In this chapter, the authors discuss the diffusion of IT security solutions. The authors base their research on Roger’s diffusion of innovations theory, and derive a model for holistic ex-ante analysis of the market potential of such systems based on generic factors influencing the diffusion of security solutions. After giving an overview of the relevant aspects of diffusion of innovations theory, and presenting the approach to use it as a structuring tool in ex-ante analysis, the authors present case study analyses for three IT security solutions, demonstrating the applicability of the method, and the alignment of results produced by the method with actual market results.
TopIntroduction
Contemporary IT security solutions often appear disconnected from markets, user needs and economic contexts. Several security and privacy technologies have become market failures in recent years, for example advanced electronic signatures (Roßnagel, 2006) or web anonymity services (Feigenbaum, Freedman, Sander, & A. Shostack, 2002). Economic issues are often neglected by technology developers. Instead, security solutions continue to be designed with technological factors in mind, valuing marginal increases in security guarantees and even technical complexity over practical relevance. The underlying assumption is that these technologies will become a market success based on their technological sophistication and the elegance of their algorithmic design. The resulting business models are usually poorly aligned with real market demands, and fail to address important success factors appropriately.
As a quick literature review illustrates, this failure can not be attributed to a single factor. Costs and benefits of security solutions are often not distributed fairly, leading to a lack of incentive for users to adopt. Also, vendors of security technology often fail to consider the users’ willingness to pay when creating their price models, which results in overprizing and eventually a lack of market success. In addition, these technologies often fail to address user requirements, such as usability and accessibility by individuals and organizations (Greenwald, Olthoff, Raskin, & Ruch, 2004). Furthermore, the success of several security solutions might be increased if vendors were to market their solutions to different customer groups (Roßnagel, Zibuschka, Pimenides, & Deselaers, 2009).
Factors that influence the market success of information technology have been well researched in the economics and information systems domains. This has led to the development of widely accepted and used theories such as the diffusion of innovations theory (Rogers, 2003) and the technology acceptance model (Davis, 1989). Also numerous theories exist that enable researchers to deal with economic factors that influence the success of technologies such as network effects (Katz & Carl Shapiro, 1994), information asymmetries (Akerlof, 1970) and competition (Porter, 1998). However, the focus of these theories is on innovations in general and only little work has been done on the economics of information and communication security and privacy technologies. Therefore, the special economic properties of such solutions have not been considered in depth.
In this paper we propose a structured approach to assess the market compliance of security solutions, grounded in the Diffusion of Innovations theory (Rogers, 2003). We will demonstrate the feasibility of our approach on three different case studies of security solutions: electronic signatures, web anonymizers and federated identity management solutions. In each case study we try to identify driving factors and major obstacles and to provide recommendations on how to design and deploy security solutions in order to achieve higher acceptance in the future.