Cloud Implications on Software Network Structure and Security Risks

Author List: August, Terrence; Niculescu, Marius F.; Shin, Hyoduk;

Information Systems Research, 2014, Volume 25, Issue 3, Page 489-510.

By software vendors offering, via the cloud, software-as-a-service (SaaS) versions of traditionally on-premises application software, security risks associated with usage become more diversified. This can greatly increase the value associated with the software. In an environment where negative security externalities are present and users make complex consumption and patching decisions, we construct a model that clarifies whether and how SaaS versions should be offered by vendors. We find that the existence of version-specific security externalities is sufficient to warrant a versioned outcome, which has been shown to be suboptimal in the absence of security risks. In high security-loss environments, we find that SaaS should be geared to the middle tier of the consumer market if patching costs and the quality of the SaaS offering are high, and geared to the lower tier otherwise. In the former case, when security risk associated with each version is endogenously determined by consumption choices, strategic interactions between the vendor and consumers may cause a higher tier consumer segment to prefer a lower inherent quality product. Relative to on-premises benchmarks, we find that software diversification leads to lower average security losses for users when patching costs are high. However, when patching costs are low, surprisingly, average security losses can increase as a result of SaaS offerings and lead to lower consumer surplus. We also investigate the vendor’s security investment decision and establish that, as the market becomes riskier, the vendor tends to increase investments in an on-premises version and decrease investments in a SaaS version. On the other hand, in low security-loss environments, we find that SaaS is optimally targeted to a lower tier of the consumer market, average security losses decrease, and consumer surplus increases as a result. Security investments increase for both software versions as risk increases in these environments.

Keywords: cloud computing;software-as-a-service;network economics;security;versioning;on-premises software

Algorithm:

List of Topics

#5	0.300	consumer consumers model optimal welfare price market pricing equilibrium surplus different higher results strategy quality cost lower competition firm paper
#22	0.286	software vendors vendor saas patch cloud release model vulnerabilities time patching overall quality delivery software-as-a-service high need security vulnerability actually
#73	0.109	security threat information users detection coping configuration avoidance response firm malicious attack intrusion appraisal countermeasures benefit costs threats ability rate
#74	0.093	high low level levels increase associated related characterized terms study focus weak hand choose general lower best predicted conditions implications
#264	0.074	risk risks management associated managing financial appropriate losses expected future literature reduce loss approach alternative mitigate failures failure cause mitigation
#271	0.057	technology investments investment information firm firms profitability value performance impact data higher evidence diversification industry payoff return findings decisions greater