Cloud Services vs. On-Premises Software: Competition Under Security Risk and Product Customization

References

• Alert Logic (2017) Alert Logic releases 2017 cloud security report. Press release, Alert Logic, Houston, Texas. Accessed February 5, 2020, https://www.alertlogic.com/press-releases/alert-logic-releases-2017-cloud-security-report/.Google Scholar
• Arora A, Telang R, Xu H (2008) Optimal policy for software vulnerability disclosure. Management Sci. 54(4):642–656.Link, Google Scholar
• August T, Tunca TI (2006) Network software security and user incentives. Management Sci. 52(11):1703–1720.Link, Google Scholar
• August T, Tunca TI (2011) Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Sci. 57(5):934–959.Link, Google Scholar
• August T, Niculescu MF, Shin H (2014) Cloud implications on software network structure and security risks. Inform. Systems Res. 25(3):489–510.Link, Google Scholar
• Babcock C (2016) Gartner sees $1 trillion shift in IT spending to cloud. InformationWeek (July 25), http://www.informationweek.com/cloud/infrastructure-as-a-service/gartner-sees-$1-trillion-shift-in-it-spending-to-cloud/d/d-id/1326372.Google Scholar
• Balasubramanian S, Bhattacharya S, Krishnan VV (2015) Pricing information goods: a strategic analysis of the selling and pay-per-use mechanisms. Marketing Sci. 34(2):218–234.Link, Google Scholar
• Chen PY, Kataria G, Krishnan R (2011) Correlated failures, diversification, and information security risk management. Management Inform. Systems Quart. 35(2):397–422.Crossref, Google Scholar
• Chen PY, Wu SY (2013) The impact and implications of on-demand services on market structure. Inform. Systems Res. 24(3):750–767.Link, Google Scholar
• Chesher A (1989) Hajek inequalities, measures of leverage and the size of heteroskedasticity robust wald tests. Econometrica 57(4):971–977.Crossref, Google Scholar
• Choudhary V (2007) Comparison of software quality under perpetual licensing and software as a service. J. Management Inform. Systems 24(2):141–165.Crossref, Google Scholar
• Choudhary V, Zhang Z (2015) Research note—Patching the cloud: The impact of SaaS on patching strategy and the timing of software release. Inform. Systems Res. 26(4):845–858.Link, Google Scholar
• Choudhary V, Tomak K, Chaturvedi A (1998) Economic benefits of renting software. J. Organ. Comput. Electronic Commerce 8(4):277–305.Crossref, Google Scholar
• Conn S (2014) Gartner highlights the top 10 cloud myths. Gartner (October 28), https://www.gartner.com/en/newsroom/press-releases/2014-10-28-gartner-highlights-the-top-10-cloud-myths.Google Scholar
• Constantin L (2014) Hacker puts “full redundancy” code-hosting firm out of business. PCWorld (June 19), https://www.pcworld.com/article/2365602/hacker-puts-full-redundancy-codehosting-firm-out-of-business.html.Google Scholar
• Dey D, Lahiri A, Zhang G (2014) Quality competition and market segmentation in the security software market. Management Inform. Systems Quart. 38(2):589–606.Crossref, Google Scholar
• Fan M, Kumar S, Whinston AB (2009) Short-term and long-term competition between vendors of shrink-wrap software and software as a service. Eur. J. Oper. Res. 196(2):661–671.Crossref, Google Scholar
• Gabaix X, Laibson D, Li D, Li H, Resnick S, de Vries CG (2016) The impact of competition on prices with numerous firms. J. Econom. Theory 165:1–24.Crossref, Google Scholar
• Guo ZL, Ma D (2017) A model of competition between perpetual software and software as a service. Management Inform. Systems Quart. 42(1):101–120.Crossref, Google Scholar
• Greenemeier L, Hoover JN (2007) How does the hacker economy work? InformationWeek (February 9), https://www.informationweek.com/how-does-the-hacker-economy-work/d/d-id/1051843.Google Scholar
• Hui KL, Hui W, Yue T (2013) Information security outsourcing with system interdependency and mandatory security requirement. J. Management Inform. Systems 29(3):117–156.Crossref, Google Scholar
