National/public institutions must comply with administrative/public institution and private cloud usage guidelines, and use cloud services that comply with cloud-related laws and cloud computing service information protection standards.

Support for establishment of customer's informatization business plan

The administrative/public institution and private cloud usage guidelines defines procedures and standards for safe and efficient use of private cloud. The cloud usage implementation procedure is categorized into following stages: 1) Informatization business plan establishment stage, 2) Security review stage, and 3) Informatization business execution stage. NAVER Cloud supports customers to use NAVER Cloud with confidence throughout all stages of use.

Support for review of guideline checklist for cloud computing implementation

Public institutions go through security review after establishing informatization business plans. When cloud computing is included in the informatization business, it is necessary to check whether the security standards specified in the national/public institution cloud computing implementation guidelines are met. NAVER Cloud supports the review of security standard checklist for the national/public institution cloud computing implementation guidelines. With this, it distinguishes the areas responsible by the customer and the areas supported by NAVER Cloud, and suggests cloud products and services that can meet various security requirements.

Provision of secure cloud service through acquisition of CSAP certification

In the informatization business plan establishment stage of public institutions, various requirements such as cloud use purpose, security, performance, and cost are checked, and technical analysis is conducted. To secure security, data leakage prevention measures, separation between internal system and external cloud, and physical separation between public cloud and private cloud are reviewed. Having acquired CSAP (cloud security certification) evaluated by Korea Internet and Security Agency, NAVER Cloud provides cloud services with necessary security for public institutions. This certification means that it meets the standards related to cloud computing service information protection.

Provision of security architecture and security guides

NAVER Cloud Platform provides various materials for safe construction of the customer' information system within NAVER Cloud Platform. The security architecture provides various references to enable safe design from the implementation stage of the cloud service. The security guide provides the descriptions of security product features as well as setup methods for safe use of the constructed system.
For safe use, the customer needs to grant the cloud service admin permissions to a minimum according to the role, and implement protection measures such as enhanced authentication, encryption, access control, and audit records to prevent unauthorized access to the admin permissions, permission abuse, etc. Using the materials provided by NAVER Cloud, the customer can realize safe use, secure evidence, and conform with information protection certification.

Support for security control

In the informatization business execution stage of public institutions, continuous security management is necessary. When a public institution is not able to directly install and operate its own security control, it may entrust the work to a "specialized security control company" according to the "National Cyber Safety Management Regulations." NAVER Cloud supports various environments necessary for security control according to the regulations.

Provision of security trails for compliance

In the informatization business execution stage, public institutions need to perform continuous security management activities. The areas of the security management activities include the private cloud area, thus requiring vulnerability inspection, simulation training, and trails for periodic audit activities for the private cloud. To comply with various compliance programs such as ISMS-P and CSAP, NAVER Cloud periodically performs security activities to maintain its certifications, and provides the security certificates or security trails required by the institutions when needed.

Cloud-related legal analysis and reflection

NAVER Cloud periodically reviews information protection regulations as cloud-related laws and guidelines are revised frequently according to environmental changes inside and outside of Korea. It prepares policies to meet changed compliance and improves cloud products. By quickly analyzing changes related to the cloud information protection standards and CSAP certification system and reflecting them to its services, it helps the customers using the NAVER Cloud products to continuously comply with compliance.