Top

Business & Information Systems Engineering

Published in:

12-01-2022 | Research Paper

Security-Induced Lock-In in the Cloud

Author: Daniel Arce

Published in: Business & Information Systems Engineering | Issue 4/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cloud services providers practice security-induced lock-in when employing cryptography and tamper-resistance to limit the portability and interoperability of users’ data and applications. Moreover, security-induced lock-in and users’ anti-lock-in strategies intersect within the context of platform competition. When users deploy anti-lock in strategies, such as using a hybrid cloud, a leader–follower pricing framework increases profits for cloud services providers relative to Nash equilibrium prices. This creates a second-mover advantage, as the follower’s increase in profits exceeds that of the leader owing to the potential for price undercutting. By contrast, introducing or enhancing security-induced lock-in creates both an increase in profits and a first-mover advantage. Cloud services providers therefore favor security-induced lock-in over price leadership. More broadly, we show why standardization of semantics, technologies, and interfaces is a nonstarter for cloud services providers.

previous article Identifying Digital Transformation Paradoxes

next article Virtual Coaches

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

WIRTSCHAFTSINFORMATIK

WI – WIRTSCHAFTSINFORMATIK – ist das Kommunikations-, Präsentations- und Diskussionsforum für alle Wirtschaftsinformatiker im deutschsprachigen Raum. Über 30 Herausgeber garantieren das hohe redaktionelle Niveau und den praktischen Nutzen für den Leser.

inform now

Business & Information Systems Engineering

BISE (Business & Information Systems Engineering) is an international scholarly and double-blind peer-reviewed journal that publishes scientific research on the effective and efficient design and utilization of information systems by individuals, groups, enterprises, and society for the improvement of social welfare.

inform now

Wirtschaftsinformatik & Management

Texte auf dem Stand der wissenschaftlichen Forschung, für Praktiker verständlich aufbereitet. Diese Idee ist die Basis von „Wirtschaftsinformatik & Management“ kurz WuM. So soll der Wissenstransfer von Universität zu Unternehmen gefördert werden.

inform now

Here the cloud network effect is collectively within user groups, as identified by Opara-Martins, Sahandi, and Tian (2016), rather than between user groups.

The upper bound on P₁₂, V₁ − λ₁V + P₂₁, is positive. A negative upper bound results if λ₁ > (V₁ + P₂₁)/V. As V₁ > V, and the second-period equilibrium occurs in the positive orthant of the (P₂₁, P₂₂) plane, λ₁ > (V₁ + P₂₁)/V > 1. But λ₁ is a probability and a probability cannot take a value greater than 1, thereby establishing a contradiction.

Strategic complements has nothing to do with whether users view the associated goods or services as complements (e.g., apps and CSPs) or substitutes (e.g., CSPs in a given layer of the cloud stack).

Anderson RJ (2004) Cryptography and competition policy—issues with ‘trusted computing.’ In: Camp LJ, Lewis S (eds) Economics of information security. Kluwer Academic, Norwell, pp 35–52CrossRef

Anderson RJ (2020) Security engineering, 3rd edn. Wiley, IndianapolisCrossRef

Anderson RJ (2001) Why information security is hard—an economic perspective. Proceedings of the seventeenth annual computer security applications conference. IEEE, New Orleans, pp 358–365

Arce DG (2018) Malware and market share. J Cybersecur 4(1):1–6CrossRef

Arce DG (2020a) Cybersecurity and platform competition in the cloud. Comput Secur 93:1–9CrossRef

Arce DG (2020b) Platform pricing redux. South Econ J 87(2):732–740CrossRef

Armbrust M, Fox A, Griffith R et al (2010) A view of cloud computing. Commun ACM 53(4):50–58CrossRef

Asghari H, van Eeten M, Bauer JM (2016) Economics of cybersecurity. In: Bauer J, Latzer M (eds) Handbook on the economics of the internet. Elgar, Northampton, pp 262–287

Barua A, Kriebel CH, Mukhopadhyay T (1991) An economic analysis of strategic information technology investments. MIS Q 15(3):313–331CrossRef

Bernheim BD, Peleg B, Whinston MW (1989) Coalition-proof Nash equilibria: concepts. J Econ Theory 42(1):1–12CrossRef

Caminal R, Matutes C (1990) Endogenous switching costs in a duopoly model. Int J Ind Organ 8(3):353–373CrossRef

Crémer J, Biglaiser G (2012) Switching costs and network effects in competition policy. In: Harrington JE, Katsoulacos Y (eds) Recent advances in the analysis of competition policy and regulation. Edward Elgar, Northampton, pp 13–27

Eaton BC, Eswaran M (2002) Noncooperative equilibria in 1-Shot games: a synthesis. In: Eaton BC (ed) Applied microeconomic theory. Edward Elgar, Northampton, pp 118–149

Farrell J, Klemperer P (2007) Coordination and lock-in: competition with switching costs and network effects. In: Armstrong M, Porter R (eds) Handbook of industrial organization, vol 3. Elsevier, Amsterdam, pp 1967–2072

Fonash P, Schneck P (2015) Cybersecurity: from months to milliseconds. Computer 46(1):42–50CrossRef

Fudenberg D, Levine DK (1992) Maintaining a reputation when strategies are imperfectly observed. Rev Econ Stud 59(3):561–579CrossRef

Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans Inf Syst Secur 5(4):438–457CrossRef

Greenberg J (1989) Deriving strong and coalition-proof Nash equilibria from an abstract game. J Econ Theory 49(1):195–202CrossRef

Hogan M, Sokol A, Liu F, Tong J (2011) NIST cloud computing standards roadmap. National Institute of Standards and Technology Special Publication 500-291, GaithersburgCrossRef

