Abstract

  
 

References (54)



 


 



Cloud Computing: Implications on Software Network Structure and Security Risks


Terrence August


University of California, San Diego (UCSD) - Rady School of Management

Marius Florin Niculescu


Georgia Institute of Technology - Ernest Scheller Jr. College of Business

Hyoduk Shin


University of California, San Diego (UCSD) - Rady School of Management
September 11, 2011


Abstract:     
By software vendors offering, via the cloud, software as a service (SaaS) versions of traditionally on-premises products, security risks associated with software usage become more diversified which can greatly increase the value associated with network software. In an environment where negative security externalities are present and users make complex consumption and patching decisions, we construct a model that clarifies whether and how SaaS versions should be offered by vendors. For high security-loss software, we find that SaaS should be geared to the middle tier of the consumer market if patching costs and the quality of the service offering are high, and geared to the lower tier otherwise. The vendor-preferred and social planner-preferred structure of segmentation often coincide, except when patching costs are within an intermediate range, in which case welfare can be increased by additional incentives to induce SaaS usage in the middle tier. Relative to on-premises benchmarks, we find that software diversification indeed leads to lower average security losses for users when patching costs are high. However, when patching costs are low, surprisingly, average security losses can actually increase as a result of SaaS offerings and lead to lower consumer surplus. Releasing a SaaS version substantially increases vendor profits and welfare in high security-loss environments and only has a limited, but positive, effect in low security-loss environments. Nevertheless, in the latter case, we find that versioning is optimal in the presence of version-specific negative security externalities, even as they become small.

Number of Pages in PDF File: 42

Keywords: software as a service, SaaS, security, economics of information systems, network externalities, software patching, security risk

JEL Classification: C70, D42, L12, L86

working papers series


Download This Paper

Date posted: September 27, 2011 ; Last revised: November 1, 2011

Suggested Citation

August, Terrence, Niculescu, Marius Florin and Shin, Hyoduk, Cloud Computing: Implications on Software Network Structure and Security Risks (September 11, 2011). Available at SSRN: http://ssrn.com/abstract=1933618 or http://dx.doi.org/10.2139/ssrn.1933618

Contact Information

Terrence August (Contact Author)
University of California, San Diego (UCSD) - Rady School of Management ( email )
9500 Gilman Drive
Rady School of Management
La Jolla, CA 92093
United States
HOME PAGE: http://management.ucsd.edu/faculty/directory/august/
Marius Florin Niculescu
Georgia Institute of Technology - Ernest Scheller Jr. College of Business ( email )
800 West Peachtree St., NW
Atlanta, GA 30308-1149
United States
404-385-3105 (Phone)
HOME PAGE: http://scheller.gatech.edu/directory/faculty/niculescu/index.html
Hyoduk Shin
University of California, San Diego (UCSD) - Rady School of Management ( email )
9500 Gilman Drive
Rady School of Management
La Jolla, CA 92093
United States
Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 1,034
Downloads: 203
Download Rank: 74,121
References:  54

© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright
This page was processed by apollo1 in 0.563 seconds