http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
Systematic Literature Review on Cloud Adoption
Idris Lawal Bagiwa,Imran Ghani,Muhammad Younas,Mannir Bello 한국인터넷방송통신학회 2016 International Journal of Internet, Broadcasting an Vol.8 No.2
While many organizations believe that cloud computing has the potential to reduce operational cost by abstracting capital assets like data storage center and processing systems into a readily on demand available and affordable operating expenses, still many of these organizations are not aware of the factors determining the performance of cloud computing technology. This paper provides a systematic literature review focusing on the factors determining the performance of cloud computing. In trying to come up with this review, the following sources were searched for relevant articles: ScienceDirect, Scientific.Net, ACMDigital Library, IEEE Xplore, Springer, World Scientific Journal, Wiley Online Library, Academic Search Premier (via EBSCOHost) and EdITLib (Education & Information Technology Digital Library). In first search strategy, approximately 100 keywords related to the research domain like; "Cloud Computing" and "Cloud Services" were used. In second search strategy, 65 keywords more related to the research domain were selected. In the third search strategy, the primary materials were identified and classified according to the paper types (Journal or Conference), year of publication and so on. Based on this study, twenty (20) factors were found that determine the performance of cloud computing. The IT organization needs to consider these twenty (20) factors in order to adopt cloud computing.
Usage and Technology Acceptance of Cloud Computing in Saudi Arabian Universities
Talal H. Noor 보안공학연구지원센터 2016 International Journal of Software Engineering and Vol.10 No.9
Cloud computing promises many advantages like reduced expenses, on-demand access to computing resources and ease of use for both cloud providers and consumers. These benefits significantly contributed to the usage and technology acceptance of Cloud computing worldwide. In this study, we propose a two-dimensional research model namely motivators and inhibitors to examine the usage and the adoption of Cloud computing technology in Saudi Arabia. An extensive statistical analysis was conducted on data collected from more than 300 participants from 5 different universities in Saudi Arabia. Based on the results, we found that the two highest motivators for using Cloud computing from the perspective of Saudi Cloud consumers are ubiquitous network access and on demand (self-service) while the highest 5 inhibitors are availability, reliability, security, compliance, and privacy respectively. This can help decision makers in large Saudi Arabian organization in making a better decision regarding the adoption of cloud computing.
Mobile On-demand Computing: The Future Generation of Cloud
Md. Abdullah-Al-Shafi,Ali Newaz Bahar,Sajeeb Saha 보안공학연구지원센터 2016 International Journal of Future Generation Communi Vol.9 No.11
Cloud computing furnishes a unique term of computing and becomes a buzzword to its overwhelming trade prospects. Cloud computing achieved an impetus and is remodeling the internet based computing framework as well as raise the proficiency of mobile systems. Mobile cloud computing or on-demand computing is attaining fame among mobile users and mobile devices can use clouds for various exhaustive applications like storage or information processing. Mobile cloud computing overcomes performance-related difficulties such as battery and storage capacity as well as communication and environment connected affairs like security, availability, and privacy. Still, mobile on-demand computing beneath anticipation because of privacy and security perils. This paper presents an analysis of mobile cloud computing along with its architectural basis and challenges as well as the security considerations. The objective of this paper is to subsidize a superior perceptive on mobile cloud computing and identify further imminent research directions.
The Establishment of Security Strategies for Introducing Cloud Computing
( Young Bae Yoon ),( Junseok Oh ),( Bong Gyou Lee ) 한국인터넷정보학회 2013 KSII Transactions on Internet and Information Syst Vol.7 No.4
Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.
