Abstract
Firms hesitate to outsource their network security to outside security providers (called Managed Security Service Providers or MSSPs) because an MSSP may shirk secretly to increase profits. In economics this secret shirking behavior is commonly referred to as the Moral Hazard problem. There is a counter argument that this moral hazard problem is not as significant for the Internet security outsourcing market because MSSPs work hard to build and maintain their reputations which are crucial to surviving competition. Both arguments make sense and should be considered to write a successful contract. This paper studies the characteristics of optimal contracts (payment to MSSPs) for security outsourcing market by setting up an economic framework that combines both effects. It is shown that an optimal contract should be performance-based. The degree of performance dependence decreases if the reputation effect becomes more significant. We also show that if serving a large group of customers helps the provider to improve service quality significantly (which is observed in the internet security outsourcing market), an optimal contract should always be performance-based even if a strong reputation effect exists.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aubert, B., Patry, M., Rivard, S.: Assessing the Risk of IT Outsourcing. In: Proc. 31st Annual Hawaii International Conference on System Sciences (1998)
Aubert, B., Patry, M., Rivard, S.: A Tale of Two Outsourcing Contracts: An agency-theoretical perspective. Wirtschaftsinformatik 45(2), 181–190 (2003)
California Database Breach Act (SB 1386). California Senate (2002), http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
Counterpane Internet Security Wins Prestigious Red Herring 100 Award. Counterpane Media Releases (2004)
Counterpane Internet Security Announces Suite of Managed Security Services Designed for Small and Mid-Sized Enterprises. Counterpane Media Releases (2004)
Bakos, Y., Brynjolfsson, E.: Information Technology, Incentives and the Optimal Number of Suppliers. Journal of Management Information Systems 10(2) (1993)
Banerjee, A., Duflo, E.: Reputation Effects and the Limits of Contracting: A Study of the Indian Software Industry. World Congress of the Econometric Society (2000)
Bryson1, K.M., Sullivan, W.E.: Designing Effective Incentive-Oriented Outsourcing Contracts for ERP Systems. In: Proc. of 35th Hawaii International Conference on System Sciences (2002)
Dejong, D., Forsythe, R., Lundholm, R.: Ripoffs, Lemons, and Reputation Formation in Agency Relationships: A Laboratory Market Study. The Journal of Finance (July 1985)
DeSouza, R.I.: IT Outsourcing Market Forecast. Gartner (March 2004)
Gomes, A.: Going Public without Governance: Managerial Reputation Effects. The Journal of Finance (April 2000)
Gramm-Leach-Bliley Act of 1999, Federal Trade Commission (1999), http://www.ftc.gov/privatcy/glbact/
The Health Insurance Portability and Accountability Medicaid Services (1996), http://www.cms.hhs.gov/hipaa/
Holmstrom, B.: Moral Hazard and Observability. The Bell journal of Economics 10(1), 74–91 (1979)
Kaplan, J.: Outsourcing Trends-A Matter of Perspective? Business Communications Review, 46–50 (August 2003)
Lacity, M.C., Hirschheim, R.: Information Systems Outsourcing. John Wiley & Sons, Chichester (1993)
Lacity, M.C., Willcocks, L.P.: An Empirical Investigation of Information Technology Sourcing Practices: Lessons from Experience. MIS Quarterly (September 1998)
Lambert, R.A.: Long-term Contracts and Moral Hazard. Bell Journal of Economics 14(2), 441–452 (1983)
Miller, S.: Leaders of the MSSP Pack: Counterpane & Ubizen keep. Processor 26(20) (May 2004)
Rogerson, W.: The First-Order Approach to Principal-Agent Problems. Econometrica 53(6), 853–877 (1985)
Sarbanes-Oxley Act of 2002. U.S. Securities and Exchange Commission (2002), http://www.sarbanes-oxley-forum.com/
Spear, S., Srivastava, S.: On Repeated Moral Hazard with Discounting. The Review of Economic Studies 54(4), 599–617 (1987)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ding, W., Yurcik, W., Yin, X. (2005). Outsourcing Internet Security: Economic Analysis of Incentives for Managed Security Service Providers. In: Deng, X., Ye, Y. (eds) Internet and Network Economics. WINE 2005. Lecture Notes in Computer Science, vol 3828. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11600930_96
Download citation
DOI: https://doi.org/10.1007/11600930_96
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30900-0
Online ISBN: 978-3-540-32293-1
eBook Packages: Computer ScienceComputer Science (R0)