All you need to know about public cloud services

Today, the central government's most important systems are integrated into the data center of the National Information Resources Service (NIRS) and are managed by cloud services, and the non-integrated systems are dispersed across the country and operated individually. However, the necessity of cloud transformation in public information systems is quickly emerging with the recent wave of private cloud adoption, the introduction of new technology services, such as AI, and the need to expand emergency systems and secure flexibility due to COVID-19. In this article, we will take a look at the promotion direction of the government's public cloud and what is required for private cloud providers to provide public cloud services.

Contact here for inquiries about the cloud white paper.

Overview of public cloud services

The status of system operations in public sectors

The operation of systems in the public sector has been individually established by central government, local governments, and public institutions in their own data centers or computer rooms based on their respective needs. The important systems of the central government are currently integrated into the NIRS (formerly Government Integrated Data Center) and are managed under cloud services. However, the rest of the systems are scattered across the country and are operated separately. The efforts to introduce the cloud into public information systems have been promoted by the NIRS of the Ministry of the Interior and Safety (MOIS), centering on the central government system. It started with the building of the G-Cloud system (2011) and the transition to the government cloud computing center (2013).

The challenges of cloud transformation in the public sector

Yet, with a total scale of 15,000 units, it was not easy to migrate systems that were scattered across the country to the cloud. The lack of an integration strategy and the interests of the relevant organizations slowed the progress. Also, due to the disparity between government’s one-time product procurement system and the cloud’s pay-as-you-go model, cloud adoption faced difficulties. This is very similar to the situation private companies faced during the early days of cloud transition.

Growing demand for cloud transformation

However, the necessity of cloud transformation in public information systems is quickly emerging with the recent wave of private cloud adoption, the introduction of new technology services, such as AI, and the need to expand emergency systems and secure flexibility due to COVID-19. Let's take a look at the government’s roadmap for public cloud transition and what preparations are required for private cloud providers to provide public cloud services.

What is a public cloud?

A public cloud can be defined as an infrastructure where government, local authorities, and public institutions operate public information systems.

What are the types of public information systems?

First, we will go over the types of public information systems and users. Korea's public information system can be broadly divided into two categories. First, there are closed internal systems, such as intranets, and business systems used by civil servants in internal administration and public networks. Second, there is a national service system, such as issuing certificates, paying taxes, and scheduling vaccinations, that we can encounter in our daily lives. Users of the public system are divided into public users and national users, and as of the end of 2020, 3.14 million (1.31 million civil servants, 440,000 quasi-public servants, and 1.57 million public institutions) national users refer to the entire nation. The scale of the system is 15,365 in total, 1,667 by the central government, 8,392 by local governments, and 5,310 by public institutions.

Public businesses and information systems as of the end of 2020

중앙행정기관 (소속기관 포함), 지방자치단체 (광역∙기초), 공공기관 (지방공기업 포함)의 대상기업, 사용자수, 공공정보시스템 수를 확인할 수 있습니다.
Classification Central Administrative Agency (including subordinate organizations) Local Government (metropolitan and primary) Public Institution (including local public companies) Total
Target organization1) 18divisions ∙ 5departments ∙ 18offices 17개 cities ·provinces
226 cities, counties, and districts
350 public institutions
- 36 public enterprises
- 96 quasi-governmental organizations
- 218 other public institutions
634 public institutions
*Affiliated institutions are not included
Number of users 2) 1.13 million civil servants
- 1.1 million administrations
- 30,000 outside the administration
(Excluding soldiers, etc.)
440,000 quasi-public servants
- 150,000 public enterprises
- 130,000 quasi-governmental organizations
- 160,000 other public institutions
1.57 million 3.14 million
- Local governments: 440,000 quasi-public servants
- 1.57 million public institutions
- Total: 3.14 million
Number of public information systems 3) 1,667 (excluding education and national defense) 8,392 5,310 15,369

1) (2021) All Public Information System in One (
2) (2020) Government Organizational Management Information System (
3) ('21.7.27) MOIS policy resource “Plan for administrative/public organization information resource cloud migration and integration”

Government's roadmap for public cloud

Today, government policies are shifting from “cloud-first” to “private cloud-first” policies. Government institutions used to prefer the NIRS's self-operated cloud center and the self-built public cloud, and they were hesitant to use private clouds due to security issues.

[Wait!] What is the private cloud?

A private cloud is a cloud computing service offered by a private company or organization.

Institutions and information for private cloud use

중앙부처, 지자체, 공공기관의 내부 업무시스템, 제외한 정보시스템에 대한 민간 클라우드 이용 가능 여부를 확인할 수 있습니다.
Classification Central Department Local Government Public Institution
Internal business system
without internal business systems
Allowed to use a private cloud
Internal business system Not allowed to use a private cloud Allowed to use a private cloud

※ Systems of private clouds that are not allowed
① An information system that processes information related to important national interests, such as secrets related to national security, national safety, national defense, unification, diplomacy, and commerce.
② An information system that processes information related to investigations and trials, such as criminal investigations, trials in progress, execution of sentences, and security measures.
③ An information system for processing the internal affairs of administrative institutions.
※ Source: MOIS policy resource "Guidelines for the Use of Private Clouds by Administrative and Public Institutions"

Now, the government is promoting a policy to prioritize the activation of private clouds by supplementing laws and systems and clearly dividing the service range at self-operated public institutions and centers using private clouds. The government’s basis for using private clouds is the “Guidelines for the Use of Private Cloud by Administrative and Public Institutions,” which was enacted in July 2016 and has been revised several times to define the scope of systems where private clouds are applicable as shown in the table below.