김현철 단국대학교 법학연구소 2018 법학논총 Vol.42 No.4
Cloud computing is the underlying technology and service of the so-called Fourth Industrial Revolution. It is predicted that all information technology environments will be transformed into cloud computing methods in the future. Until now, cloud computing, the core infrastructure for storing data, has been underutilized in the public and private sectors due to various regulations. Korean industries are lagging behind in global competition. The cloud computing industry is a field where technological advances are hampered by regulations, while companies that secure and utilize high quality data lead market innovation. Despite concerns about the increasing number of special laws on specific technologies and services, Korea has sought to foster the cloud computing industry by enacting the Cloud Computing Act, but has failed to achieve its goals easily. This paper looked at the current state of cloud computing regulation and the ongoing need for regulatory reform and its problems by reviewing regulatory reform processes. First, new industries and new technology sectors must follow the principle of regulatory legalism. Even if a wide range of delegated legislation is inevitable in the new industry and new technology fields, the regulation can not be justified if it is outside the principle of legal reservations. In addition, even if a wide range of delegated legislation is inevitable in the new industrial and new technology fields, it loses the legitimacy of the regulation beyond the principle of reserving the law against the principle of clarity. Second, unlike the original intention, the negative regulatory system has a risk of operating a positive regulatory system if the cause of the exception is expanded or comprehensively defined. I have looked at some of the risks associated with cloud computing. Third, it is argued that it is difficult to treat personal information in the cloud computing service by mitigating privacy protection regulations in terms of revitalization of cloud computing services, or to delete the clue of cloud computing law Article 4 related to personal information. However, under the current system of personal information law, cloud computing service providers bear responsibility as a personal information trustee. Even if we remove the clue of Article 4 of the Cloud Computing Act, the problem of personal information protection is still present in the case of personal information in cloud computing. 클라우드컴퓨팅은 소위 4차산업혁명의 기반기술이자 서비스이다. 향후 모든 정보기술 환경은 클라우드컴퓨팅 방식으로 전환될 것으로 전망된다. 현재까지 데이터를 저장하는 핵심 인프라인 클라우드컴퓨팅은 각종 규제로 인해 공공과 민간부문에서 활용도가 저조하고, 이에 따라 국내 산업이 글로벌 경쟁에서도 뒤처지고 있다. 양질의 데이터를 많이 확보하고 잘 활용하는 기업이 시장 혁신을 주도하게 됨에도 데이터 활용의 수단이 되는 클라우드컴퓨팅 산업은 기술의 진보가 규제로 인하여 막혀있는 분야이다. 특정 기술과 서비스에 대한 특별법 난립이라는 우려에도 불구하고 한국은 클라우드컴퓨팅법을 제정하여 클라우드컴퓨팅 산업을 육성하고자 하였으나 쉽게 그 목적은 달성하지 못하고 있다. 이 글은 클라우드컴퓨팅 규제현황을 살펴보고 규제개혁 과정을 검토함으로써 여전히 지속적으로 요청되는 규제개혁 필요성과 그 문제점을 살펴보았다. 첫째, 신산업 및 신기술 분야도 규제법정주의의 원칙을 준수하여야 한다. 신산업 및 신기술 분야에서 광범위한 위임입법이 불가피하다고 하더라도 법률유보의 원칙을 벗어난 경우에 해당 규제는 정당화될 수 없다. 또한 신산업 및 신기술 분야에서 광범위한 위임입법이 불가피하다고 하더라도 명확성의 원칙에 반하면 법률유보의 원칙을 벗어나 규제의 정당성을 상실한다. 금융위원회의 전자금융감독규정 가운데 비중요 정보처리시스템 규정(제14조의2), 행정안전부의 ‘공공기관 민간 클라우드 이용 가이드라인’, 클라우드컴퓨팅법 제21조 단서 등이 문제된다. 둘째, 네거티브 규제방식이 원래의 의도와 달리 원칙보다 예외의 사유가 확대해석되거나 포괄적으로 규정될 경우에는 실질적으로 포지티브 규제방식을 운영될 위험성이 있다. 클라우드컴퓨팅과 관련하여 그 위험성의 사례를 살펴보았다. 셋째, 클라우드컴퓨팅서비스의 이용 활성화 측면에서 개인정보 보호 규제를 완화하여 클라우드컴퓨팅서비스는 개인정보 처리를 한다고 보기 어렵다거나 개인정보와 관련된 클라우드컴퓨팅법 제4조 단서를 삭제하자는 주장이 있다. 그러나 현행 개인정보 법제의 체계 하에서는 해석상 클라우드컴퓨팅서비스 제공자는 개인정보수탁자로서의 책임을 부담한다. 클라우드컴퓨팅법 제4조 단서를 삭제하더라도 클라우드컴퓨팅에서 개인정보가 존재하는 경우 개인정보 보호의 문제는 그대로 존재한다.
