The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Cloud Computing for Financial Sector limited to Processing System of Non-Critical Information: Policy Suggestion based on US and UK's approach

비중요 정보처리시스템으로 한정된 국내 금융권 클라우드 시장 활성화를 위한 제안: 영미 사례를 중심으로

  • Do, Hye-Ji (Graduate School of Information Security, Korea University) ;
  • Kim, In-Seok (Graduate School of Information Security, Korea University)
  • Received : 2017.08.29
  • Accepted : 2017.10.16
  • Published : 2017.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

In October 2016, the NFSA (National Financial Supervisory Authorities) revised the network separation clause of the Regulation on Supervision of Electronic Financial Activities in order to promote the Cloud Computing implementation in the financial sectors. The new regulation, however, limits the Cloud Computing usage to non-critical information and its processing system. Financial institutions that provide customer data analysis and personalized services based on personal data regard current revision as unchanged as before. The implementation of Cloud Computing has greatly contributed to cost reduction, business innovation and is an essential requirement in ever-changing information communication technology environment. To guarantee both security and reliability of the implementation of the Cloud Computing in financial sectors, a considerable amount of research and debate needs to be done. This paper examines current Cloud Computing policies in the Korean financial sector and the challenges associated with it. Finally, the paper identifies policy suggestions based on both European Union and United States' approach as they have successfully introduced Cloud Computing Services for their financial sectors.

2016년 10월 금융당국은 금융권 내 클라우드 도입 활성화를 위해 전자금융감독규정의 망분리 조항을 개정하였다. 하지만 비중요 정보처리시스템의 데이터만 처리할 수 있도록 규제함으로써 정밀한 고객데이터 분석과 개인화 서비스를 제공하는 금융권에서는 이번 개정에 큰 변화를 느끼지 못하고 있다. 클라우드 서비스의 도입은 비용절감 및 업무혁신에 기여하는 바가 크며, 변화하는 정보통신기술 환경에 필수적인 요건이다. 따라서 보안과 신뢰성의 원칙을 고수하며 클라우드 도입에 유연하게 대처하기 위해서는 클라우드 서비스를 도입한 금융기관의 안정적 구현을 위한 정책에 대한 논의가 필요하다. 본 연구는 금융권 내 클라우드 도입 관련 제도의 한계와 변경 필요성을 검토하고, 영미의 사례분석을 통해 정책적 대안을 제시한다.

Keywords

References

  1. Baek, S. I., Shin, J. Y., and Kim, J. W., "Exploring the Korean Government Policies for Cloud Computing Service," The Journal of Society for e-Business Studies, Vol. 18, No. 3, pp. 1-15, 2013. https://doi.org/10.7838/jsebs.2013.18.3.001
  2. DNB, Cloud computing: the rules, Available: http://www.dnb.nl/en/news/dnbnieuwsbrieven/nieuwsbrief-banken/nieuwsbrief-banken-februari-2015/dnb319119.jspm, 2015.
  3. Financial Conduct Authority (FCA), "FG 16/5-Guidance for firms outsourcing to the 'cloud' and other third-party IT services," Finalised guidance, 2016.
  4. Financial Security Institute, "Concept of cloud computing and industry trends," 2016.
  5. Financial Security Institute, "Current status analysis of financial industry cloud service," E-Finance and Financial Security, pp. 33-57, 2015.
  6. Financial Security Institute, "Guide for using the financial industry cloud service," 2016.
  7. FINMA, Available: https://www.finma.ch/en/supervision/our-approach-to-supervision.
  8. Kim, H. G. and Lee, Y. S., “Current status and future prospects of cloud computing services,” The Journal of The Korean Institute of Communication Sciences, Vol. 27, No. 12, pp. 31-34, 2010.
  9. Kim, J. H., Hwang, Y. S., Kim, S. H., and Cho, S. H., “How to handle malicious code of cloud computing infrastructure and case,” Korea Institute of Information Security And Cryptology, Vol. 20, No. 2, pp. 51-55, 2010.
  10. Korea Association of Cloud Industry, "Survey on actual condition of cloud industry in 2016," National IT Industry Promotion Agency(nipa), 2017.
  11. Korea Internet and Security Agency (KISA), "KISA, Evaluate and certify the protection level of Cloud Service information," KISA press release, 2016.
  12. Lee, J. K., Min, D. H., and Kwon, H. Y., "Issues and Suggestions for "Act on the Development of Cloud Computing" and Protection of its Users," Journal of Information Technology Applications & Management, Vol. 24, No. 1, pp. 81-91, 2017.
  13. Lim, C. S., “Security technology of cloud computing,” Korea Institute of Information Security And Cryptology, Vol. 19, No. 3, pp. 14-17, 2009.
  14. Pak, W.-Q., "Solutions to Problems regarding Transfer of Korean Personal Information to the U.S. in the Cloud Computing Environment," Kyungpook National University Law, Vol. 38, pp. 455-478, 2012.
  15. Rossen Naydenov, Dimitra Liveri, Lionel Dupre, and Eftychia Chalvatzi, "Secure Use of Cloud Computing in the Finance Sector," enisa, p. 11, 2015.
  16. Security Technology Research Team, "Case examples of domestic and overseas cloud service use cases," Research report of Financial Security Institute, 2016.
  17. Seo, K.-K., "Introduction and utilization of cloud computing in overseas public sector," The Federation of Korean Information Industries(FKII) ISSUE REPORT, 2015.
  18. Wikipedia, https://en.wikipedia.org/wiki/Economy_of_the_United_Kingdom#Financial_and_business_services.
  19. Yang, H. D. and Hwang, S. W., "Outline of security threat of cloud computing and proposal for direction for realizing creative economy," Internet & Security Focus, pp. 66-83, 2013.
  20. Yu, W.-Y. and Lim, J.-I., "A Study on the Privacy Security Management under the Cloud Computing Service Provider," Journal of The Korea Institute of Information Security and Crytology, Vol. 22, No. 2, pp. 337-346, 2012.