Global IT giants rush into Korea’s public cloud market as regulations ease

[Image source: Gettyimagesbank]

Global cloud service providers, including Google LLC, are rushing into South Korea’s public cloud market with the removal of regulatory barriers.

According to documents obtained by Representative Park Wan-ju, a member of the National Assembly’s Science, ICT, Broadcasting, and Communications Committee, from the Korea Internet & Security Agency (KISA) on Sunday, six companies applied for the lower-grade Cloud Security Assurance Program (CSAP) as of October 2023.

KISA did not disclose the companies that applied for the certification, citing business and trade secrets, but sources in the information technology industry suggested that prominent foreign cloud companies such as Google Cloud, Amazon Web Services, and Microsoft were among the applicants.

“Google has applied, and it appears that major global companies like AWS have also applied,” an unnamed official from the IT industry said.

Another industry official noted that the CSAP certification process typically takes four to six months for companies that have prepared beforehand.

“The lower-grade certification was made available from January 2023 onwards, but it is uncertain whether any companies will receive certification by the end of the year,” the official added.

CSAP – introduced in 2016 – is a certification system that encompasses data protection policies for government and public agencies, incident management, and physical security provided by cloud services.

In Korea, only companies that have obtained CSAP certification can participate in the public cloud market.

CSAP requires public and private cloud servers for government agencies to be physically separated.

While major domestic cloud companies such as KT Corp. have obtained CSAP in accordance with such conditions, foreign companies providing services without a clear separation between public and private networks have yet to be certified.

The government aims to accelerate the adoption of private clouds by relaxing the physical network separation regulations, primarily focusing on public systems.

Last year, it recognized CSAP as a tier system – high, medium, and low – with the low-grade certification reserved for handling publicly available government data that does not contain personal information and started accepting applications in January.

Cloud industry insiders are concerned that the government’s relaxation of CSAP could allow large foreign companies from the United States and China to dominate the public market, potentially posing a threat to local businesses.