김현철 ( Kim,Hyun Chul ) 단국대학교 법학연구소 2018 법학논총 Vol.42 No.4
Cloud computing is the underlying technology and service of the so-called Fourth Industrial Revolution. It is predicted that all information technology environments will be transformed into cloud computing methods in the future. Until now, cloud computing, the core infrastructure for storing data, has been underutilized in the public and private sectors due to various regulations. Korean industries are lagging behind in global competition. The cloud computing industry is a field where technological advances are hampered by regulations, while companies that secure and utilize high quality data lead market innovation. Despite concerns about the increasing number of special laws on specific technologies and services, Korea has sought to foster the cloud computing industry by enacting the Cloud Computing Act, but has failed to achieve its goals easily. This paper looked at the current state of cloud computing regulation and the ongoing need for regulatory reform and its problems by reviewing regulatory reform processes. First, new industries and new technology sectors must follow the principle of regulatory legalism. Even if a wide range of delegated legislation is inevitable in the new industry and new technology fields, the regulation can not be justified if it is outside the principle of legal reservations. In addition, even if a wide range of delegated legislation is inevitable in the new industrial and new technology fields, it loses the legitimacy of the regulation beyond the principle of reserving the law against the principle of clarity. Second, unlike the original intention, the negative regulatory system has a risk of operating a positive regulatory system if the cause of the exception is expanded or comprehensively defined. I have looked at some of the risks associated with cloud computing. Third, it is argued that it is difficult to treat personal information in the cloud computing service by mitigating privacy protection regulations in terms of revitalization of cloud computing services, or to delete the clue of cloud computing law Article 4 related to personal information. However, under the current system of personal information law, cloud computing service providers bear responsibility as a personal information trustee. Even if we remove the clue of Article 4 of the Cloud Computing Act, the problem of personal information protection is still present in the case of personal information in cloud computing.
박종찬 ( Jong Chan Park ),정민호 ( Min Ho Jeong ) 단국대학교 법학연구소 2012 법학논총 Vol.36 No.2
Cloud computing service is a kind of service in which various resources of IT are rented as much as they are needed for use, and paid as much as they are used. Cloud computing service has become a hot business trend in recent years. But cloud computing is not an invented technology which is newly, it is a discovered technology from established IT technologies. No one can describe exactly how the future life will be exchanged by cloud computing service. Anyway Cloud computing has the pontential to transform a large part of our life. Korea Communications Commission prepared legislative notice and a public hearing was conducted by a single law with respect to the cloud computing service. This article is to discuss the bill surrounding cloud computing service recently to be enacted. Cloud computing on the technical aspects of the approach and discuss has been significant progress, but discussion about the legal aspects of the service element is short. Our goal in this article intends to give a general overview on the bill surrounding cloud service and to give a detailed analysis. Legal issue on the cloud computing occurs in many fields. Existing laws have limits to govern cloud computing service. Cloud computing has issues-Privacy, Security and so on. Observance of korea Personal Information Protection Act is required of everyone. but legislator made the law did know cloud computing. Promotion of Information&Communications and Personal Information Protection Act assort Enterprises in Information & Telecommunication Industries into three groups-common carrier, special category telecommunications service provider, value added common carrier. cloud computing service provider is a value added common carrier in Information&Communications Act, but this is problem. The meaning of cloud computing is ambiguous. Cloud computing definitions vary, but our definition is as follows. Cloud computing provides flexible, location independent access to computing resources that are quickly and seamlessly allocated or released in response to demand. Cloud Computing technology and Cloud Service must be distinguished. The contents above are accepted by the bill surrounding cloud service. This paper argued the main contents of the bill surrounding cloud computing service and analyzed about the challenges that need to be discussed further.
