Dynamics of Shared Security in the Cloud

Cloud services exist under a shared security environment with a dynamic nature; users trade fixed costs for variable costs over time, and both cloud services providers (CSPs) and users contribute to overall security. We investigate the nature of shared security in a dynamic game where users’ security contributions and cloud usage figure into their CSP’s vulnerability. Furthermore, CSPs’ own security contribution takes into account both their users as well as competition with other CSPs. The Markov perfect equilibrium reveals the long-term time patterns of security of the cloud. In particular, we identify a novel form of time-path strategic complementary between usage and a CSP’s Markov state of security. This implies that cloud security is an unusual form of impure public good, whereby individual contributions bolstering a CSP’s security endow a selective incentive (private benefit) on others rather than on the contributor alone. Because this increases usage, CSP vulnerability increases over time. At the same time, CSP competition on security may lead to both welfare improvements for users and lock-in.

History: Martin Bichler, Senior Editor; Yifan Dou, Associate Editor.

Supplemental Material: The online appendix is available at https://doi.org/10.1287/isre.2023.0256.