Tag Archives: korea

AWS completes the 2023 South Korea CSP Safety Assessment Program

Post Syndicated from Andy Hsia original https://aws.amazon.com/blogs/security/aws-completes-the-2023-south-korea-csp-safety-assessment-program/

We’re excited to announce that Amazon Web Services (AWS) has completed the 2023 South Korea Cloud Service Providers (CSP) Safety Assessment Program, also known as the Regulation on Supervision on Electronic Financial Transactions (RSEFT) Audit Program. The financial sector in South Korea is required to abide by a variety of cybersecurity standards and regulations. Key regulatory requirements include RSEFT and the Guidelines on the Use of Cloud Computing Services in the Financial Industry (FSIGUC). Prior to 2019, the RSEFT guidance didn’t permit the use of cloud computing. The guidance was amended on January 1, 2019, to allow financial institutions to use the public cloud to store and process data, subject to compliance with security measures applicable to financial companies.

AWS is committed to helping our customers adhere to applicable regulations and guidelines, and we help ensure that our financial customers have a hassle-free experience using the cloud. Since 2019, our RSEFT compliance program has aimed to provide a scalable approach to support South Korean financial services customers’ adherence to RSEFT and FSIGUC. Financial services customers can annually either perform an individual audit by using publicly available AWS resources and visiting on-site, or request the South Korea Financial Security Institute (FSI) to conduct the primary audit on their behalf and use the FSI-produced audit reports. In 2023, we worked again with FSI and completed the annual RSEFT primary audit with the participation of 59 customers.

The audit scope of the 2023 assessment covered data center facilities in four Availability Zones (AZ) of the AWS Asia Pacific (Seoul) Region and the services that are available in that Region. The audit program assessed different security domains including security policies, personnel security, risk management, business continuity, incident management, access control, encryption, and physical security.

Completion of this audit program helps our customers use the results and audit report for their annual submission to the South Korea Financial Supervisory Service (FSS) for their adoption and continued use of our cloud services and infrastructure. To learn more about the RSEFT program, see the AWS South Korea Compliance Page. If you have questions, contact your AWS account manager.

If you have feedback about this post, submit comments in th Comments section below.

Andy Hsia

Andy Hsia

Andy is the Customer Audit Lead for APJ, based in Singapore. He is responsible for all customer audits in the Asia Pacific region. Andy has been with Security Assurance since 2020 and has delivered key audit programs in Hong Kong, India, Indonesia, South Korea, and Taiwan.

Alex Kim: Why I joined Cloudflare

Post Syndicated from Alex Kim original https://blog.cloudflare.com/alex-kim-why-i-joined-cloudflare/

Alex Kim: Why I joined Cloudflare

Alex Kim: Why I joined Cloudflare

I am excited to announce that as of November 1, I have joined Cloudflare as Country Manager of South Korea to help build a better Internet and to expand Cloudflare’s growing customer, partner, and local teams in Korea. We just opened a new entity (after making Seoul our 23rd data center, more than 10 years ago)  and I am the first official employee of Cloudflare Korea LLC in Seoul, which is truly a great moment and privilege for me.

A little about me

I was born in Korea and was educated in Korea until middle school, then I decided to move to Toronto, Canada to study film making to become a movie director. I finished high school and obtained a university degree in Toronto, during which I had the opportunity to be exposed to various cultures, as well as learn and become well-versed in the English language. I think it was a great time to learn how diverse people in the world are. My dream of becoming a movie director has changed over time for many reasons, but I think it is no coincidence that I have a job where I have to produce results while collaborating and orchestrating with many people, much like a movie director.

In my career of about 18 years, I have had various experiences, including pre-sales, support, consultant, and field sales, starting with Java programmer. The lesson from this variety of experiences is that if you work with a sense of ownership all the time, you can be the best in the field, and you can get the best compliments from your customers.

I’ve worked in a small company where the whole company has been agile, and I’ve worked in large companies like SAP, Dell, Autodesk, and Akamai, working with many teams. New technology and the best technology are important, but I also learned that the most important thing is the environment where people can work together and have fun, because people make the results after all.