미국 빅테크 기업에 대한 최근 규제 동향 - 클라우드컴퓨팅에 대한 반트러스트법 쟁점을 중심으로 -
손영화 ( Son Young Hoa ) 한국경제법학회 2021 경제법연구 Vol.20 No.2
클라우드컴퓨팅은 인터넷을 통해 요청 시 원격으로 저장(remote storage) 및 소프트웨어 프로그램을 사용할 수 있는 서비스를 말한다. 클라우드컴퓨팅은 수많은 서비스를 뒷받침하고 있다. 클라우드컴퓨팅은 SaaS, PaaS, IaaS 등 대표적인 3가지 서비스로 구분되며, 서비스 대상 및 범주에 따라 공공 클라우드(Public Cloud), 사설 클라우드(Private Cloud), 하이브리드 클라우드(Hybrid Cloud)로 구분된다. 오늘날 기업들은 기본적으로 네트워크, 서버, 스토리지, 애플리케이션, 서비스를 포함한 구성 가능한 컴퓨팅 자원의 공유 풀에 대한 네트워크 액세스를 임대할 수 있다. 클라우드컴퓨팅은 맞춤형(on-demand)으로 스케일 업(scale up) 또는 스케일 다운(scale down)을 할 수 있는 기능과 관련된 편의성 및 비용 절감의 결과로 인하여 테크놀로지 분야에서 가장 수익성이 높은 비즈니스 중 하나로 성장하였다. 클라우드컴퓨팅을 성공적으로 채택하는 것은 어느 나라가 세계 경제에서 번영할 것인지를 결정하는 중요한 요인이 될 것이다. 클라우드컴퓨팅은 비용을 절감하고, 기술 및 비즈니스 민첩성을 창출하며, 혁신과 디지털 혁신을 지원한다. 2020년 전 세계 클라우드 서비스 시장은 2,700억 달러였다. 미국 정부와 의회는 클라우드컴퓨팅을 포함하여 인터넷상의 빅테크 기업에 대하여 대표적 주자인 GAFA(Google, Apple, Facebook, Amazon)를 중심으로 반트러스트법 적용을 적극적으로 추진하고 있다. 최근 미국 하원 법사위원회 반독점 소위원회는 GAFA의 시장 경쟁상황에 관한 공청회를 개최하고 실태조사를 하였다. 그 결과로 2020년 7월 하원 법사위원회는 「디지털 시장에서의 경쟁에 관한 조사(Investigation of Competition in Digital Markets)」라는 방대한 보고서를 발표하였다. 최근에는 이른바 GAFA를 규제하기 위한 5개 법안이 마련되었고, 바이든 대통령에 의한 행정명령도 이루어진 바 있다. 클라우드컴퓨팅 관련 최근 미국에서의 규제 움직임은 우리나라에 시사하는 바가 크다. 현재 우리나라는 미국과 같은 수준의 경제력 집중을 걱정할 단계는 아니다. 그러나 전통적인 경쟁법 집행으로 다루기 어려운 새로운 경제문제에 대응하기 위한 합리적인 경쟁정책의 방향을 수립할 시점이다. 미국에서의 논의 상황을 반영하여 공정거래법상 규제의 방향성을 간략히 제시하면 다음과 같다. 첫째, 데이터독점에 따른 개인정보 등 고객 이익의 침해 및 공정거래법 위반 가능성의 증대문제에 대해서 대처할 필요가 있다. 앞으로 공정거래법상 기업결합 규제를 함에 있어서 종래의 기업결합 분석에 더하여 새로이 데이터독점의 문제를 검토하지 않으면 안된다. 하반기에 이에 대한 공정거래위원회의 심사지침이 마련될 전망이다. 둘째, 클라우드컴퓨팅 사업자의 이른바 자사우대(Self-Preferencing) 문제에 대하여 엄격하게 불공정거래행위로 규제하여야 한다는 것이다. 자사우대(Self-Preferencing)는 명백히 공정거래법상 불공정행위이므로 이를 규제하지 않으면 안된다. 온라인 플랫폼의 특성을 반영한 불공정행위의 유형으로서는 자사우대(Self-Preferencing) 이외에도 멀티 호밍(Multi-Homing) 차단, 최저가보장요구(most-favored nation clause : MFN) 등이 거론되고 있다. 셋째, 클라우드컴퓨팅과 관련하여 전환비용(switching cost)의 문제를 살펴볼 필요가 있다. 전환비용은 이용자가 일단 이용하는 재화ㆍ서비스를 선택한 후 타사의 재화ㆍ서비스로 전환할 때 발생하는 비용이다. 전환비용이 높으면 높을수록 타사 재화ㆍ서비스로 전환하지 않게 된다. 전환비용은 사용자 잠금(lock-in)에 기여할 수 있다. 경쟁업체의 진입장벽을 낮추고 소비자를 위한 비용을 전환함으로써 경쟁을 장려하기 위해 데이터 상호운용성과 이동성을 보장할 필요가 있다. 넷째, 장기계약과 볼륨계약의 요구 문제이다. 장기계약이나 볼륨계약은 단기적으로는 수요자에게 이익이 생기는 면도 있지만, 정당한 사정이 없는 한 고객의 신규진입 서비스로의 전환을 부당하게 방해하여 공정한 경쟁을 저해할 우려가 있다. 따라서 공정거래위원회는 클라우드컴퓨팅 서비스를 둘러싼 업계의 거래관행에서 이와 같은 부당한 장기계약이나 볼륨계약이 이루어지고 있는지를 살펴보아야 할 것이다. 다섯째, 클라우드컴퓨팅은 인터넷을 기반으로 이루어지는 서비스인데, 클라우드컴퓨팅 서비스에 있어서 오픈소스 코드를 복제하여 독점관리 서비스를 제공하는 문제가 있을 수 있다. 오픈소스 소프트웨어를 이용하여 클라우드컴퓨팅 제공자가 제품을 개발하여 제공하고 이후 독점적으로 관리하는 경우에는 독점적인 정보보유자가 그 정보를 지렛대로 이용하여 제품시장에서 독점적 지위를 취득하는 것이다. 공정거래법상 규제의 대상이 될 수 있는지 여부에 대한 검토가 필요해 보인다. 여섯째, 클라우드컴퓨팅 제공자가 이용할 수 있는 전통적인 공정거래법 위반행위의 하나로서 이른바 끼워팔기 및 경쟁사업자 배제행위가 있다. 클라우드컴퓨팅 공급자는 제2차 시장(after market) 서비스와 관련하여 고객의 선택을 강요하거나 제한할 수 있다. 클라우드컴퓨팅 제공자가 자신의 클라우드 서비스를 제공하는 것을 기화로 다른 서비스를 끼워팔기 하는 경우 공정거래법상 끼워팔기 또는 경쟁사업자 배제행위로서 규제의 대상이 될 수 있다. The U.S. government and Congress are actively promoting the application of anti-trust laws to GAFA(Google, Apple, Facebook, Amazon), a leading cloud computing runner. Recently, the U.S. House Judiciary Committee on Monopoly held a hearing on the market competition of GAFA and conducted a fact-finding survey. As a result, in July 2020, the House Judiciary Committee released a massive Investigation of Competition in Digital Markets report. Recently, five bills were compiled to regulate the so-called GAFA. In July 2021, President Biden issued an executive order. Recent regulatory movements in the United