Five-year roadmap of public sector cloud migration

At the end of 2020, a total investigation of information systems of administrative and public institutions was carried out through the “ISP Project for Migration and Integration of Cloud Centers for Information Systems of Administrative and Public Institutions.” As a result, a plan has been established with the goal of 100% cloud migration for the next five years (2021–2025) with the following migration plan: The plan is to migrate 10,009 out of the 15,369 information systems built and operated for all administrative and public institutions to the cloud over the next five years. The rest of the 5,360 systems are systems that require onsite installation or are not applicable to the cloud due to the nature of the next-generation systems (i.e., local tax, local finance, etc.) and the move-in of the Daegu Center. The migration is divided into a public cloud and a private cloud, depending on the nature of the information system. The following chart shows the five-year cloud migration plan.

Cloud migration plan for administrative and public institutions’ information system

행정·공공 기관 정보 시스템의 클라우드 전환 계획의 계, 비율, 연도를 확인할 수 있습니다.
Classification Total Ratio '21 '22 '23 '24 '25
Migration target Information system (number) 10,009 - 430 3,151 2,167 1,892 2,369
Required budget (million won) 868,089 - 50,918 299,919 175,358 123,954 217,949
Number of information systems by type By center Public cloud 5,457 54.5% 5 783 1,733 1,412 1,524
Private cloud 4,552 45.5% 425 2,368 434 480 845
By institution Central administrative agency 405 4.0% 42 111 64 61 127
Local government 5,577 55.7% 144 1,511 1,282 1,252 1,388
Public institution 4,027 40.2% 244 1,529 821 597 854

※ Source: (’21.7.27) MOIS policy resource “Plan for administrative/public organization information resource cloud migration and integration”

Status and plans of public cloud data centers

Public cloud – Public institutions’ self-built and operated cloud centers

So far, there are two public cloud data centers designated by the MOIS: The Daejeon Center and the Gwangju Center of the NIRS. The head of the administrative institution will review the installation and operation of the data center in order to integrate and manage critical information systems, such as national security, investigation, trial, and internal affairs. In addition to this process, the Minister of the Interior and Safety will designate additional public cloud centers. They will be designated among the data centers that are self-built and operated by the existing administrative and public institutions. The local governments will also designate the public cloud centers by considering the readiness of local information integration centers. Meanwhile, the public institutions postponed the designation in 2021 considering the public institution systems migrating to the newly opened Daegu Center of National Information Resources Service (2022). Instead, they will designate them in 2022 upon reviewing the insufficient space.

Public cloud data center deployment plan by institution type

기관 유형별 공공 클라우드 데이터센터 배치 계획의 정보시스템유형, 배치방안를 확인할 수 있습니다.
Information system type Deployment plan
Central government system Deploying to the NIRS in Daejeon and Gwangju centers
Local government system Deploying by regional units, such as the local government’s self-built center, public-private cooperation center, and Korea Local Information Research & Development Institute (KLID) center
Public institution system Deploy to the Daejeon center first and then to new centers if there is not enough space for public supplies

※ Source: ('21.7.27) MOIS policy resource “Plan for administrative/public organization information resource cloud migration and integration”

The concept and requirements of private (public) cloud centers

Private (Public) Cloud – Public dedicated cloud centers provided by private cloud providers

For private cloud providers to provide public cloud services, they need to acquire CSAP certification and digital service certification. The providers must establish an independent service environment for public use and obtain the certificates for service levels, such as security and availability, required by the public. The CSAP certificate mainly assesses the security suitability for public cloud services. Furthermore, digital service certification evaluates whether the supply system of cloud services, including security measures, is in place. When the providers acquire the digital service certification, they can supply their cloud through a private or catalog contract with administrative and public institutions. The following are details of the CSAP authentication and digital service authentication

What is Cloud Security Assurance Program (CSAP)?

Conducted by Korea Internet & Security Agency, this evaluation and certification are mandatory for Cloud Service Providers (CSPs) aiming to offer cloud services in the public sector. The assessment evaluates service suitability through sector-specific evaluations of IaaS, PaaS, SaaS, and DaaS.

Digital service professional contract system

In the past, when providing cloud services to public institutions, the available contracts were limited to general competitive bidding contracts, such as individual contracts or labor cost contracts. Essentially, there was an absence of a system or framework for supplying product-as-a-service. After the legal revision on October 1, 2020, it became possible to contract product-as-a-service through the Digital Service Support System (
※ Product-as-a-service: pay-as-you-go product based on usage

What does digital service certification evaluate?