Besides work, I love music. I didn’t become a movie director, which was my childhood dream, but I relieve my stress by playing the piano and composing songs. In the past, I made a rock song for one of the companies I worked for, and when an opportunity presented itself,  we had a program where all the employees jumped in and sang my composition together. Unfortunately, I have not had enough time to make a lot of songs now, but if I have a chance, I would love to make a Cloudflare song and hope I can sing it together with my new colleagues.

Why Cloudflare

Korea has one of the highest smartphone and Internet penetration rates in the world. Korea is also one of the countries with the fastest Internet speeds in the world. On the other hand, the pace of cloud transformation, that is making such a big difference to so many companies, is still lagging behind. The reason is that there are many government regulations on public enterprises and finance industries. Fortunately, as the government has recently moved to ease many regulations, the pace of cloud transformation is expected to accelerate in the future.

As cloud transitions accelerate, enterprises need to pay attention to security, and few companies will be able to deploy security as easily and securely in a cloud environment as Cloudflare.

Korea is a country where the economy grows only when it exports a lot. Many startups and chaebol (conglomerate) companies often grow future-oriented industries such as metaverse in Korea first and then expand their business abroad. For customers leading this global industry, Cloudflare will act like a safe highway in an Internet environment. I’ve come to Cloudflare to be part of this meaningful work.

In addition, Cloudflare Korea has just been launched. Even though we’ve had a presence here through our data center for the last 10 years, there are still many companies that we still need to build relationships with. I want to spread the value of Cloudflare to the Korean market quickly and become a Supercloud evangelist. I would also like to help Korean customers — organizations and businesses across multiple industries — achieve great success and ensure they have the right technology and Internet infrastructure. In the next few years, I will work hard to establish Cloudflare as the most trusted cloud security company in Korea, as well as contribute to expanding the business and creating jobs in the country.

The vision for the future…

As the first Country Manager of Cloudflare Korea, I am very excited  to work for a company with unlimited growth potential. As the global economy slows down, customers will gravitate towards products and solutions that are more valuable and price competitive. I’m looking forward to meeting and working with more customers that will benefit from all that Cloudflare has to offer.

One of the biggest reasons I chose Cloudflare is that Cloudflare has big dreams and visions. In particular, I think the emergence of R2 will provide an extremely cost-effective solution to enterprises’ egress cost concerns, especially in economically challenging times.

In addition, Cloudflare is investing heavily to become the number one Zero Trust player. The VPN market is huge, and it has a lot of challenges (including user experience, speed, and security), and Zero Trust is still in its infancy but already showing its true potential. Cloudflare, which understands and invests in these huge markets, knows where to go in the marketplace.

Finally, the Supercloud is also an area that only Cloudflare can realize. Cloud security and Zero Trust are indispensable areas of the future, and I am very happy to join this futuristic company.

AWS attained MTCS Level 3 certification under the new SS584:2020 standard

Post Syndicated from Clara Lim original https://aws.amazon.com/blogs/security/aws-attained-mtcs-level-3-certification-under-the-new-ss5842020-standard/

We’re excited to announce the completion of the Multi-Tier Cloud Security (MTCS) Level 3 certification under the new SS584:2020 standard in November 2021 for three Amazon Web Services (AWS) Regions: Singapore, Korea, and United States, excluding AWS GovCloud (US) Regions. The new standard, released in October 2020, includes more stringent controls for greater assurance as compared to the prior version SS584:2015, and a new CSP Self-Disclosure Form to provide to cloud service customers (CSC) for transparency. With the MTCS Level 3 certification, customers can be assured AWS security processes meet the stringent security controls set forth by the new MTCS SS 584:2020 standard for hosting their sensitive workloads.

AWS was the first cloud service provider (CSP) to attain the MTCS Level 3 certification for Singapore, in 2014, and is now one of the first few CSPs certified under the new SS584:2020 Level 3 standard. The services in scope have increased from 130 to 145, about a 10% increase since the last audit (September 2020).

