Cloud Implications on Software Network Structure and Security Risks
Authors: August, Terrence; Niculescu, Marius Florin; Shin, Hyoduk
Journal: Information Systems Research (2014)
<jats:p> By software vendors offering, via the cloud, software-as-a-service (SaaS) versions of traditionally on-premises application software, security risks associated with usage become more diversified. This can greatly increase the value associated with the software. In an environment where negative security externalities are present and users make complex consumption and patching decisions, we construct a model that clarifies whether and how SaaS versions should be offered by vendors. We find that the existence of version-specific security externalities is sufficient to warrant a versioned outcome, which has been shown to be suboptimal in the absence of security risks. In high security-loss environments, we find that SaaS should be geared to the middle tier of the consumer market if patching costs and the quality of the SaaS offering are high, and geared to the lower tier otherwise. In the former case, when security risk associated with each version is endogenously determined by consumption choices, strategic interactions between the vendor and consumers may cause a higher tier consumer segment to prefer a lower inherent quality product. Relative to on-premises benchmarks, we…