Digital service certification comprehensively evaluates the service provider's supply and operational capabilities, as well as the security of the three following types of services.

① Cloud computing service
② Services supporting cloud computing services
③ Convergence service: Cloud computing + intelligent information technology and service

Once the certification is acquired, government and public institutions can enter into private contracts or catalog contracts through a system with private cloud service providers for the certified services.

Cloud service CSAP security certification scope

중앙행정기관 (소속기관 포함), 지방자치단체 (광역∙기초), 공공기관 (지방공기업 포함)의 대상기업, 사용자수, 공공정보시스템 수를 확인할 수 있습니다.
Classification Security measures Control items Remarks
Administrative Physical Technical Additional security measures for public institutions Field Item
IaaS 4) O O O O 14 117 -
PaaS 5) O - O O - - Included in SaaS standard tier type
SaaS 5) O - O O 13 78 -
SaaS 6) O - O O 11 30 -
DaaS 7) O O O O 14 110 Able to activate in IaaS certified area

4) Infrastructure as a Service (IaaS), 5) Platform as a Service (PaaS), 6) Software as a Service (SaaS), 7) Desktop as a Service (DaaS)
※ Source: Cloud security certification system of Korea Internet & Security Agency

Before and after the revision: Cloud computing act, national contract law, business procurement act

클라우드 컴퓨팅법, 국가 계약법, 조달 사업법의 법령 개정 전에는 일반 경쟁 입법 절차에 따라 용역 계약을 진행했다면, 법령 개정 후 디지털 서비스 전문 계약제도 도입으로 변경되었다는 비교 설명입니다.

You can check the content before and after revisions to the law.
Before the revision After the revision
Proceed with the service contract in accordance with general competition bidding procedures Introduction of digital service contract system
Procurement request -> Pre-release of purchase standards -> Announcement of tender -> Bid -> Contract award -> Contract and delivery Search digital services -> Choose and conclude appropriate service contract -> Discuss contract terms -> Contract and delivery

※ Source: Digital service use support system (

Certified public cloud service providers and usage procedures

Private cloud providers certified for public cloud services: In alphabetical order

공공 클라우드 서비스 인증 완료된 민간 클라우드 사업자 ('21.9 기준) 정보
Classification Providers certified for public cloud services (as of Sep. 2021)
CSAP Douzone, Gabia, Kakao Enterprise, KT, LG Hello Vision, Naver Cloud, NHN, Samsung SDS, Smile Serv
Digital service Gabia, Naver Cloud, Samsung SDS, Smile Serv, NHN, KT

※ Source: Digital service use support system (

Procedure for utilizing the digital service utilization support system

The required information about digital service providers and the digital service utilization support system can be accessed during the process of registering an evaluation application.
Register evaluation application
Digital service provider Digital service use support system
  • Cloud computing service company
  • Cloud support service company
  • Convergence service company
  • Cloud computing service
  • Cloud support service
  • Convergence service
Necessary information on the digital service utilization support system and the digital service users is available when searching for quotes.
Search quotation
Digital service use support system Digital service users
  • Cloud computing service
  • Cloud support service
  • Convergence service
  • National institution
  • Local government
  • Public institutions
인계시 디지털 서비스 이용 지원 시스템과 조달청 디비 털 서비스 전용 쇼핑몰에 대해 필요한 정보를 확인할 수 있습니다.
Digital service use support system Digital service shopping mall from Public Procurement Service
  • Cloud computing service
  • Cloud support service
  • Convergence service
(catalog contract)

※ Source: Digital service use support system (

Providers capable of providing public cloud services (IaaS)

The certifications for the provision of public cloud services are based on the certifications of the IaaS sector. Public cloud services, such as PaaS, SaaS, and DaaS must be serviced on the cloud of CSAP-certified IaaS providers. As of the second half of 2021, there are nine CSAP certification companies and six digital service certification companies in the cloud service (IaaS) sector, and Samsung SDS public cloud has acquired both CSAP certification (Aug 2019) and digital service certification (Mar 2021).

Closing remarks: The prospect of introducing public cloud services

Cloud adoption in the public sector is poised to accelerate due to factors such as the widespread use of cloud services, demand for cutting-edge 4th industrial revolution technologies, and the flexibility need in cloud-based systems due to COVID-19. A public cloud is similar to a country's backbone infrastructure, such as electricity, communication, and roads. In this sense, the public cloud not only provides a base environment for the public information system as the core digital infrastructure of the Korean government, but also plays a role as a facilitator for the development of domestic private cloud service industry.

In the future, we hope that the private cloud providers will grow together with public cloud services in line with the government's cloud policies and become a good example of public-private cooperation that can lay the foundation for the global competitiveness of domestic native cloud services.

Professional, Lee Hyuk/ Samsung SDS
Lee conducts cloud consulting related to the cloud migration of legacy systems and the introduction of new cloud services for Samsung affiliates, general corporate customers, and the public sector. He has expertise and experience in cloud consulting, including cloud service planning, building, and managed services.
Contact here for inquiries about the cloud white paper.