CISPA
Browse

To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset

Download (255.17 kB)
Version 2 2024-09-04, 06:56
Version 1 2024-03-05, 12:17
conference contribution
posted on 2024-09-04, 06:56 authored by Lea GröberLea Gröber, Rafael Mrowczynski, Vijay, Nimisha, Muller, Daphne A., Adrian Dabrowski, Katharina KrombholzKatharina Krombholz
Despite readily available cloud services, some people decide to self-host internal or external services for themselves or their organization. In doing so, a broad spectrum of commercial, institutional, and private self-hosters take responsibility for their data, security, and reliability of their operations. Currently, little is known about what motivates these self- hosters, how they operate and secure their services, and which challenges they face. To improve the understanding of self-hosters’ security mindsets and practices, we conducted a largescale survey (NS=994) with users of a popular self-hosting suite and in-depth follow-up interviews with selected commercial, non-profit, and private users (NI =41). We found exemplary behavior in all user groups; however, we also found a significant part of self-hosters who approach security in an unstructured way, regardless of social or organizational embeddedness. Vague catch-all concepts such as firewalls and backups dominate the landscape, without proper reflection on the threats they help mitigate. At times, self-hosters engage in creative tactics to compensate for a potential lack of expertise or experience.

History

Preferred Citation

Lea Gröber, Rafael Mrowczynski, Nimisha Vijay, Daphne A. Muller, Adrian Dabrowski, Katharina Krombholz. To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset. In: USENIX Security '23. 2023.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date

2023-08-09

Pages

18,0

Page Range

1-18

Publisher

USENIX

Open Access Type

  • Repository

BibTeX

@inproceedings{cispa_all_4005, author = {Lea Gröber AND Rafael Mrowczynski AND Nimisha Vijay AND Daphne A. Muller AND Adrian Dabrowski AND Katharina Krombholz}, title = {To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset}, booktitle = {USENIX Security '23}, year = {2023} }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC