How to Govern the Cloud? Characterizing the Optimal Enforcement Institution that Supports Accountability in Cloud Computing

This paper applies economic governance theory to the cloud computing industry. We analyze which governance institution may be best suited to solve the problems stemming from asymmetric information about the true level of data protection, security, and accountability offered by cloud service providers. We conclude that certification agencies - private, independent organizations which award certificates to cloud service providers meeting certain technical and organizational criteria - are the optimal institution available. Those users with high valuation for accountability will be willing to pay more for the services of certified providers, whereas other users may patronize uncertified providers.