The following services are newly added as in scope:

  1. Amazon Augmented AI (Amazon A2I)
  2. Amazon CloudWatch SDK Metrics for Enterprise Support
  3. Amazon Detective
  4. Amazon Finspace
  5. Amazon Kendra
  6. Amazon Keyspaces (for Apache Cassandra)
  7. Amazon Timestream
  8. AWS App Mesh
  9. AWS Audit Manager
  10. AWS Cloud Map
  11. AWS Device Farm
  12. AWS Glue DataBrew
  13. AWS Ground Station
  14. AWS Personal Health Dashboard

MTCS was the world’s first cloud security standard to specify a management system for cloud security that covers multiple tiers, and it can be applied by CSPs to meet differing cloud user needs for data sensitivity and business criticality. An intent of MTCS is for certified CSPs to be able to better specify the levels of security they can offer their users. AWS achieved this through third-party certification and fulfillment of the self-disclosure requirement for CSPs that covers service-oriented information normally captured in service level agreements. The MTCS framework establishes that the different levels of security help local businesses to pick the right CSP, and use of MTCS is mandated by the Singapore government as a requirement for public sector agencies and regulated organizations.

MTCS has three levels of security, Level 1 being the base and Level 3 the most stringent:

  • Level 1 was designed for non–business critical data and systems with basic security controls, to counter certain risks and threats targeting low-impact information systems (for example, a website that hosts public information).
  • Level 2 addresses the needs of organizations that run their business-critical data and systems in public or third-party cloud systems (for example, confidential business data and email).
  • Level 3 was designed for regulated organizations with specific and more stringent security requirements. Industry-specific regulations can be applied in addition to the baseline controls, to help supplement and address security risks and threats in high-impact information systems (for example, highly confidential business data, financial records, and medical records).

Benefits of MTCS Level 3 certification

AWS’s certification enables Singapore customers in regulated industries with the strictest security requirements to securely host applications and systems with highly sensitive information, ranging from confidential business data to financial and medical records, in a level-3-compliant MTCS environment. With the scope extended beyond Singapore to AWS Regions in Korea and the United States, it provides an alternative for Singapore government agencies to leverage AWS services which haven’t yet launched locally, and also provides resiliency and recovery use cases.

Financial Services Industry (FSI) customers in Korea are able to accelerate cloud adoption with MTCS controls that cover relevant regulations (the Financial Security Institute’s Guideline on Use of Cloud Computing Services in the Financial Industry, and the Regulation on Supervision on Electronic Financial Transactions (RSEFT)).

With increasing cloud adoption across different industries, MTCS certification has the potential to provide assurance to customers globally. Please reach out to your AWS representative if you have any services or Regions you would like to see in scope for the next MTCS audit.

You can now download the latest MTCS certificates and the MTCS Self-Disclosure Form in AWS Artifact.

If you have feedback about this post, submit comments in the Comments section below.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Clara Lim

Clara is the APJ-Lead Strategist supporting the compliance programs for the Asia Pacific Region, leading multiple security certification programs. Clara is passionate about leveraging her decade-long experience to deliver compliance programs that provide assurance and build trust with customers.

Satyen Desai: Why I joined Cloudflare and why I am helping Cloudflare grow in Southeast Asia and Korea

Post Syndicated from Satyen Desai original https://blog.cloudflare.com/satyen-desai-why-i-joined-cloudflare-and-why-i-am-helping-cloudflare-grow-in-southeast-asia-and-korea/

Satyen Desai: Why I joined Cloudflare and why I am helping Cloudflare grow in Southeast Asia and Korea

Satyen Desai: Why I joined Cloudflare and why I am helping Cloudflare grow in Southeast Asia and Korea

I am excited to announce that I have joined Cloudflare as the Head of Southeast Asia and Korea (SEAK) region to help build a better Internet and to expand Cloudflare’s growing customer, partner and local teams across all the countries in SEAK. Cloudflare is at an emergence phase in this region, with immense growth potential, and this is just the beginning. Cloudflare has had a lot of success globally and our charter is to build on that success and momentum to grow our presence locally to address the demands in Singapore, Malaysia, Thailand, Indonesia, Philippines, Indochina and Korea. Customer engagements in each of the countries in SEAK presents a unique, rich and fulfilling engagement each with their own intricacies.

