As cloud adoption accelerates, security standards are evolving just as quickly. The industry’s focus is shifting away from server-based intrusion prevention toward identifying risks tied to user accounts and behavioral patterns. In turn, security solutions are changing as well — no longer limited to on-premise installations, but increasingly built to function across both on-premise and cloud environments.
Against that backdrop, XCURENET is extending its traditional deployment-based model into hybrid cloud security services. Through its latest cloud initiative, the company is seeking to respond to shifting security demands while reinforcing a detection-centered strategy within a hybrid architecture. To understand the reasoning behind the move, we spoke with Lee Seung-young, Deputy Manager at XCURENET.
Q. Should this cloud initiative be considered an entirely new business line?
A. Not exactly. It’s more an extension of the security solutions we’ve historically delivered through on-premise deployments. Until recently, our products were installed exclusively within customers’ environments. Beginning this year, we introduced a cloud-based model that provides the same core capabilities in a service format similar to SaaS.
Q. Does moving to a service-based model signal a shift toward a broader customer base?
A. Yes. The goal is to build a structure that can be used across industries and organization sizes — from private companies to public institutions. While preserving the strengths of the traditional on-premise model, we designed the system to operate reliably in cloud environments as well.
Q. Your security business was already established. What prompted the expansion into cloud services?
A. Historically, our sales efforts focused on large enterprises and major corporate clients. By introducing a cloud-based model, we saw an opportunity to reach small and mid-sized businesses. Demand in the SMB segment is particularly strong for solutions that lower upfront deployment costs and reduce infrastructure burdens.
Q. What most directly led to the launch of the cloud business?
A. There were two main factors. First, our hybrid cloud model is aimed primarily at the SMB market. When EMASS was offered strictly as an on-premise solution, customers had to bear substantial upfront costs for hardware purchases. By keeping data collection devices on physical servers while running logging components in the cloud, we’re able to significantly lower those initial deployment costs.
Second, there’s the issue of data center space. Physical servers require adequate room for heat dissipation and system stability, often occupying more than one rack unit per device. Reducing the number of on-site systems helps ease space constraints while maintaining operational reliability.
Q. How did your experience with EMASS AI and EMASS AI PLUS influence the shift to cloud services?
A. Both EMASS AI and EMASS AI PLUS are built around a detection-first approach to internal data leakage. Their primary function is to analyze the exposure of personal or confidential data by employees, as well as unusual user behavior. Many organizations rely heavily on blocking-based security tools, but it’s not realistic to block every service without first understanding how users actually operate. EMASS prioritizes behavioral analysis and then establishes blocking policies based on those findings. We concluded that this detection-driven model remains just as relevant — and effective — in cloud environments.
Q. How did the broader transition to a “cloud security era” affect your sense of urgency?
A. In the past, the main focus was preventing server intrusions. In cloud environments, however, account compromise and configuration errors have become the primary risks. Incidents involving phishing, MFA bypass, and misconfigured cloud settings are increasingly common. The attack surface has shifted — attackers often target accounts before they target servers.
In cloud environments, providers are responsible for the underlying infrastructure, but customers remain responsible for their data, user accounts, and configurations. That makes account security, cloud security posture management (CSPM), and the ability to preserve forensic evidence after an incident especially important. EMASS addresses these needs through user log collection and continuous monitoring frameworks.
Q. Why has cloud adoption become viable even in highly regulated sectors such as finance and the public sector?
A. It’s not simply a matter of technological progress. In the financial industry, regulators have introduced detailed cloud usage guidelines outlining requirements for access controls, audit logging, encryption, and related safeguards. Public institutions now operate under formal cloud frameworks established by government ministries as well.
At the same time, domestic cloud providers have built infrastructure that meets regulatory standards, including local regions and dedicated network environments. Together, these regulatory and technical developments have made cloud adoption feasible in sectors that were previously cautious about moving sensitive workloads off-premise.
Q. What challenges do companies in the domestic cloud market typically encounter?
A. While cloud services reduce upfront capital expenses, their usage-based pricing models can make long-term costs harder to predict. As traffic grows, monthly expenses can increase quickly, sometimes leading to unexpected cost spikes. When organizations rely on global cloud providers, exchange rate fluctuations add another layer of uncertainty.
For that reason, many companies adopt a hybrid approach — keeping core systems on-premise while using cloud services selectively for workloads that require scalability.
Q. What does it mean for the company to be listed on all three major cloud platforms?
A. In the past, our solutions were deployed entirely through on-premise installations within customer data centers. Being listed on cloud marketplaces allows customers to access the service immediately in a subscription-based format.