• IBM Security (2019) 2019 Cost of a data breach report. Report, IBM, Armonk, NY.Google Scholar
• IDC (2019) Worldwide public cloud services spending will more than double by 2023, according to IDC. Report, IDC, Framingham, MA.Google Scholar
• Katz ML, Shapiro C (1985) Network externalities, competition, and compatibility. Amer. Econom. Rev. 75(3):424–440.Google Scholar
• Kannan K, Telang R (2005) Market for software vulnerabilities? Think again. Management Sci. 51(5):726–740.Link, Google Scholar
• Karanika V (2013) The cloud, mobility… and beyond. Accessed January 28, 2019, https://www.cisco.com/c/dam/global/el_gr/assets/connect2013/pdfs/015_idc_evangelos_karanikas.pdf.Google Scholar
• Kim BC, Chen PY, Mukhopadhyay T (2011) The effect of liability and patch release on software security: The monopoly case. Production Oper. Management 20(4):603–617.Crossref, Google Scholar
• King R (2014) Forrester: public cloud market will reach $191B by 2020. ZDNet (April 24), http://www.zdnet.com/article/forrester-public-cloud-market-will-reach-191b-by-2020/.Google Scholar
• Kreps DM (1977) A note on fulfilled expectations equilibria. J. Econom. Theory 14(1):32–43.Crossref, Google Scholar
• Laffont J-J, Tirole J (1988) The dynamics of incentive contracts. Econometrica 56(5):1153–1175.Crossref, Google Scholar
• Laffont J-J, Tirole J (1993) A Theory of Incentives in Procurement and Regulation (MIT Press, Cambridge, MA).Google Scholar
• Landewe M (2016) Widespread attack on Office 365 corporate users with zero-day ransomware virus. Avanan (June 27), https://www.avanan.com/blog/attack-on-office-365-corporate-users-with-zero-day-ransomware-virus.Google Scholar
• Lee CH, Geng X, Raghunathan S (2016) Mandatory standards and organizational information security. Inform. Systems Res. 27(1):70–86.Link, Google Scholar
• Ma D, Seidmann A (2015) Analyzing software as a service with per-transaction charges. Inform. Systems Res. 26(2):360–378.Link, Google Scholar
• MacLeod WB, Malcomson JM (1993) Investments, holdup, and the form of market contracts. Amer. Econom. Rev. 83(4):811–837.Google Scholar
• Mitra S, Ransbotham S (2015) Information disclosure and the diffusion of information security attacks. Inform. Systems Res. 26(3):565–584.Link, Google Scholar
• Muller HM (2000) Asymptotic efficiency in dynamic principal-agent problems. J. Econom. Theory 91(2):292–301.Crossref, Google Scholar
• Niculescu MF, Wu DJ (2014) Economics of free under perpetual licensing: implications for the software industry. Inform. Systems Res. 25(1):173–199.Link, Google Scholar
• Sarno D, Rodriguez S (2011) Hacker attacks show vulnerability of cloud computing. Los Angeles Times (June 17), http://articles.latimes.com/2011/jun/17/business/la-fi-cloud-security-20110617.Google Scholar
• Schneier B (2015) Should companies do most of their computing in the cloud? (Part 1) (June 10), https://www.schneier.com/blog/archives/2015/06/should_companie.html.Google Scholar
• Seals T (2016) Cloud service adoption leads to more data breaches. Infosecurity (October 14), https://www.infosecurity-magazine.com/news/cloud-service-adoption-leads-data/.Google Scholar
• Steiner P (2014) Customization is the name of the game in cloud computing. Betanews (August 11), https://betanews.com/2014/08/11/customization-is-the-name-of-the-game-in-cloud-computing/.Google Scholar
• Sun W, Zhang X, Guo CJ, Sun P, Su H (2008) Software as a service: Configuration and customization perspectives. Zhang LJ, Hofmann P, eds. 2008 IEEE Congress Services Part II (Services-2 2008) (IEEE Computer Society Press, Los Alamitos, CA), 18–25.Google Scholar
• Sundararajan A (2004) Nonlinear pricing of information goods. Management Sci. 50(12):1660–1673.Link, Google Scholar
• Verizon (2017) 2017 data breach investigations report. Report, Verizon, New York.Google Scholar