Microsoft became the first Big Tech company to secure certification under South Korea’s Cloud Security Assurance Program (CSAP) on Monday. The move allows Redmond’s Microsoft Azure services to be used by public institutions in South Korea.
The certification, as reported by Korea Bizwire, marks a significant milestone for hyperscalers looking to access the country’s domestic public sector. South Korea’s regulatory requirements have historically been strict due to the country’s concerns about data security, privacy, and sovereignty. The nation faces a constant cybersecurity threat from North Korea, which has a well-documented history of cyberattacks aimed at South Korean government institutions, private businesses, and critical infrastructure.
These regulations saw the mandatory physical separation of servers for public and private sector data – but the government’s introduction of tiered CSAP certification in 2022 has removed obstacles and allowed public use of foreign cloud services which satisfy security standards.
The CSAP certification, granted by the Korea Internet & Security Agency (KISA), assesses cloud service providers’ adherence to strict security standards and is divided into three tiers: High, Medium, and Low. Microsoft obtained certification in the last tier, Low (하, or ‘Ha’), allowing its services to support public systems that do not manage sensitive or private data.
According to Microsoft’s Korea news portal, Azure holds more than 100 global security certifications to date, including ISO 9001, SOC 1, SOC 2, and SOC 3. In addition, the cloud platform has been recognized for its safety by receiving security verification every year in the domestic private and financial sectors, including from the Korea Information Security Management System (K-ISMS) and the Financial Security Institute CSP safety assessment.
As reported by Korea Bizwire, Google Cloud and Amazon Web Services (AWS) are rumored to be in the process of seeking similar certifications, with AWS being the first global cloud service provider to achieve K-ISMS certification last year. According to a 2023 government report, global hyperscalers already dominate South Korea’s private cloud market, with AWS holding 60% of the share and Microsoft 24%. Understandably, this paints a bleak future for local cloud providers such as Naver’s NDrive and Solbox.
Hyun-kyung Yoo, head of the Public Sector Business Division of Microsoft Korea, said on the news: “It is very meaningful that Microsoft, as a leading global cloud service provider, has [obtained] security certification from KISA.
“We will do our best to meet the high reliability demands of domestic public institutions and contribute to accelerating innovation of domestic public sector customers with AI and cloud.”
