Growth and Sustainability of Managed Security Services Networks: An Economic Perspective

Managed security service provider (MSSP) networks are a form of collaboration where several firms share resources such as diagnostics, prevention tools, and policies to provide security for their computer networks. While the decision to outsource the security operations of an organization may seem counterintuitive, there are potential benefits from joining an MSSP network that include pooling of risk and access to more securityenabling resources and expertise. We examine structural results explaining the reasons firms join an MSSP network, and characterize the growth of MSSP network size under different forms of ownership (monopoly versus consortium). We find that the need for an initial investment in MSSP networks (which is necessary to overcome the stalling effect) only affects the optimal network size for a consortium but has no impact on the optimal network size for a profit-maximizing monopolist. Our results provide an explanation why the majority of the MSSPs are for-profit entities and consortium-based MSSPs are less common. Such a market structure can be attributed to the potential for larger size by the for-profit MSSP owner combined with beneficial pricing structure and a lack of growth uncertainty for the early clients.

[1]  C. Shapiro,et al.  Network Externalities, Competition, and Compatibility , 1985 .

[2]  Todd Sandler,et al.  On the Economic Theory of Alliances , 1975 .

[3]  Huseyin Cavusoglu,et al.  The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[4]  Julia H. Allen,et al.  Outsourcing Managed Security Services , 2003 .

[5]  B. Peleg,et al.  Introduction to the Theory of Cooperative Games , 1983 .

[6]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[7]  H. Varian,et al.  The Art of Standards Wars , 1999 .

[8]  Wirtschaftswisseschaftlichen Fakultät Network Effects, Compatibility, and Adoption of Standards: Essays in Empirical Industrial Economics , 2004 .

[9]  Paul Black,et al.  Public goods and externalities , 2005 .

[10]  Elizabeth E. Bailey,et al.  Contestability and the Design of Regulatory and Antitrust Policy , 1981 .

[11]  Eric T. G. Wang,et al.  Electronic data interchange: competitive externalities and strategic implementation policies , 1995 .

[12]  Lawrence A. Gordon,et al.  Sharing Information on Computer Systems Security: An Economic Analysis , 2003 .

[13]  S. Oren,et al.  Critical Mass and Tariff Structure in Electronic Communications Markets , 1981 .

[14]  John A. Aloysius,et al.  The selection of joint projects by a consortium: Cost sharing mechanisms , 1999, J. Oper. Res. Soc..

[15]  S. Liebowitz,et al.  Path Dependence, Lock-In, and History , 1995 .

[16]  Todd Sandler,et al.  The Economic Theory of Alliances , 1993 .

[17]  A. Ozment,et al.  Bug Auctions: Vulnerability Markets Reconsidered , 2004 .

[18]  Joseph Farrell,et al.  Choosing How to Compete: Strategies and Tactics in Standardization , 1994 .

[19]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[20]  N. Economides The Economics of Networks , 1995 .

[21]  A. Sundararajan Nonlinear pricing and type-dependent network effects , 2004 .

[22]  J. Bradford DeLong,et al.  Speculative Microeconomics for Tomorrow's Economy , 2000, First Monday.

[23]  Luís M. B. Cabral,et al.  Monopoly Pricing With Network Externalities , 1999 .

[24]  Nicholas Economides,et al.  Compatibility and Market Structure for Network Goods , 1997 .

[25]  Andrew Whinston,et al.  A Stochastic Equilibrium Model of Internet Pricing , 1997 .

[26]  Stuart E. Schechter Toward econometric models of the security risk from remote attacks , 2005, IEEE Security & Privacy.

[27]  Nicholas Economides,et al.  Critical Mass and Network Evolution in Telecommuni-cations , 2013 .

[28]  L. J. Camp Pricing Security , 2000 .

[29]  Jeffrey H. Rohlfs A theory of interdependent demand for a communications service , 1974 .

[30]  Neil Gandal,et al.  Compatibility, Standardization, and Network Effects: Some Policy Implications , 2002 .

[31]  Robert J. Kauffman,et al.  Economics and Electronic Commerce: Survey and Directions for Research , 2001, Int. J. Electron. Commer..

[32]  Joseph Farrell,et al.  Installed base and compatibility : innovation, product preannouncements and predation , 1986 .

[33]  Rafael Rob,et al.  Shared ownership and pricing in a network switch , 1996 .

[34]  P. Klemperer,et al.  Coordination and Lock-In: Competition with Switching Costs and Network Effects , 2006 .

[35]  John R. Oneal,et al.  The theory of collective action and burden sharing in NATO , 1990, International Organization.

[36]  Michael D. Smith,et al.  How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks , 2003, Financial Cryptography.

[37]  L. Shapley A Value for n-person Games , 1988 .

[38]  Neil Gandal,et al.  Indirect Network Effects and Adoption Externalities , 2002 .

[39]  Todd Sandler,et al.  Alliance Formation, Alliance Expansion, and the Core , 1999 .

[40]  C. Shapiro,et al.  Systems Competition and Network Effects , 1994 .

[41]  Anindya Ghose,et al.  The Economic Incentives for Sharing Security Information , 2004, Inf. Syst. Res..

[42]  Karthik N. Kannan,et al.  An Economic Analysis of Market for Software Vulnerabilities , 2004 .

[43]  Paul A. David,et al.  Economics of compatibility standards and competition in telecommunication networks , 1994 .

[44]  Pierre Regibeau,et al.  A selective review of the economics of standardization. Entry deterrence, technological progress and international competition , 1996 .

[45]  F. Riggins,et al.  The growth of interorganizational systems in the presence of network externalities , 1994 .

[46]  David R. Henderson,et al.  concise encyclopedia of economics , 2008 .

[47]  K. Hausken Income, interdependence, and substitution effects affecting incentives for security investment , 2006 .

[48]  Tim Weitzel,et al.  Reconsidering Network Effect Theory , 2000, ECIS.

[49]  P. Newman The new Palgrave dictionary of economics and the law , 1998 .