States related to cloud computing suggest a great deal to Korea. However, in Korea, the situation in the cloud computing service industry is different from that in the EU and Japan, although somewhat similar to that in the United States, there are substantial differences. Therefore, it is too early and unnecessary for Korea to accept all the regulations on cloud computing in the U.S. However, at least cloud computing providers’ actions that hinder fair and free competition in the marketplace and harm consumers’ welfare interests must be regulated by the Fair Trade Act in Korea. Reflecting the discussion situation in the United States, here are a few simple clues to the regulations under the Fair Trade Law: First, it is necessary to deal with the problem of infringement of consumer interests such as personal information caused by data monopoly and the possibility of violation of the Fair Trade Act. In the future, when regulating enterprise combinations under the Fair Trade Act, it is necessary to consider the problem of data monopoly in addition to the existing enterprise combination analysis. Second, the so-called self-preference problem of cloud computing operators should be strictly regulated as unfair trade practices. Examples of unfair practices reflecting the characteristics of online platforms include blocking multi-homing and most-favored national claims (MFNs) in addition to self-preference. Third, we need to look at the switching cost problem in cloud computing. Switching costs are costs incurred when a user selects goods and services to use and switches them to other companies’ goods and services. The higher the switching cost, the less it will be switched to other companies’ goods and services. Data interoperability and mobility must be ensured to encourage competition by lowering barriers to competition and converting costs for consumers. Fourth, cloud computing companies seeking long-term or volume contracts from their customers are a problem under competition law. Long-term contracts and volume contracts can benefit consumers in the short run, but unless justified, they can unfairly prevent consumers from switching to new entrants and prevent fair competition. Therefore, the Fair Trade Commission should examine whether such unfair long-term and volume contracts are in place in industry trading practices around cloud computing services. Fifth, cloud computing is an Internet-based service, but cloud computing services have the problem of replicating open source code and providing proprietary management services. When cloud computing providers use open-source software to develop and provide products and then manage them exclusively, proprietary information holders use this information to gain exclusive status in the product management market. Under the Fair Trade Act, it seems necessary to consider whether it can be subject to regulation. Sixth, one of the traditional violations of the Fair Trade Act that cloud computing providers can use is the so-called tie-in sale and exclusion of competitors. Cloud computing providers can force or limit consumers’ choices for secondary market services. Cloud computing providers may be subject to regulations under the Fair Trade Act as a tie-in sale or exclusion of competitors if they sell other services together at the opportunity to provide their own cloud services.
