logo

This interview was originally published in our in-house program, <Masters of Mildang*>, which features stories from our employees in the Corporate job group who co-create and support TEAM NAVER's businesses and services with their expertise and experience.

*Mildang: push and pull in relationships

NAVER is visited by tens of millions of users every day. Therefore, the Data Security team at NAVER is committed to protecting user information and NAVER’s systems from various security threats with the mindset that “protecting NAVER's data is protecting the data of the entire nation.” We would like to introduce the Data Security Team and its security experts who ensure watertight protection at NAVER at the forefront of security.

​

Q. What does the NAVER Data Security Team do?

​

We are in charge of safely managing a wide range of information at NAVER, including the personal information of not only NAVER users but also its employees, business partners, and job applicants. We also check whether NAVER services are lawfully collecting, storing, and disposing of personal information. We provide privacy training to NAVER executives and employees as well as Smart Store owners who collect recipient information. We also utilize technology to check data security from service design to post-deployment, and train developers on security system development and penetration testing.

​

Q. So you manage data security across the board from service planning to deployment.

​

Some companies apply security policies when development is completed, but in data security, it is very difficult to “fix the barn after losing the cow.” So NAVER builds a strong barn from the beginning and carefully checks for and repairs any worn and broken parts. That is why we thoroughly review security in all our businesses and services from the planning stage.

Our recently launched AI services, Cue: and CLOVA X, were also reviewed from the very initial planning stage, carefully checking each and every security measure such as training data collection and personal information handling before launch.

​

​

We also embed our own security technology into every stage of service development to identify and fix vulnerabilities early on. One of our in-house technologies, “Toothless,”* conducts over 1,100 security analyses daily, just as its name implies. To make sure this process does not hinder development, we applied data security standards to each step in a way that ensures automated compliance. NAVER’s various security technologies are incorporated throughout the company, ensuring that all information is thoroughly examined and protected.

It does not end there. We also utilize outside eyes to ensure that NAVER’s security is perfectly designed. For example, we have Bug Bounty* and PER* programs. Bug Bounty is a system that pays rewards to external hackers for reporting security bugs, which we operate with strict restrictions to prevent hackers from accessing the actual internal network. We provide up-to-date information on privacy activities related to these programs to users on the NAVER Privacy Center.

*Toothless: A technology developed by NAVER Security in 2020 that naturally applies security features to the development, deployment, and operation pipelines.

*Bug Bounty: A program that pays rewards to external hackers for reporting security bugs

*PER (Privacy Enhancement Reward): NAVER’s own system that collects suggestions for service vulnerabilities and improvements to operations from general users.

​

Q. I heard that NAVER has earned global recognition for its personal information security system.

​

​

NAVER received APEC CBPR* certification for the first time among Korean companies in 2022. This means that NAVER operates a global-level personal information security system. It has gained global recognition for its high level of data security, making NAVER services even more reliable for overseas users and partners.

To make our system even more robust, we have our information protection system verified annually by various authoritative organizations in Korea and abroad.

*APEC CBPR (Cross Border Privacy Rules) Certification: A global certification system that evaluates and certifies a company's personal information protection system based on the Asia-Pacific Economic Cooperation (APEC) Privacy Principles.

​

Q. What are the goals of the Data Security team?

​

Data security not only forms the foundation of NAVER’s services but also serves as a source of its competitive advantage. To this end, not only my team, but also various departments and stakeholders are taking the initiative in protecting NAVER’s information with a high security awareness. Everyone in charge of each service has a high level of data security awareness, and they take responsibility for service operation and protect user privacy every step of the way. Different departments work closely together to prevent various security issues.

Thanks to all of these efforts, I think we have been able to keep NAVER’s information safe and secure. We will continue to protect users' information with a sense of mission and create NAVER services that they can use and rely on at any time ●