Abstract
The widespread use of cloud computing has brought cloud security to the forefront. The cloud provider and the firm assume varying degrees of joint responsibility for cloud security with cloud service models including IaaS, PaaS, and SaaS, to defend the strategic hacker. This paper builds a game-theoretical model to study cloud security management, in which we find that ignoring the strategic hacker leads to the dislocation security investment decisions (overinvestment or underinvestment) for the provider and the firm in bilateral refund contracts (BRCs). The strategic hacker’s attack effort is inverse U-shaped with cloud service models, leading to a free-riding problem between the provider and the firm. Furthermore, from the perspective of social welfare maximization, both the provider and the firm would underinvest or overinvest in cloud security. To solve the problem, we propose two new contract mechanisms: one is an internal effort-based contract, in which the provider oversees the firm internally and the compensation rate depends on the firm’s effort once the breach occurs. The other is an external effort-based contract, in which the monitoring agency supervises the efforts of the provider and the firm. We compare the two new contracts with BRCs and obtain the optimal choice for principals.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
