All you need to know about public cloud services
- 2022-09-30
- 작성자 Lee Hyuk
Today, the central government's most important systems are integrated into the data center of the National Information Resources Service (NIRS) and are managed by cloud services, and the non-integrated systems are dispersed across the country and operated individually. However, the necessity of cloud transformation in public information systems is quickly emerging with the recent wave of private cloud adoption, the introduction of new technology services, such as AI, and the need to expand emergency systems and secure flexibility due to COVID-19. In this article, we will take a look at the promotion direction of the government's public cloud and what is required for private cloud providers to provide public cloud services.
Overview of public cloud services
The status of system operations in public sectors
The operation of systems in the public sector has been individually established by central government, local governments, and public institutions in their own data centers or computer rooms based on their respective needs. The important systems of the central government are currently integrated into the NIRS (formerly Government Integrated Data Center) and are managed under cloud services. However, the rest of the systems are scattered across the country and are operated separately. The efforts to introduce the cloud into public information systems have been promoted by the NIRS of the Ministry of the Interior and Safety (MOIS), centering on the central government system. It started with the building of the G-Cloud system (2011) and the transition to the government cloud computing center (2013).
The challenges of cloud transformation in the public sector
Yet, with a total scale of 15,000 units, it was not easy to migrate systems that were scattered across the country to the cloud. The lack of an integration strategy and the interests of the relevant organizations slowed the progress. Also, due to the disparity between government’s one-time product procurement system and the cloud’s pay-as-you-go model, cloud adoption faced difficulties. This is very similar to the situation private companies faced during the early days of cloud transition.
Growing demand for cloud transformation
However, the necessity of cloud transformation in public information systems is quickly emerging with the recent wave of private cloud adoption, the introduction of new technology services, such as AI, and the need to expand emergency systems and secure flexibility due to COVID-19. Let's take a look at the government’s roadmap for public cloud transition and what preparations are required for private cloud providers to provide public cloud services.
What is a public cloud?
A public cloud can be defined as an infrastructure where government, local authorities, and public institutions operate public information systems.
What are the types of public information systems?
First, we will go over the types of public information systems and users. Korea's public information system can be broadly divided into two categories. First, there are closed internal systems, such as intranets, and business systems used by civil servants in internal administration and public networks. Second, there is a national service system, such as issuing certificates, paying taxes, and scheduling vaccinations, that we can encounter in our daily lives. Users of the public system are divided into public users and national users, and as of the end of 2020, 3.14 million (1.31 million civil servants, 440,000 quasi-public servants, and 1.57 million public institutions) national users refer to the entire nation. The scale of the system is 15,365 in total, 1,667 by the central government, 8,392 by local governments, and 5,310 by public institutions.
Public businesses and information systems as of the end of 2020
| Classification | Central Administrative Agency (including subordinate organizations) | Local Government (metropolitan and primary) | Public Institution (including local public companies) | Total |
|---|---|---|---|---|
| Target organization1) | 18divisions ∙ 5departments ∙ 18offices |
17개 cities ·provinces 226 cities, counties, and districts |
350 public institutions - 36 public enterprises - 96 quasi-governmental organizations - 218 other public institutions |
634 public institutions *Affiliated institutions are not included |
| Number of users 2) |
1.13 million civil servants - 1.1 million administrations - 30,000 outside the administration (Excluding soldiers, etc.) |
440,000 quasi-public servants - 150,000 public enterprises - 130,000 quasi-governmental organizations - 160,000 other public institutions |
1.57 million |
3.14 million - Local governments: 440,000 quasi-public servants - 1.57 million public institutions - Total: 3.14 million |
| Number of public information systems 3) | 1,667 (excluding education and national defense) | 8,392 | 5,310 | 15,369 |
1) (2021) All Public Information System in One (alio.go.kr)
2) (2020) Government Organizational Management Information System (org.go.kr)
3) ('21.7.27) MOIS policy resource “Plan for administrative/public organization information resource cloud migration and integration”
Government's roadmap for public cloud
Today, government policies are shifting from “cloud-first” to “private cloud-first” policies. Government institutions used to prefer the NIRS's self-operated cloud center and the self-built public cloud, and they were hesitant to use private clouds due to security issues.
[Wait!] What is the private cloud?
A private cloud is a cloud computing service offered by a private company or organization.
Institutions and information for private cloud use
| Classification | Central Department | Local Government | Public Institution |
|---|---|---|---|
|
Internal business system without internal business systems |
Allowed to use a private cloud | ||
| Internal business system | Not allowed to use a private cloud | Allowed to use a private cloud | |
※ Systems of private clouds that are not allowed
① An information system that processes information related to important national interests, such as secrets related to national security, national safety, national defense, unification, diplomacy, and commerce.
