Cloud Deployment Model's Role in Provider and User Security Investment Incentives
Posted: 4 Jul 2019
Date Written: July 1, 2019
Abstract
Firms rely on cloud computing to move their operations to the e-business model. However, security has been a major concern in cloud computing. The security of a cloud is the joint responsibility of the cloud provider and cloud users, but the extent to which the provider and users can affect cloud security through their efforts depends on the cloud deployment model. In a Software as a Service (SaaS) model, the cloud provider's effort has a larger marginal impact on cloud security than a user's effort, whereas in an Infrastructure as a Service (IaaS) model, the reverse holds. In this study, we examine how the cloud deployment model and user characteristics affect the cloud provider's and users' incentives to invest in security, which, in turn, affects cloud security, user valuation of the cloud, and provider's profit. Our analysis shows that a shift towards the SaaS deployment model does not necessarily increase the provider's effort even though it enhances the effectiveness of his security effort. For a given deployment model, an increase in the mean user loss from a security breach induces users to exert more security effort. However, the provider profitably free-rides on the enhanced user incentives to exert security effort by diminishing his effort if the provider's service cost is low. Analogously, a highly homogeneous user population, either in terms of cloud valuation or loss from a security breach, also benefits the provider regardless of the cloud deployment model. The cloud provider would prefer to shift towards a SaaS deployment model if users incur a greater loss from a security breach. However, such a shift may not increase the provider's profit. On the other hand, when users are highly homogeneous, the provider would prefer to shift towards IaaS and profit from such a shift.
Keywords: E-business, Cloud Computing, Cloud Security, Cloud Deployment Model, Game Theory
JEL Classification: M15
Suggested Citation: Suggested Citation