Abstract

http://ssrn.com/abstract=1933618
 
 

References (54)



 


 



Cloud Implications on Software Network Structure and Security Risks


Terrence August


University of California, San Diego (UCSD) - Rady School of Management

Marius Florin Niculescu


Georgia Institute of Technology - Ernest Scheller Jr. College of Business

Hyoduk Shin


University of California, San Diego (UCSD) - Rady School of Management

2014

Information Systems Research, 2014, Vol. 25, No. 3, pp. 489-510

Abstract:     
By software vendors offering, via the cloud, software as a service (SaaS) versions of traditionally on-premises application software, security risks associated with usage become more diversified which can greatly increase the value associated with the software. In an environment where negative security externalities are present and users make complex consumption and patching decisions, we construct a model that clarifies whether and how SaaS versions should be offered by vendors. We find that the existence of version-specific security externalities is sufficient to warrant a versioned outcome, which has been shown to be suboptimal in the absence of security risks. In high security-loss environments, we find that SaaS should be geared to the middle tier of the consumer market if patching costs and the quality of the SaaS offering are high, and geared to the lower tier otherwise. In the former case, it is a noteworthy result that strategic interactions between the vendor and consumers can lead a lower inherent quality product to actually be preferred by a higher tier customer segment when security risk associated with each version is endogenously determined by consumption choices. Relative to on-premises benchmarks, we find that software diversification indeed leads to lower average security losses for users when patching costs are high. However, when patching costs are low, surprisingly, average security losses can actually increase as a result of SaaS offerings and lead to lower consumer surplus. We also investigate the vendor's security investment decision and establish that the vendor tends to increase investments in an on-premises version and decrease investments in a SaaS version as the market becomes riskier. In low security-loss environments, we find that SaaS is optimally targeted to a lower tier of the consumer market, average security losses decrease, and consumer surplus increases as a result. Security investments increase for both software versions as risk increases in these environments.

Keywords: software as a service, SaaS, security, economics of information systems, network externalities, software patching, security risk

JEL Classification: C70, D42, L12, L86

Accepted Paper Series





Not Available For Download

Date posted: September 27, 2011 ; Last revised: September 28, 2014

Suggested Citation

August, Terrence and Niculescu, Marius Florin and Shin, Hyoduk, Cloud Implications on Software Network Structure and Security Risks (2014). Information Systems Research, 2014, Vol. 25, No. 3, pp. 489-510. Available at SSRN: http://ssrn.com/abstract=1933618 or http://dx.doi.org/10.2139/ssrn.1933618

Contact Information

Terrence August (Contact Author)
University of California, San Diego (UCSD) - Rady School of Management ( email )
9500 Gilman Drive
Rady School of Management
La Jolla, CA 92093
United States
HOME PAGE: http://management.ucsd.edu/faculty/directory/august/
Marius Florin Niculescu
Georgia Institute of Technology - Ernest Scheller Jr. College of Business ( email )
800 West Peachtree St., NW
Atlanta, GA 30308-1149
United States
404-385-3105 (Phone)
HOME PAGE: http://scheller.gatech.edu/directory/faculty/niculescu/index.html
Hyoduk Shin
University of California, San Diego (UCSD) - Rady School of Management ( email )
9500 Gilman Drive
Rady School of Management
La Jolla, CA 92093
United States
Feedback to SSRN


Paper statistics
Abstract Views: 1,523

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo4 in 0.406 seconds