A little about me

I was born in India (Surat, Gujarat), and at the age of four our family moved to Bahrain where we lived for eight years. We then moved to New Zealand, which is where I completed my senior years of high school and also my Bachelor’s Degree in Information Engineering at Massey University. After graduation, we moved to Melbourne, Australia which is our family home and where my career started.

I love meeting and working with diverse and interesting people who bring different views, thoughts and perspectives. The experiences growing up and working in so many countries has made me a more dynamic leader, while working with so many cultures and diverse teams. Diversity is what drives innovation and growth, more so true than ever in this exciting region.

I love my sports (cricket, squash, golf), traveling and spending time with family & friends.

My journey to Cloudflare

I joined IBM Australia as a graduate in 1997, gaining valuable experiences across many roles from delivery to sales, in a career spanning 15 years. Having been in the IT industry for more than 27 years, career experiences at large global organisations like IBM, SAP, Cisco, NTT and Oracle, all of these amazing organisations and colleagues (many of whom are friends), have provided me with the best set of tools and experiences which I can bring to Cloudflare to help drive the growth agenda.

Below are the main reasons I joined Cloudflare to embark on this amazing journey:

  1. Cloudflare’s Growth potential: Cloudflare has an immense growth potential in APJC and subsequently in Southeast Asia & Korea.  In our recently announced Q3 earnings, we reported a 51% year-over-year increase in revenue, with a record addition of 170 large customers.
  2. Cloudflare’s ever-growing Portfolio: I was lucky enough to join during Birthday Week, Cloudflare’s 11th birthday. Many new products and solutions were announced during the week to further enhance our growing portfolio of solutions. I am amazed at the pace of innovation, where Cloudflare is continuously releasing new products and features on the Cloud that are then instantly available at all our data centers globally for our clients to consume and adopt.
  3. Cloudflare People: During the interview process, I met with 11 Cloudflare colleagues, and all of these felt more like a discussion with a two-way dialogue and a view for Cloudflare to get to know me better, and for me to better understand Cloudflare. This emphasised in my mind the like-minded people I will be working with, where we all work collaboratively, leveraging the experiences we all bring from our past to achieve greater outcomes.
  4. Cloudflare Culture: having now met with so many of my colleagues at Cloudflare, the one thing that stands out for me is the humility with which everyone operates from Global and Regional leaders to our local teams. The all-inclusive culture at Cloudflare along with the three tenets of Curious, Transparent and Principled are very much aligned with my personal principles: Honesty, Integrity and Transparency.

It is an exciting time to be joining one the fastest growing Cloud companies in the world and I want to be part of the Cloudflare journey and contribute to the growth agenda.

We’re just getting started…

I am convinced that Cloudflare is and will be an even bigger global IT giant. Cloudflare’s mission is to help build a better Internet, by working collaboratively with our customers to make them more secure, providing a high level of performance to support their business critical applications, while reducing cost and the complexity of managing their network infrastructure.

The Southeast Asia and Korea region is such a diverse, dynamic and exciting region to be in, where the potential for growth is limitless. As many as 40 million people in six countries across the region — Singapore, Malaysia, Indonesia, the Philippines, Vietnam and Thailand — came online for the first time in 2020. That pushed the total number of internet users in Southeast Asia to 400 million with some of the biggest ecommerce markets in the world.

Similarly, Korea has the highest internet penetration rate with 96% of its population online. On top of that, the government is investing heavily in its Digital New Deal program, which will focus on development of technologies based on data, networks and AI, as well as a digitization plan that will create job opportunities in a number of industries across the country.