최용전 유럽헌법학회 2017 유럽헌법연구 Vol.25 No.-
보건복지부는 2016년 2월 5일에 의료법시행규칙을 개정하여, 의료기관이 클라우드를 활용하여 전자의무기록을 외부장소에서 보관・관리할 수 있도록 허용하였으며, 동 규정은 2016년 8월 6일부터 시행되었다. 그리고 의료기관이 클라우드컴퓨팅시스템을 활용할 경우에는 클라우드컴퓨팅법의 적용을 받게 된다. 물론 의료정보의 보호에 관한 규정으로는 의료법, 보건의료기본법, 정신보건법, 모자보건법 및 개인정보보법이 있으며, 정보통신체계에 관한 법률로는 클라우드컴퓨팅법 외에도 전기통신사업법, 정보통신망법, 전자정부법 및 국가정보화기본법 등이 있다. 비록 우리나라의 클라우드컴퓨팅 관련산업이 초기모습을 띄고 있지만, 관련산업의 발전을 촉진하고 이용자를 보호하며, 특히 공공부문이 클라우드컴퓨팅산업의 발전을 선도할 수 있도록 하기 위하여, 클라우드컴퓨팅법이 제정되었다. 의료법시행규칙이 발효되고 보건복지부 고시로 ‘의무기록관리보존시설기준’이 공포됨에 따라, 중소형의료기관을 중심으로 클라우드컴퓨팅시스템이 적극 활용될 것이 예상된다. 그러나, 클라우드컴퓨팅으로 개인의료정보가 집적・공유됨으로써 의료정보보호의 문제가 대두될 수 있으므로, 클라우드컴퓨팅과 관련된 의료법령과 클라우드컴퓨팅법을 일별함으로써, 그 법적 과제를 검토해보고자 한다. 한편 2018년 5월 25일이면 유럽의 개인정보보호법인 EU 일반개인정보보호규칙(General Data Protection Regulation; GDPR)이 시행될 것이며, 이미 2017년에 들어서면서 GDPR에 근거한 클라우드컴퓨팅에 관한 행동규약(Code of Conduct)이 마련되었다. 클라우드컴퓨팅의 국경을 초월하는 가상화·분산기술에 의하여 우리나라 기업이나 클라우드컴퓨팅제공자들도 동 규칙 등의 적용을 받게 될 것이다. 그러므로 본 논문에서는 클라우드컴퓨팅시스템의 도입에 따른 규제현황을 의료법령, 개인정보법령 및 클라우드컴퓨팅법령을 중심으로 검토하고, EU GDPR과 Code of Conduct를 참고하여 의료정보클라우드컴퓨팅의 규제현황, 의료정보클라우드컴퓨팅의 법률관계, 손해배상의 문제, 정보의 국외저장 등을 검토하였다. The Ministry of Health and Welfare revised the Enforcement Rule of the Medical Service Act on February 5, 2016, allowing medical institutions to utilize the cloud to store and manage electronic medical records in an external location. This became effective on August 6, 2016. If a medical institution utilizes a cloud computing system, it will be subject to the Act on the Development of Cloud Computing and Protection of Its Users, hereinafter referred to as the Cloud Computing Act. The Medical Service Act, the Framework Act on Health and Medical Service, the Act on Mental Health and Welfare Service, the Mother and Child Health Act, and the Personal information Protection Act also regulate the protection of medical information, and, in addition to the Cloud Computing Act, the Telecommunications Business Act, the Act of Information and Communication Networks, the eGovernment Act, and the Framework Act on National Informatization serve to regulate information and communication systems. Korea's cloud computing–related industries are still in their infancy. However, to promote the cloud computing industry, the Cloud Computing Act has been introduced so that the public sector can lead. As the Enforcement Rule of the Medical Service Act is enacted and the Ministry of Health and Welfare promulgates the medical records management preservation facility standards, it is expected that cloud computing systems will be actively utilized, particularly by small and medium-size medical institutions. However, as healthcare information protection issues may arise due to the sharing of personal medical information via cloud computing, it is necessary to make the legal issues of the Medical service laws and the Cloud Computing Act clear. On May 25, 2018, the European Union's General Data Protection Regulation, hereinafter referred to as GDPR, will be enacted. The Code of Conduct for Cloud Computing, based on the GDPR, has already been established, in 2017. Because cloud computing consists of cross-border virtualization and decentralization technologies, Korean companies and cloud computing providers will also be subject to the European Privacy Protection Act. In this paper, I review the regulatory status of medical information cloud computing, the legal aspects of medical information cloud computing, the issue of compensation for damages, and the storage of information abroad, by referring to the EU GDPR and Code of Conduct.
