Business use of cloud computing services is motivated by ease of use and potential financial cost reductions. Service failure may occur when the service provider does not protect information or when the use of the services becomes overly complex and difficult. The benefits of cloud computing also bring optimization challenges for the information owners who must assess service security risks and the degree to which new human behaviors are required. In this research, we look at the risk of identity theft when ease of service access is provided through a single sign-on (SSO) authorization, asking: What are the optimal behavioral expectations for a cloud service information owner? Federated identity management provides well-developed design literature on strategies for optimizing human behaviors in relation to the new technologies. We briefly review the literature and then propose a working solution that optimizes the trade-off between disclosure risk, human user risk, and service security.
Read full abstract