Cloudflare is in a unique position to transform the way business is conducted in this region with its global cloud platform that delivers a broad range of network and security services to businesses of all sizes across all geographies. Coverage across Large Enterprises, Public Sector, Mid-Market, Start-ups to the individual developer: companies of all sizes across all industries are being powered by Cloudflare to provide Security, Performance, and Reliability services.

If you are interested in joining Cloudflare and helping to build a more secure, fast, and reliable Internet, do explore our open roles. We are hiring talented people locally, building and strengthening our local teams across: Strategic / Account Executives, Channel Managers, Business Development Representatives, Strategic / Solution Engineers, Customer Success Managers and more.

It is a great honour and a privilege for me to be part of the Cloudflare family to help build Cloudflare’s future in Southeast Asia and Korea. The potential opportunity is enormous, and we are just getting started.

Feel free to reach out to me at [email protected].

AWS extends its MTCS Level 3 certification scope to cover United States Regions

Post Syndicated from Clara Lim original https://aws.amazon.com/blogs/security/aws-extends-its-mtcs-level-3-certification-scope-to-cover-united-states-regions/

We’re excited to announce the completion of the Multi-Tier Cloud Security (MTCS) Level 3 triennial certification in September 2020. The scope was expanded to cover the United States Amazon Web Services (AWS) Regions, excluding AWS GovCloud (US) Regions, in addition to Singapore and Seoul. AWS was the first cloud service provider (CSP) to attain the MTCS Level 3 certification in Singapore since 2014, and the services in scope have increased to 130—an approximately 27% increase since the last recertification audit in September 2019, and three times the number of services in scope since the last triennial audit in 2017. This provides customers with more services to choose from in the regions.

MTCS was the world’s first cloud security standard to specify a management system for cloud security that covers multiple tiers, and it can be applied by CSPs to meet differing cloud user needs for data sensitivity and business criticality. The certified CSPs will be able to better specify the levels of security that they can offer to their users. CSPs can achieve this through third-party certification and a self-disclosure requirement for CSPs that covers service-oriented information normally captured in service level agreements. The different levels of security help local businesses to pick the right CSP, and use of MTCS is mandated by the Singapore government as a requirement for public sector agencies and regulated organizations.

MTCS has three levels of security, Level 1 being the base and Level 3 the most stringent:

  • Level 1 was designed for non–business critical data and systems with basic security controls, to counter certain risks and threats targeting low-impact information systems (for example, a website that hosts public information).
  • Level 2 addresses the needs of organizations that run their business-critical data and systems in public or third-party cloud systems (for example, confidential business data and email).
  • Level 3 was designed for regulated organizations with specific and more stringent security requirements. Industry-specific regulations can be applied in addition to the baseline controls, in order to supplement and address security risks and threats in high-impact information systems (for example, highly confidential business data, financial records, and medical records).

Benefits of MTCS certification

Singapore customers in regulated industries with the strictest security requirements can securely host applications and systems with highly sensitive information, ranging from confidential business data to financial and medical records with level 3 compliance.

Financial Services Industry (FSI) customers in Korea are able to accelerate cloud adoption without the need to validate 109 out of 141 controls as required in the relevant regulations (the Financial Security Institute’s Guideline on Use of Cloud Computing Services in the Financial Industry, and the Regulation on Supervision on Electronic Financial Transactions (RSEFT)).

With increasing cloud adoption across different industries, MTCS certification has the potential to provide assurance to customers globally now that the scope is extended beyond Singapore and Korea to the United States AWS Regions. This extension also provides an alternative for Singapore government agencies to leverage the AWS services that haven’t yet launched locally, and provides resiliency and recovery use cases as well.

You can now download the latest MTCS certificates and the MTCS Self-Disclosure Form in AWS Artifact.

If you have feedback about this post, submit comments in the Comments section below.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Clara Lim

Clara is the Audit Program Manager for the Asia Pacific Region, leading multiple security certification programs. Clara is passionate about leveraging her decade-long experience to deliver compliance programs that provide assurance and build trust with customers.