Frequently asked customer inquiries about security are provided as FAQs.
- Can I get certificates acquired by NAVER Cloud Platform for the compliance work response?
- NAVER Cloud Platform has the ISO/IEC certificate, SOC3 report, CSA STAR certificate, PCI DSS certificate, ISMS-P/ISMS certificate and CSAP certificate. You can download them from the Compliance Guide product menu in the console. The download feature is available after logging in. Meanwhile, the SOC1 and SOC2 reports are only disclosed to a limited audience in line with their purpose. If you need these reports, then please contact Support separately.
- Are there guides or documents provided related to NAVER Cloud Platform's security certifications?
- The security control items that needs to be met to acquire a specific certification are divided into control standards that are the responsibility of NAVER Cloud Platform, control standards that are the responsibility of customers, and control standards that are a shared responsibility of NAVER Cloud Platform and customers. NAVER Cloud Platform provides a responsibility matrix that specifies the roles of customers and NAVER Cloud Platform for the control items of ISMS-P certification and PCI DSS certification. You can download it from the Compliance Guide product menu in the console.
- In my company's internal security review, issues on security measures in case of infringement incidents were pointed out. Can I see the security measures related to this?
- NAVER Cloud Platform has an infringement incident response process in place. This document covers the infringement incident detection and propagation process, response process, follow-up process, external institution/customer reporting process, infringement incident task definition, infringement incident response organization, infringement incident severity definition, internal/external emergency contact information, etc. The details of the infringement incident response process are confidential and can't be disclosed to the public. Please make an inquiry through the sales manager.
- Is there a backup service usage procedure to ensure business continuity?
- Please refer to the Backup service guide provided by NAVER Cloud Platform. If you have inquired about the disaster recovery process of the internal management network assets of NAVER Cloud Platform, rather than the above, then that information is confidential and can't be disclosed to the public. However, please not that NAVER Cloud Platform maintains its certification through periodic confirmation of the disaster recovery process implementation status by the cloud service security certification (CSAP) every year.
- Due to issuance of Attention by the Cybercrisis Alert of the National Cyber Security Center, I have been notified about cyberthreat situations such as ransomware attacks. How can I check when anomalies are detected in the NAVER Cloud Platform's services?
- NAVER Cloud Platform provides security control services, which are categorized into Basic and Managed services.
-Basic service is a free security service provided by default to all customers using NAVER Cloud Platform. Based on IDS (Intrusion Detection System), it detects attacks in real time, and safely protects customers' services. The reports registered with the occurrence of IDS events can be checked through the console and email (sent to the login ID).
-* Search method: Click Console> Security Monitoring > Dashboard > IDS, set the search period, and then click the [Search] button
-Anti-DDoS, WAF, anti-virus, and IPS are paid services that protect NAVER Cloud Platform customers' services 24/7 with the help of security specialists. Customers can select and manage the notifications target and method by security service, and if no notifications target is set, the event notifications are provided via login ID (email) by default. The nature of WAF and IPS services may cause mass blocking events to occur, so event notifications are only provided to registered notification targets.
-* How to set notification targets: From the Console > Security Monitoring > Notification Setting menu, set the notification target and method by security service.
- Where can I check the NAVER Cloud Platform's Terms and Conditions and the Service Level Agreement (SLA) related to compensations?
- Go to Service Terms and Conditions https://www.ncloud.com/policy/terms/svc
Go to Service Level Agreement https://www.ncloud.com/policy/sla/svc
- I'd like to perform my own penetration test for security management or response to certification. How can I use it?
- You can use it by requesting it in advance from the Security center > Penetration test menu. After checking your request, we will reply with the review result, and you can perform the penetration test during the requested period.
- I need to check the management method for the IDC access procedure. Can I get the data for the access ledger management?
- NAVER Cloud Platform for public institutions goes through annual cloud service security certification (CSAP) review, and KISA verifies that its physical security controls, including the IDC access control you mentioned, are properly applied and operated every year. For more information, please refer to Information protection certification status.
- A specific version of OS image (e.g., CentOS 7.8, etc.) has been identified to be using a kernel version with a vulnerability. Can I get the support for the update to the latest kernel to address the vulnerability?
- Updating to the latest kernel is in the area responsible by the customer, so you need to perform it yourself. Since issues may occur during the update, we recommend that you review data backup, point-in-time backup, etc. in advance.