클라우드 컴퓨팅 환경에서 전자정보 압수수색에 관한 정비방안 연구 : 선행연구 결과에 대한 입법론적(피의자의 기본권 보호)접근
이인곤 한국산업보안연구학회 2022 한국산업보안연구 Vol.12 No.2
Recently, as the transition to an information society accelerates, virtualized information resources are rapidly evolving into cloud computing (hereinafter referred to as ‘Cloud Computing’ and ‘Cloud’) using Internet technology. Cloud, the core technology of the so-called “fourth industrial revolution,” is expected to play a net function to drive innovation in all industrial areas through computer infrastructure. However, as the cloud computing industry, which focuses on “distributed processing” and “virtualization,” is activated, there is a possibility of causing various legal problems in investigative seizure and search, so it is necessary to clarify the current criminal justice system’s problems. This study aims to derive problems by in-depth comparison and analysis of criminal law problems that appear during the seizure and search of electronic information managed, modified, and generated by Cloud Computing and present legislative measures. Furthermore, this study aims to pay attention to the protection of human rights in the investigation procedure from the perspective of improving the efficiency of the investigation in the results of previous studies as a follow-up study related to Cloud Computing in Korea. The purpose of the study is to seek a method of seizure and search of electronic information (investigation method - principle of due process) as a means of solving crimes in the development of a new digital environment in the investigation process, while discussing measures (response measures) to minimize human rights violations (protection of basic rights of individuals). 최근 정보화 사회로 전환이 가속화됨에 따라 인터넷 기술을 활용하여 가상화된 정보자원을 클라우드 컴퓨팅(Cloud Computing) 방식으로 급속히 진화되고 있다. 소위 ‘4차 산업혁명’의 핵심기술인 Cloud Computing은 전산 인프라로 전 산업영역의 혁신을 견인할 순기능 역할이 기대되고 있다. 그러나 ‘분산처리1)’ 및 ‘가상화2)’를 핵심기술로 하는 Cloud Computing 산업이 활성화됨에 따라 인터넷 범죄가 급증함에 따라 수사상 압수·수색 집행에서 다양한 법적인 문제를 야기시킬 가능성이 상존하기 때문에 ‘Cloud Computing 환경에서의 디지털정보 압수와 수색’에 관한 현행 형사사법체계상의 문제점들을 밝혀 그 개선방안을 신속하게 마련할 필요가 있다. 본 연구는 Cloud Computing에서 관리·수정·생성되는 전자정보의 압수·수색 시 현출되는형사법적 문제점을 외국의 입법례와 판례를 심층적으로 비교분석하여 문제점을 도출하고 그 입법방안을 제시하고자 한다. 한 걸음 더 나아가 본 연구에서는 국내의 Cloud Computing 관련 후속연구로 기 선행연구 결과물에 수사의 효율성 제고라는 관점과 그 이면에서 수사절차상 인권보호에 주목하고자 한다. 연구 목적은 수사과정에서 새로운 디지털 환경의 발전에 따라 날로 진화하는 컴퓨팅 환경에서 범죄해결 수단으로서 전자정보 압수수색의 방법(수사방법 - 적법절차의원칙)을 모색하는 한편, 수사대상인 피의자의 인권침해(기본권 보호-개인의 기본권 영역으로의새로운 형태의 침해를 유발할 수 있다는 점)의 최소화 방안(대응책)을 논의하고 입법안을 마련하고자 함에 있다. 본 연구 목적은 새로운 디지털 환경의 발전에 따라 날로 진화하는 컴퓨팅 환경에서 범죄해결 수단으로서 전자정보 압수·수색의 방법(수사방법 - 적법절차의 원칙)을 모색하는 한편, 수사대상인 피의자의 인권침해(기본권 보호)의 최소화 방안(대응책)을 논의하고 입법안을 마련하고자 함에 있다.