Trusting privacy in the cloud☆
Introduction
Cloud computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction (US National Institute of Standards and Technology, 2009). Typical cloud services are delivery of software, infrastructure, and storage over the Internet, based on user demand. The use of cloud computing technologies decreases the fixed costs and transaction costs of using computer power. It makes the supply of information technology (IT) resources more flexible for users and consequently reduces the risks of fixed, long-term investments in IT infrastructure. In short, cloud computing technologies have a huge upside potential increasing the efficiency of many IT applications and, thereby, innovation and economic growth (Etro, 2009). Global cloud market revenues are predicted to increase from U$180b in 2015 to U$390b in 2020, attaining 17% annual average growth.1 All indicators for the scope of the cloud computing industry, such as data traffic, the amount of data centers or the amount of cloud services are also predicted to grow exponentially (Cisco, 2018).
But there are important impediments to the wide adoption of cloud computing. Most importantly, many users—both individual consumers managing their personal files and businesses using IT services as input into their own production—worry that data outsourced to the cloud can be accessed by others, notably public authorities with legitimate or illegitimate objectives as well as legal and illegal private actors (August et al., 2014).2 Such concerns regarding privacy, security, and data protection are a key obstacle that hinder the cloud industry to realize its full economic and technological potential (Catteddu and Hogben, 2009).3
In cloud computing the key question is not about the optimal level of privacy regulation, that is, how much data on consumers’ behavior should a provider be allowed to collect and use legally.4 Instead, the key problem to be studied in this context is how to enforce cloud service providers’ promises to protect users’ privacy and data security concerns. This is a problem of accountability, a situation where both a cloud service provider and a user “should be able to check whether the cloud is running the service as agreed. If a problem appears, they should be able to determine which of them is responsible, and to prove the presence of the problem to a third party, such as an arbitrator or a judge” (Haeberlen, 2010); see also (Pearson, 2011). A high level of accountability corresponds to a high level of data security, which is not only implemented by a cloud service provider but also trusted by users. As providers have significantly more technical knowledge and industry experience than most users, the underlying economic problem is asymmetric information.
As a consequence of asymmetric information, a leading industry representative summarized the three key problems of the cloud computing industry:5 First, a standard cloud-specific definition of security is needed. Second, a streamlined process for evaluating cloud service providers is needed. Third, security fears to cloud adoption have to be overcome. The most advanced idea to tackle these issues is “[t]he emergence of a generally accepted cloud security “seal of approval” [that] should allay many of the concerns that stand in the way of this adoption.”
Hence, I study the following research questions. How can we incentivize cloud service providers to actually produce high accountability (or data security) levels and to keep their contractual obligations by implementing corresponding (costly) procedures? How can we make sure that users trust the promise of providers to implement certain levels of accountability? How can we reduce the information costs for users, many of whom lack the relevant knowledge or means to evaluate the accountability level of a given provider, such that they can make informed consumption decisions? Could the asymmetric information problem between cloud service providers and users be solved by introducing some type of certification scheme? If so, how to avoid that the certifier hands out certificates to every (paying) provider?
I propose answers to these questions by designing an institution that attenuates the problems of the cloud computing industry and show under which circumstances this institution can exist in equilibrium, thereby improving welfare. The characteristics of the proposed institution are compared with an actually existing one. I construct a game-theoretic model that builds on the insight by practitioners, that a two-layered certification mechanism may be able to solve the problem of dishonest certifiers. This scheme is built around a private nonprofit organization that I call cloud association, which is governed by representatives of both providers and users and which sources the actual auditing process out to a pool of independent for-profit certifiers.6
It is shown how and under which conditions the cloud association institution can induce an equilibrium where cloud service providers produce high accountability levels and users trust them and buy their services, for a premium. In this equilibrium, a provider chooses to produce a high accountability level, which meets the certification requirements determined by the cloud association, because it increases her profits. It increases her profits because users are willing to pay a premium for a provider’s services who is certified by the association. The certificate is reliable because certifiers have an incentive to invest effort in auditing and to honestly decide about the certification status of providers. This incentive exists because the cloud association performs random checks of the auditing procedure (“covert testing”) and because users who suffered from low accountability of a certified provider would have an incentive to complain with the association. Following a complaint, the cloud association would automatically investigate the case and, if it finds a breach of contract, revoke the provider’s certificate and ban the captured certifier from all future business. Cheated users would actually complain because they are reimbursed for damage suffered from low accountability if the association finds for them. In turn, the association would keep its promises because of the checks and balances institutionalized in the governance structure of the association’s board.
Section 2 provides a discussion of the relevant literature and identifies key characteristics of the optimal cloud governance institution. It also reports on an existing cloud certification mechanism. In Section 3, a model of the market interaction between cloud service providers and users (and third parties supporting their transaction) is presented. The model is analyzed in Section 4. Section 5 considers changes to the results if there is (more) competition at the provider or certifier levels, whereas Section 6 discusses implementation issues and practical implications. Section 7 concludes. The Appendix contains an overview of variables and parameters used, extensions, and formal proofs of the model’s results.
Section snippets
Institutional choice: Reputation, litigation, or certification?
