With the imminent release of new security guidelines from the National Intelligence Service (NIS), the Desktop-as-a-Service (DaaS) market in Korea is gaining momentum. The anticipated relaxation of the physical network separation principle — enforced for the past 19 years — is expected to open up new opportunities for growth.
According to industry sources on the 22nd, the NIS is set to release the official N²SF guidelines in September, eight months after the draft was unveiled in January. The draft included 176 security control measures, and the finalized version is expected to expand beyond 200, offering a more sophisticated security framework.
The core of N²SF is differentiated security measures based on the importance of data and tasks. Information will be categorized into three levels: Confidential (C), Sensitive (S), and Open (O). Unlike the previous blanket rule of physical network separation, the new framework allows logical separation and the use of cloud services for Sensitive and Open levels.
This shift brings DaaS into the spotlight. DaaS provides a cloud-based virtual desktop environment that delivers operating systems and applications remotely. Employees can access their work PC environment anytime, anywhere, and from any device. Since data is stored centrally on secure servers, DaaS enhances both data protection and remote work efficiency — aligning closely with the principles of N²SF.
The outlook for the DaaS market is strong. According to Gartner, Korea’s DaaS market is projected to grow from KRW 50.3 billion in 2024 to KRW 64.8 billion in 2026, accounting for around 10% of the enterprise PC market that year.
Government policies promoting cloud adoption are further accelerating growth. Notable examples include the Ministry of the Interior and Safety’s introduction of “Onbook,” a DaaS-based work laptop, and Korea Post’s plan to adopt DaaS for all employees. The government aims to transition all public-sector information systems to a “cloud-native” architecture by 2030.
Vendors are already moving quickly. Tilon has launched VDI/DaaS solutions with role-based access control (RBAC), enabling automated compliance with various security standards at the system level. Gabia has introduced DaaS solutions that meet complex security requirements such as network separation, internet access control, and restrictions on removable storage devices.
Still, public-sector adoption is expected to remain limited until the official guidelines are released, as institutions remain cautious about investing before standards are finalized. The industry, however, expects a surge in demand once N²SF is formally introduced in the second half of the year.
A representative from a DaaS provider said, “The N²SF guidelines will provide the security assurance necessary for public institutions and enterprises to adopt DaaS with confidence. We hope the framework will be designed to balance both safety and efficiency — two core elements that institutions need most.”
Read more on 기술로 세상을 바꾸는 사람들의 놀이터
