AWS infrastructure is well-suited for this work. We are participating in AWS Bedrock with our own large language model (LLM), ‘Solar’.” Bedrock is AWS’s cloud service that supports the use of various generative AI services in one place.
On the morning of the 18th, participants are having a discussion at the 'AWS Public Sector Press Briefing' held at the AWS Korea office in Gangnam-gu, Seoul. Jungwon Yoon, Head of AWS Public Sector; Sunghoon Kim, CEO of Upstage; Kwangsoo Kim, Professor of Convergence Medicine at Seoul National University Hospital; Kwonho Jung, CEO of JNP Medi. (From left) Photo by Myunghwan Lee
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
