Abstract
This paper takes into account an economic perspective of security and innovation. In particular, it discusses aspects of economics that may be relevant in order to assess and deploy security technologies. At the micro level of analysis, as an example, this paper highlights discussions on the economics of security in the cloud. Do we really understand the economics of security in the cloud? Are there economic models that capture operational security in the cloud? Early work at HP Labs on trust economics underpins a systematic approach to information security decision-making and risk management. The results on trust economics highlight how economics may drive operational security and the deployment of security technologies. At the macro level of analysis, drawn from ongoing work within the Security and Trust Coordination and Enhanced Collaboration, this paper links economics to innovation in cyber security and privacy. Despite the R&D investments in cyber security and privacy, the general perception is that security and privacy technologies are deployed ineffectively. This paper also presents an integrated framework taking into account market perspectives that may support identifying suitable R&D strategies and assessing their impact.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The Economist: Defending the digital Frontier, Special Report on Cyber-Security (2014)
Anderson, R., Boehme, R., Clayton, R., Moore, T.: Security Economics and the Internal Market. ENISA (2008)
Maughan, D., Balenson, D., Lindqvist, U., Tudor, Z.: Crossing the valley of death: transitioning cybersecurity research into practice. IEEE Secur. Priv. 11, 14–23 (2013)
Benzel, T.V., Lipner, S.: Crossing the great divide: transferring security technology from research to the market. IEEE Secur. Priv. 11, 12–13 (2013)
IDC: Worldwide and Regional Public IT Cloud Services 2013–2017 Forecast (2013)
The Economist: Securing the Cloud (2002)
Pfleeger, S.L., Rue, R.: Cybersecurity economic issues: clearing the path to good practice. IEEE Softw. 25, 35–42 (2008)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing, NIST Special Publication 800-145, September 2011
Pieters, W.: Defining “The Weakest Link”: comparative security in complex systems of systems. In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 39–44. IEEE Computer Society (2013)
Felici, M., Jaatun, M.G., Kosta, E., Wainwright, N.: Bringing accountability to the cloud: addressing emerging threats and legal perspectives. In: Felici, M. (ed.) CSP EU FORUM 2013. CCIS, vol. 182, pp. 28–40. Springer, Heidelberg (2013)
Prüfer, J.: How to govern the cloud? characterizing the optimal enforcement institution that supports accountability in cloud computing. In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 33–38. IEEE Computer Society (2013)
Díaz-Sánchez, F., Al Zahr, S., Gagnaire, M.: An exact placement approach for optimizing cost and recovery time under faulty multi-cloud environments. In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 138–143. IEEE (2013)
Johnson, K., Wang, Y., Calinescu, R., Sommerville, I., Baxter, G., Tucker, J.V.: Services2Cloud: a framework for revenue analysis of software-as-a-service provisioning. In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 144–151. IEEE Computer Society (2013)
Tsalis, N., Theoharidou, M., Gritzalis, D.: Return on security investment for cloud platforms. In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 132–137. IEEE Computer Society (2013)
HP: Trust Economics: A Systematic Approach to Information Security Decision Making. HP Labs (2011)
Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. European Network & Information Security Agency (2009)
Baldwin, A., Pym, D., Shiu, S.: Enterprise information risk management: dealing with cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing. Computer Communications and Networks, pp. 257–291. Springer, London (2013)
Lloyd’s: Managing Digital Risk: Trends, Issues and Implications for Business (2010)
Auerswald, P.E., Branscomb, L.M.: Valleys of death and darwinian seas: financing the invention to innovation transition in the united states. J. Technol. Transf. 28(3–4), 227–239 (2003). Kluwer Academic Publishers
D’Amico, A., O’Brien, B., Larkin, M.: Building a bridge across the transition chasm. IEEE Secur. Priv. 11(2), 24–33 (2013)
Mankins, J.C.: Technology Readiness Levels: A White Paper. NASA (1995)
NASA: HRST Technology Assessments Technology Readiness Levels, Chart (1995)
Mankins, J.C.: Research & Development Degree of Difficulty (R&D3). NASA (1998)
ENISA: Security Economics & the Internal Market: Evaluation of Stakeholder Replies (2008)
ENISA: Security Economics & the Internal Market, Conclusions on Follow-up Activities (2008)
INSEAD: The Global Innovation Index 2012: Stronger Innovation Linkages for Global Growth, INSEAD and WIPO (2012)
Kapletia, D., Felici, M., Wainwright, N.: An integrated framework for innovation management in cyber security and privacy. In: Cleary, F., Felici, M. (eds.) CSP Forum 2014. CCIS, vol. 470, pp. 135–147. Springer, Heidelberg (2014)
ENISA: Activity Report, European Public+Private Partnership for Resilience (2012)
ENISA: Work Objectives, European Public+Private Partnership for Resilience (2013)
NIST: Between Invention and Innovation: An Analysis of Funding for Early-Stage Technology Development. NIST GCR 02–841, November 2002
Hartmann, G.C., Myers, M.B.: Technical risk, product specifications, and market risk. In: Branscomb, L.M., Auerswald, P.E. (eds.) Taking Technical Risks: How Innovators, Executives, and Investors Manage High-Tech Risks. MIT Press, Cambridge (2003)
European Commission: Pre-Commercial Procurement: Driving Innovation to Ensure High Public Services in Europe, European Communities (2008)
European Commission: Opportunities for Public Technology Procurement in the ICT-related sectors in Europe, Final Report (2008)
European Commission: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Pre-commercial Procurement: Driving innovation to ensure sustainable high quality public services in Europe, SEC(2007) 1668, COM(2007) 799 final, Brussels (2007)
Acknowledgements
I would like to thank colleagues at HP Labs, in particular, Yolanta Beres, Dharm Kapletia, Simon Shiu and Nick Wainwright, who supported me with different materials I further elaborated in this paper. Their work has provided me solid foundations for my research interests. The work on the ‘economics of security in the cloud’ and the ‘integrated framework for innovation management’ has been partially funded by the Security and Trust Coordination and Enhanced Collaboration (SecCord) – http://www.seccord.eu/ – grant agreement 316622 within the Seventh Framework Programme (FP7) of the European Commission. The section on technological innovation pathways has benefited from feedback by the SecCord’s Advisory Focus Group.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Felici, M. (2014). Economics, Security and Innovation. In: Altmann, J., Vanmechelen, K., Rana, O. (eds) Economics of Grids, Clouds, Systems, and Services. GECON 2014. Lecture Notes in Computer Science(), vol 8914. Springer, Cham. https://doi.org/10.1007/978-3-319-14609-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-14609-6_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14608-9
Online ISBN: 978-3-319-14609-6
eBook Packages: Computer ScienceComputer Science (R0)