It has also enabled greater automation. Rather than relying solely on manual installation processes, components such as logging modules can now be deployed automatically. That has shortened deployment timelines and reduced operational complexity.
Q. What defines the hybrid architecture and the monthly subscription model?
A. The hybrid architecture separates data collection from log analysis. Devices that need to receive internal network traffic remain on-premise, while log analysis and processing take place in the cloud.
Under the monthly subscription model, customers pay recurring fees for both cloud infrastructure usage and the security solution modules. This removes the need for large upfront investments and allows organizations to pay based on actual usage.
Q. How does a detection-centered model differ from traditional blocking-focused security?
A. The main difference is that detection comes first. Instead of immediately restricting activity, the model prioritizes visibility. By analyzing user behavior, organizations can identify both internal and external risks early — without disrupting routine operations.
Rather than relying on isolated blocking measures, the approach emphasizes continuous monitoring and analysis. The goal is to respond proactively, based on observed patterns, rather than reactively shutting down activity after a rule is triggered.
Q. Among the company’s cloud security offerings, what do new customers tend to notice first?
A. Most customers immediately recognize the ability to collect and review all data transmitted and received by internal users in real time. That provides administrators with a clear, consolidated view of how information moves across the organization.
Data flows that were previously difficult to trace become visible at a glance, improving overall security visibility. In addition, administrators can define specific conditions — such as high-risk keywords — so that related content is detected and flagged instantly. That allows risks to be identified in near real time rather than after an incident has already occurred.
Q. Does the solution also address risks associated with generative AI?
A. Yes. When employees use generative AI services, personal data or confidential corporate information can be unintentionally entered or exposed. The system logs and analyzes the full sequence of generative AI usage, detecting both input and output activities that involve sensitive data.
Rather than integrating directly with individual AI platforms, the approach focuses on analyzing user behavior and network traffic logs. The system currently includes roughly 100 detection patterns related to generative AI usage, with ongoing efforts to refine and expand those capabilities.
Q. What security concerns do customers most frequently raise during sales discussions?
A. The most common request is the ability to clearly identify who leaked information and through which path when an incident occurs. When sensitive data — such as personal information, core documents, proprietary technologies, or confidential materials — is exposed, organizations need to understand both the cause and the route in order to establish effective response measures.
Another recurring concern is operational burden. Continuous, around-the-clock monitoring for internal data leakage isn’t realistic if done manually. Customers are therefore looking for systems that automate repetitive monitoring tasks and reduce the workload placed on security teams.
Q. Who are the primary targets of the cloud security business, and what are the short-term goals?
A. Public institutions and financial organizations tend to prioritize log retention and evidentiary records to support audits and regulatory compliance. Private-sector companies, by contrast, are generally more focused on detecting the leakage of confidential or business-critical information.
In the near term, our objective is to secure new customers and build reference cases. Establishing credibility through real-world deployments is essential before pursuing broader expansion.
Q. How do you plan to expand across different industries?
A. In the public and financial sectors, the priority is meeting compliance requirements — including personal data protection laws and national security guidelines. Our focus there is on audit capabilities, regulatory reporting, and long-term evidentiary data retention.
For private-sector companies, the strategy centers more on improving visibility into internal data flows and enhancing operational efficiency through AI- and machine learning–based detection. The emphasis is less on regulatory alignment and more on practical risk management and productivity.
Q. What is the long-term direction for the cloud business?
A. We are looking beyond the domestic market to international cloud markets as well. Given our prior experience working with overseas customers, we intend to expand globally using the hybrid cloud security model that has been validated in Korea.
At this stage, there are no immediate plans to branch into additional business categories. The priority is to firmly establish the hybrid model and ensure its stability under real-world operating conditions.
Q. How do you see cloud security evolving?
A. We expect cloud security to move beyond traditional, role-based DLP or IPS/IDS frameworks toward more intelligent detection powered by AI and machine learning. That includes broader detection of anomalous behavior, insider threats, and emerging risks tied to generative AI usage.
The focus will be on improving detection accuracy while reducing false positives, and on tailoring detection models to each customer’s environment. Over the medium to long term, advancing automation across the entire workflow — from collection and analysis to detection and response — will be critical so that action can follow immediately once a threat is identified.
The company’s cloud strategy reflects less a wholesale migration than a pragmatic coexistence between on-premise and cloud environments. By extending detection and monitoring capabilities developed in traditional deployments into hybrid settings, it is positioning the model as a response to shifting threat patterns.
The remaining question is market validation. The industry will be watching to see how its first cloud reference cases perform — and whether they set a benchmark in an increasingly competitive security landscape.
Copyright ⓒ 시선뉴스 무단 전재 및 재배포 금지