② An information system that processes information related to investigations and trials, such as criminal investigations, trials in progress, execution of sentences, and security measures.
③ An information system for processing the internal affairs of administrative institutions.
※ Source: MOIS policy resource "Guidelines for the Use of Private Clouds by Administrative and Public Institutions"
Now, the government is promoting a policy to prioritize the activation of private clouds by supplementing laws and systems and clearly dividing the service range at self-operated public institutions and centers using private clouds. The government’s basis for using private clouds is the “Guidelines for the Use of Private Cloud by Administrative and Public Institutions,” which was enacted in July 2016 and has been revised several times to define the scope of systems where private clouds are applicable as shown in the table below.
Five-year roadmap of public sector cloud migration
At the end of 2020, a total investigation of information systems of administrative and public institutions was carried out through the “ISP Project for Migration and Integration of Cloud Centers for Information Systems of Administrative and Public Institutions.” As a result, a plan has been established with the goal of 100% cloud migration for the next five years (2021–2025) with the following migration plan: The plan is to migrate 10,009 out of the 15,369 information systems built and operated for all administrative and public institutions to the cloud over the next five years. The rest of the 5,360 systems are systems that require onsite installation or are not applicable to the cloud due to the nature of the next-generation systems (i.e., local tax, local finance, etc.) and the move-in of the Daegu Center. The migration is divided into a public cloud and a private cloud, depending on the nature of the information system. The following chart shows the five-year cloud migration plan.
Cloud migration plan for administrative and public institutions’ information system
| Classification | Total | Ratio | '21 | '22 | '23 | '24 | '25 | ||
|---|---|---|---|---|---|---|---|---|---|
| Migration target | Information system (number) | 10,009 | - | 430 | 3,151 | 2,167 | 1,892 | 2,369 | |
| Required budget (million won) | 868,089 | - | 50,918 | 299,919 | 175,358 | 123,954 | 217,949 | ||
| Number of information systems by type | By center | Public cloud | 5,457 | 54.5% | 5 | 783 | 1,733 | 1,412 | 1,524 |
| Private cloud | 4,552 | 45.5% | 425 | 2,368 | 434 | 480 | 845 | ||
| By institution | Central administrative agency | 405 | 4.0% | 42 | 111 | 64 | 61 | 127 | |
| Local government | 5,577 | 55.7% | 144 | 1,511 | 1,282 | 1,252 | 1,388 | ||
| Public institution | 4,027 | 40.2% | 244 | 1,529 | 821 | 597 | 854 | ||
※ Source: (’21.7.27) MOIS policy resource “Plan for administrative/public organization information resource cloud migration and integration”
Status and plans of public cloud data centers
Public cloud – Public institutions’ self-built and operated cloud centers
So far, there are two public cloud data centers designated by the MOIS: The Daejeon Center and the Gwangju Center of the NIRS. The head of the administrative institution will review the installation and operation of the data center in order to integrate and manage critical information systems, such as national security, investigation, trial, and internal affairs. In addition to this process, the Minister of the Interior and Safety will designate additional public cloud centers. They will be designated among the data centers that are self-built and operated by the existing administrative and public institutions. The local governments will also designate the public cloud centers by considering the readiness of local information integration centers. Meanwhile, the public institutions postponed the designation in 2021 considering the public institution systems migrating to the newly opened Daegu Center of National Information Resources Service (2022). Instead, they will designate them in 2022 upon reviewing the insufficient space.
Public cloud data center deployment plan by institution type
| Information system type | Deployment plan |
|---|---|
| Central government system | Deploying to the NIRS in Daejeon and Gwangju centers |
| Local government system | Deploying by regional units, such as the local government’s self-built center, public-private cooperation center, and Korea Local Information Research & Development Institute (KLID) center |
| Public institution system | Deploy to the Daejeon center first and then to new centers if there is not enough space for public supplies |
※ Source: ('21.7.27) MOIS policy resource “Plan for administrative/public organization information resource cloud migration and integration”
The concept and requirements of private (public) cloud centers
Private (Public) Cloud – Public dedicated cloud centers provided by private cloud providers
For private cloud providers to provide public cloud services, they need to acquire CSAP certification and digital service certification. The providers must establish an independent service environment for public use and obtain the certificates for service levels, such as security and availability, required by the public. The CSAP certificate mainly assesses the security suitability for public cloud services. Furthermore, digital service certification evaluates whether the supply system of cloud services, including security measures, is in place. When the providers acquire the digital service certification, they can supply their cloud through a private or catalog contract with administrative and public institutions. The following are details of the CSAP authentication and digital service authentication
What is Cloud Security Assurance Program (CSAP)?
