Cloud Deployment Model's Role in Provider and User Security Investment Incentives

Posted: 4 Jul 2019

See all articles by Mingwen Yang

Mingwen Yang

University of Washington

Varghese Jacob

University of Texas at Dallas - Department of Accounting & Information Management

Srinivasan Raghunathan

University of Texas at Dallas - Naveen Jindal School of Management

Date Written: July 1, 2019

Abstract

Firms rely on cloud computing to move their operations to the e-business model. However, security has been a major concern in cloud computing. The security of a cloud is the joint responsibility of the cloud provider and cloud users, but the extent to which the provider and users can affect cloud security through their efforts depends on the cloud deployment model. In a Software as a Service (SaaS) model, the cloud provider's effort has a larger marginal impact on cloud security than a user's effort, whereas in an Infrastructure as a Service (IaaS) model, the reverse holds. In this study, we examine how the cloud deployment model and user characteristics affect the cloud provider's and users' incentives to invest in security, which, in turn, affects cloud security, user valuation of the cloud, and provider's profit. Our analysis shows that a shift towards the SaaS deployment model does not necessarily increase the provider's effort even though it enhances the effectiveness of his security effort. For a given deployment model, an increase in the mean user loss from a security breach induces users to exert more security effort. However, the provider profitably free-rides on the enhanced user incentives to exert security effort by diminishing his effort if the provider's service cost is low. Analogously, a highly homogeneous user population, either in terms of cloud valuation or loss from a security breach, also benefits the provider regardless of the cloud deployment model. The cloud provider would prefer to shift towards a SaaS deployment model if users incur a greater loss from a security breach. However, such a shift may not increase the provider's profit. On the other hand, when users are highly homogeneous, the provider would prefer to shift towards IaaS and profit from such a shift.

Keywords: E-business, Cloud Computing, Cloud Security, Cloud Deployment Model, Game Theory

JEL Classification: M15

Suggested Citation

Yang, Mingwen and Jacob, Varghese and Raghunathan, Srinivasan, Cloud Deployment Model's Role in Provider and User Security Investment Incentives (July 1, 2019). Available at SSRN: https://ssrn.com/abstract=3413092

Mingwen Yang (Contact Author)

University of Washington ( email )

UW Foster School of Business ISOM Department
Box 353226
Seattle, WA 98195
United States
4049332608 (Phone)

Varghese Jacob

University of Texas at Dallas - Department of Accounting & Information Management ( email )

2601 North Floyd Road
Richardson, TX 75083-0688
United States

Srinivasan Raghunathan

University of Texas at Dallas - Naveen Jindal School of Management ( email )

P.O. Box 830688
Richardson, TX 75083-0688
United States

Register to save articles to
your library

Register

Paper statistics

Abstract Views
86
PlumX Metrics