Impact of security risks on cloud computing adoption

Article · September 2011with38 Reads
DOI: 10.1109/Allerton.2011.6120232


    Cloud computing has been a paradigm shift in the information technology domain. It offers potential benefits to users in terms of instant availability, scalability and resource sharing, while potentially posing security issues. Especially, recent events like Amazons system failure increased the concerns related to cloud computing1. Given these security and reliability concerns, we explore the optimal decision rule for moving certain IT function to public clouds. We formulate the problem as an entrepreneurial decision for an optimal stopping time at which the entrepreneur shall migrate to the cloud computing paradigm. Two different models are presented. Recognizing that an important and specific issue related to different computing paradigm is the potential “security” risk posed by each technology, we consider security risks in both models. The first model approaches the optimal adoption problem from assessing the cloud computing adoption under project value uncertainty. The entrepreneur has the timing flexibility and solves his optimal adoption decision under uncertainty. The optimal adoption rule obtained is a threshold strategy. A firm should adopt the cloud computing only if the value from the adoption exceeds the threshold level. The second model builds on a comprehensive assessment of two different computing paradigms. The entrepreneur can either keep the traditional on-site computing paradigm or migrate to the cloud computing paradigm. His problem is to make the paradigm shift optimally. We model such a problem as optimally swapping two “risky” assets, which refer to benefits of the traditional on-site computing paradigm and those of the cloud computing paradigm. The term “risky” captures the fact that actual benefits can only be resolved through time, and thus estimates of benefits are embedded with uncertainty. We obtain the optimal swapping rule as a threshold strategy, defined in terms of the two benefit ratio. A firm should only shift the part of its business to the cloud computing service if the ratio, the benefit from the cloud computing paradigm over that from the traditional on-site computing paradigm, exceeds the threshold. In both models, both the extent of riskiness (i.e. uncertainty) and the significance of security risks (both in terms of potential occurrence probability and the severity of damage) affect the threshold level, thus the entrepreneurial adoption decision.