Conducted by Korea Internet & Security Agency, this evaluation and certification are mandatory for Cloud Service Providers (CSPs) aiming to offer cloud services in the public sector. The assessment evaluates service suitability through sector-specific evaluations of IaaS, PaaS, SaaS, and DaaS.
Digital service professional contract system
In the past, when providing cloud services to public institutions, the available contracts were limited to general competitive bidding contracts, such as individual contracts or labor cost contracts. Essentially, there was an absence of a system or framework for supplying product-as-a-service. After the legal revision on October 1, 2020, it became possible to contract product-as-a-service through the Digital Service Support System (https://www.digitalmarket.kr).
※ Product-as-a-service: pay-as-you-go product based on usage
What does digital service certification evaluate?
Digital service certification comprehensively evaluates the service provider's supply and operational capabilities, as well as the security of the three following types of services.
① Cloud computing service
② Services supporting cloud computing services
③ Convergence service: Cloud computing + intelligent information technology and service
Once the certification is acquired, government and public institutions can enter into private contracts or catalog contracts through a system with private cloud service providers for the certified services.
Cloud service CSAP security certification scope
| Classification | Security measures | Control items | Remarks | ||||
|---|---|---|---|---|---|---|---|
| Administrative | Physical | Technical | Additional security measures for public institutions | Field | Item | ||
| IaaS 4) | O | O | O | O | 14 | 117 | - |
| PaaS 5) | O | - | O | O | - | - | Included in SaaS standard tier type |
| SaaS 5) | O | - | O | O | 13 | 78 | - |
| SaaS 6) | O | - | O | O | 11 | 30 | - |
| DaaS 7) | O | O | O | O | 14 | 110 | Able to activate in IaaS certified area |
4) Infrastructure as a Service (IaaS), 5) Platform as a Service (PaaS), 6) Software as a Service (SaaS), 7) Desktop as a Service (DaaS)
※ Source: Cloud security certification system of Korea Internet & Security Agency
Before and after the revision: Cloud computing act, national contract law, business procurement act
| Before the revision | After the revision |
|---|---|
| Proceed with the service contract in accordance with general competition bidding procedures | Introduction of digital service contract system |
| Procurement request -> Pre-release of purchase standards -> Announcement of tender -> Bid -> Contract award -> Contract and delivery | Search digital services -> Choose and conclude appropriate service contract -> Discuss contract terms -> Contract and delivery |
※ Source: Digital service use support system (digitalmarket.kr)
Certified public cloud service providers and usage procedures
Private cloud providers certified for public cloud services: In alphabetical order
| Classification | Providers certified for public cloud services (as of Sep. 2021) |
|---|---|
| CSAP | Douzone, Gabia, Kakao Enterprise, KT, LG Hello Vision, Naver Cloud, NHN, Samsung SDS, Smile Serv |
| Digital service | Gabia, Naver Cloud, Samsung SDS, Smile Serv, NHN, KT |
※ Source: Digital service use support system (digitalmarket.kr)
Procedure for utilizing the digital service utilization support system
| Register evaluation application | |
|---|---|
| Digital service provider | Digital service use support system |
|
|
| Search quotation | |
|---|---|
| Digital service use support system | Digital service users |
|
|
| Link | |
|---|---|
| Digital service use support system | Digital service shopping mall from Public Procurement Service |
|
(catalog contract) |
※ Source: Digital service use support system (digitalmarket.kr)
Providers capable of providing public cloud services (IaaS)
The certifications for the provision of public cloud services are based on the certifications of the IaaS sector. Public cloud services, such as PaaS, SaaS, and DaaS must be serviced on the cloud of CSAP-certified IaaS providers. As of the second half of 2021, there are nine CSAP certification companies and six digital service certification companies in the cloud service (IaaS) sector, and Samsung SDS public cloud has acquired both CSAP certification (Aug 2019) and digital service certification (Mar 2021).
Closing remarks: The prospect of introducing public cloud services
Cloud adoption in the public sector is poised to accelerate due to factors such as the widespread use of cloud services, demand for cutting-edge 4th industrial revolution technologies, and the flexibility need in cloud-based systems due to COVID-19. A public cloud is similar to a country's backbone infrastructure, such as electricity, communication, and roads. In this sense, the public cloud not only provides a base environment for the public information system as the core digital infrastructure of the Korean government, but also plays a role as a facilitator for the development of domestic private cloud service industry.
In the future, we hope that the private cloud providers will grow together with public cloud services in line with the government's cloud policies and become a good example of public-private cooperation that can lay the foundation for the global competitiveness of domestic native cloud services.
- Professional, Lee Hyuk/ Samsung SDS
- Lee conducts cloud consulting related to the cloud migration of legacy systems and the introduction of new cloud services for Samsung affiliates, general corporate customers, and the public sector. He has expertise and experience in cloud consulting, including cloud service planning, building, and managed services.