Kahn CM, Mookherjee D (1992) The good, the bad, and the ugly: coalition proof equilibrium in infinite games. Games Econ Behav 4(1):101–121CrossRef

Katz ML, Shapiro C (1992) Product introduction with network externalities. J Ind Econ 40(1):55–83CrossRef

Klemperer P (1995) Competition when consumers have switching costs: an overview with applications to industrial organization, macroeconomics, and international trade. Rev Econ Stud 62(4):515–539CrossRef

Knipp E, Clayton T, Watson R (2016) A guidance framework for architecting portable cloud and multicloud applications. Gartner, Stamford

Lee R (2014) Competing platforms. J Econ Manag Strategy 23(3):507–526CrossRef

Lookabaugh T, Sicker DC (2004) Security and lock-in. In: Camp LJ, Lewis S (eds) Economics of information security. Kluwer Academic, Norwell, pp 225–246CrossRef

Lynn T (2021) Dear Cloud, I think we have trust issues: cloud computing contracts and trust. In: Lynn T et al (eds) Cloud computing contracts and trust. Palgrave, Cham, pp 21–42

Opara-Martins J, Sahandi R, Tian F (2016) Critical analysis of vendor lock-in and its impact on cloud computing migration: a business perspective. J Cloud Comput Adv Syst Appl 5(4):1–18

Padilla AJ (1991) Consumer switching costs: a survey. Invest Econ (segunda Época) 15(3):485–504

Parker GG, Van Alstyne MW (2005) Two-sided network effects: a theory of information product design. Manag Sci 51(10):1494–1504CrossRef

Pectu D (2011) Portability and interoperability between clouds: challenges and case study. In: Abramowicz W et al (eds) Towards a service-based Internet, LNCS, vol 6994. Springer, Berlin, pp 62–74CrossRef

Raj A, Jain N, Chauhan (2021) Mapping security issues and concerns in cloud computing with compromised security attributes. In: Agrawal R et al (eds) Cybersecurity in emerging digital era. ICCEDE 2020. Springer, pp 24–40

Razavian SM, Khani H, Yazdani N, Ghassemi F (2013) An analysis of vendor lock-in problem in cloud storage. In: 3rd international conference on computer and knowledge engineering (ICCKE 2013). IEEE, Mashad, Iran

Ruan K (2017) Introducing cybernomics: a unifying economic framework for the measurement of risk. Comput Secur 65:77–89CrossRef

Rubinstein A (1982) Perfect equilibrium in a bargaining model. Econometrica 50(1):97–110CrossRef

Salies E (2012) Product innovation when consumers have switching costs. In: Dietrich M, Krafft J (eds) Handbook on the economics and theory of the firm. Elgar, Northampton, pp 436–447

Scott Morton F (2021) Remarks on interoperability. Quoted in, Holland M, For big tech regulation, a hammer may not be the answer, TechTarget Network. https://searchcio.techtarget.com/news/252501604/For-big-tech-regulation-a-hammer-may-not-be-the-answer. Accessed 23 June 2021

Sen R, Verma A, Helm GR (2020) Impact of cyberattacks by malicious hackers on the competition in software markets. J Manag Inf Syst 37(1):191–216CrossRef

Shaked A, Sutton J (1984) Involuntary unemployment as a perfect equilibrium in a bargaining model. Econometrica 52(6):1351–1364CrossRef

Shapiro C, Varian HR (1999) Information rules. A strategic guide to the networking economy. Harvard Business School Press, Boston

Statistica.com (2021) Public cloud services end-user spending worldwide from 2009 to 2022. https://www.statista.com/statistics/273818/global-revenue-generated-with-cloud-computing-since-2009/. Accessed 23 June 2021

Subramanian N, Jeraraj A (2019) Recent security challenges in cloud computing. Comput Electr Eng 71:28–42CrossRef

Tatsumoto H (2021) Platform strategy for global markets. Springer, SingaporeCrossRef

Varian HR (2004) Competition and market power. In: Varian HR, Farrell J, Shapiro C (eds) The economics of information technology. An introduction. Cambridge University Press, Cambridge, pp 1–47CrossRef

Villas-Boas JM (2015) A short survey on switching costs and dynamic competition. Int J Res Mark 32(2):219–222CrossRef

Vives X (2018) Strategic complementarities in oligopoly. In: Corchón LC, Marini MA (eds) Handbook of game theory and industrial organization. Edward Elgar, Northampton, pp 9–36

Wohlfarth M (2019) Data portability on the Internet. Bus Inf Syst Eng 61(5):551–574CrossRef

Young A, Yung M (1996) Cryptovirology: extortion-based security threats and countermeasures. In: Proceedings of the 1996 IEEE symposium on security and privacy. IEEE, Oakland, CA, pp 129–140

Title: Security-Induced Lock-In in the Cloud
Author: Daniel Arce
Publication date: 12-01-2022
Publisher: Springer Fachmedien Wiesbaden
Published in: Business & Information Systems Engineering / Issue 4/2022
Print ISSN: 2363-7005
Electronic ISSN: 1867-0202
DOI: https://doi.org/10.1007/s12599-021-00729-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

WIRTSCHAFTSINFORMATIK

Business & Information Systems Engineering

Wirtschaftsinformatik & Management

Other articles of this Issue 4/2022

Gameful Learning for a More Sustainable World

Metaverse: How to Approach Its Challenges from a BISE Perspective

Identifying Competitive Attributes Based on an Ensemble of Explainable Artificial Intelligence

Identifying Digital Transformation Paradoxes

Virtual Coaches

Quo Vadis Information Systems Research in Times of Digitalization?

Premium Partner