Compliance support

Supports the customer IT environment to comply with regulations inside and outside of Korea,
for continued growth of customer business in the cloud environment.

NAVER Cloud Platform supports customers in various industries to comply with compliance required in the cloud environment.

commonImage1

Support for establishment of protection measures when using cloud

To comply with various compliances in the cloud environment, the customer needs to identify the roles and responsibilities between the customer and NAVER Cloud, and establish protection measures based on this. NAVER Cloud provides the Terms of Service, Service Level Agreement, and Privacy Policy to help define the roles and responsibilities for information protection and personal information protection.

Cloud service typesCloud service providerCloud service user
IaaS- Facility security and access control in the physical area
- Security patches for the host OS
- Security management for virtual machines such as hypervisors, etc.
- Security patches for the guest OS, middleware, and applications
- Security configuration and settings for the guest OS, middleware, applications, and private network areas
- Data security
- Management of admin and user permissions, etc.
PaaS- Roles and responsibilities of the cloud service provider in the IaaS area
- Security settings in the network area
- Security patches, security configuration, and settings for the PaaS area
- Security patches and security settings for applications
- Data security
- Management of admin and user permissions, etc.
SaaS- Roles and responsibilities of the cloud service provider in the IaaS and PaaS areas
- Security patches and security settings for applications
- Management of application's admin and user permissions, etc.
- Data security (access control of data levels, encryption, etc.)

※ It may differ depending on service configuration and characteristics.

<Classification of roles and responsibilities for each cloud service type>

Support for cloud implementation review through compliance guide

Using the compliance guide provided by NAVER Cloud, the customer can distinguish the areas for which the customer is responsible and the areas supported by NAVER Cloud, and identify cloud products and services that meet various security requirements. [Go to Compliance Guide]

Provision of secure cloud service through acquisition of various certifications

NAVER Cloud Platform provides cloud services that acquired various certifications such as personal information and information security management system certification (ISMS-P), cloud service information protection international standard certification (ISO27017), etc. These certifications are verified every year by an independent third party institution, so customers can configure their services using verified cloud services and conform with information protection certifications.

Provision of security architecture and security guides

NAVER Cloud Platform provides various materials for safe construction of the customer' information system within NAVER Cloud Platform. The security architecture provides various references to enable safe design from the implementation stage of the cloud service. The security guide provides the descriptions of security product features as well as setup methods for safe use of the constructed system.
For safe use, the customer needs to grant the cloud service admin permissions to a minimum according to the role, and implement protection measures such as enhanced authentication, encryption, access control, and audit records to prevent unauthorized access to the admin permissions, permission abuse, etc. Using the materials provided by NAVER Cloud, the customer can realize safe use, secure evidence, and conform with information protection certification.

Support for cloud service operation status monitoring and regular reviews

It is required for companies among the ISMS-P certified companies that use the cloud to monitor the changes in cloud service security settings and its operating status, and regularly review their suitability. To support monitoring of cloud resources operated by the customer, NAVER Cloud provides various products such as Monitoring and Web service Monitoring System, as well as providing the Security Monitoring service, which is a security control service, in a managed form. In the Security Monitoring service, NAVER Cloud's professional security personnel quickly analyze the customer's infrastructure configurations and services to provide optimized security service from construction to operation and control services. NAVER Cloud also provides various products such as Cloud Activity Tracer, Resource Manager, and flow log, to help the customer conveniently perform audits on the cloud environment and continuously manage it.

Support for company's regular security management activities such as risk assessment and improvement

The items such as "2.11.4 Incident response training and improvement" and "1.2.3 Risk assessment" in ISMS-P certification standards require companies to perform regular security management activities. To support company's regular security management activities, NAVER Cloud supports penetration tests. By requesting penetration tests online, the customer can perform overall security activities including inspection of vulnerabilities in the customer's cloud area under mutual recognition for the permitted environment and period.

Customer support for security inquiries for compliance

Depending on various cloud service environments configured by customers, a wide range of inquiries can arise in the perspective of security policy application and information protection certification response. NAVER Cloud Platform operates an inquiry channel to solve customers' questions in a short time, providing solutions through security experts equipped with the know-how to conform with various security certifications.