Cloud computing is a highly innovative industry that is driven by technological progress. As research ranging from new aircraft technology (Forbes and Lederman, 2013) to new shipbuilding technology in the European middle ages (Masten and Prüfer, 2014) has shown, new technologies may require new institutions to govern an industry’s professional relationships. But how can users trust providers’ announced accountability levels—and, thereby, privacy and data security promises?
A Model of Cloud Governance
Here the model is presented. Subsection 3.2 contains a discussion of key assumptions.
Analysis
The six-stage game in period t is solved by backward induction. I first formally solve the model. Interpretation and economic intuition of the intermediate results are provided after the main proposition. Section 4.8 contains a numerical example and a figure, for illustration. Before the analysis, the incentives of the provider and the resulting expectations of users are clarified.
Competing cloud service providers
In the baseline model we have taken a shortcut by assuming a monopolistic provider. This has kept the model tractable. A more elaborate competition model would have to differentiate among several cases (not only elastic demand versus covered market) and hence could not include the entire spectrum of players we deem necessary for the proposed institution (cloud association, certifiers, provider, users). But if we were to model competition in a less stylized way, what type of model would be
Implementation challenges
The cloud association governance mechanism proposed here is novel. But related institutions do exist in practice, as the description of the Cloud Security Alliance (CSA) in Section 2 has shown. The key differences between the existing CSA scheme and the institution proposed in this paper are the following: First, my proposed scheme does not rely on governmental pre-licensing of certifiers by their national governments (because of the problems of public ordering discussed in Section 2). Second,
Conclusion
The huge upside potential that cloud computing technologies offer both to producers and users, teamed with significant impediments to realizing this potential because of users’ lack of trust in the security of sensitive data put to the cloud, got this study started. Such lack of trust is a consequence of several interrelated problems stemming from asymmetric information between sellers, buyers, and third parties supporting their transaction. Even if a cloud service provider implemented a high
References (53)
- et al.
Certification and minimum quality standards when consumers are uninformed
Eur. Econ. Rev.
(2014) - et al.
On the optimality of privacy in sequential contracting
J. Econ. Theory
(2006) Schemes for Auditing Security Measures: An Overview
European Union Agency for Network and Information Security
(2013)The NIST definition of cloud computing
(2009)Public and private bureaucracies: a transaction cost perspective
J. Law, Econ. Organiz.
(1999)- et al.
Conditioning prices on purchase history
Market. Sci.
(2005) - et al.
Optimal windows for aggregating ratings in electronic marketplaces
Manage. Sci.
(2010) - et al.
Cloud implications on software network structure and security risks
Inf. Syst. Res.
(2014) - et al.
Cooperation without enforcement? a comparative analysis of litigation and online reputation as quality assurance mechanisms
Manage. Sci.
(2011) - et al.
The dynamics of seller reputation: theory and evidence from ebay
J. Ind. Econ.
(2010)
Privacy regulation and market structure
J. Econ. Manag. Strat.
Competing with privacy
Manage. Sci.
An SME perspective on cloud computing
ENISA Survey
Personalization versus privacy: an empirical examination of the online consumer’s dilemma
Inf. Technol. Manage.
Online advertising and privacy
RAND J. Econ.
The digitization of word of mouth: promise and challenges of online feedback mechanisms
Manage. Sci.
The sound of silence in online feedback: estimating trading risks in the presence of reporting bias
Manage. Sci.
Consumers’ Privacy choices in the era of big data
Trade expansion and contract enforcement
J. Political Econ.
Governance institutions and economic activity
Amer. Econ. Rev.
Adverse selection in online ‘trust’ certifications and search results
Electron. Commer. Res. Appl.
The economic impact of cloud computing on business creation, employment and output in europe
Rev. Bus. Econ.
Internet Policy and Governance. Europe’s Role in Shaping the Future of Internet Governance
Communication from the Commission to The European Parliament, The Council, The European Economic and Social Committee and The Committee of the Regions. Brussels: COM(2014) 72/4
Faithful strategies: how religion shapes nonprofit management
Manage. Sci
Contract form and technology adoption in a network industry.
J. Law, Econ. Org.
Cited by (13)
Optimal checkout strategies for online retailers
2022, Journal of RetailingGovernance of data sharing: A law & economics proposal
2021, Research PolicyDoes personal data protection matter for ISO 9001 certification and firm performance?
2024, International Journal of Productivity and Performance ManagementMulti-Dimensional Certification of Modern Distributed Systems
2023, IEEE Transactions on Services ComputingNext Generation Cloud Computing: Security, Privacy and Trust Issues from the System View
2021, JCSSE 2021 - 18th International Joint Conference on Computer Science and Software Engineering: Cybernetics for Human Beings
- ☆
I am grateful to several seminar audiences at Tilburg University, at the A4Cloud General Meeting in Tilburg, the CPB in Den Haag, the International Society for New Institutional Economics at Duke University, and especially to Daniele Catteddu, Sebastian Dengler, Shivaram Devarakonda, Joeri van Hugten, Eleni Kosta, Ronald Leenes, Maartje Niezen, Erin O’Hara O’Connor, Bastiaan Overvest, and Patricia Prüfer who provided valuable feedback on an earlier draft of this paper. The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4Cloud). All errors are my own.