Despite readily available cloud services, some people decide to self-host internal or external services for themselves or their organization. In doing so, a broad spectrum of commercial, institutional, and private self-hosters take responsibility for their data, security, and reliability of their operations.
Currently, little is known about what motivates these self- hosters, how they operate and secure their services, and which challenges they face. To improve the understanding of self-hosters’ security mindsets and practices, we conducted a largescale survey (NS=994) with users of a popular self-hosting suite and in-depth follow-up interviews with selected commercial, non-profit, and private users (NI =41).
We found exemplary behavior in all user groups; however, we also found a significant part of self-hosters who approach security in an unstructured way, regardless of social or organizational embeddedness. Vague catch-all concepts such as firewalls and backups dominate the landscape, without proper reflection on the threats they help mitigate. At times, self-hosters engage in creative tactics to compensate for a potential lack of expertise or experience.
History
Preferred Citation
Lea Gröber, Rafael Mrowczynski, Nimisha Vijay, Daphne A. Muller, Adrian Dabrowski, Katharina Krombholz. To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset. In: USENIX Security '23. 2023.
Primary Research Area
Empirical and Behavioral Security
Name of Conference
Usenix Security Symposium (USENIX-Security)
Legacy Posted Date
2023-08-09
Pages
18,0
Page Range
1-18
Publisher
USENIX
Open Access Type
Repository
BibTeX
@inproceedings{cispa_all_4005,
author = {Lea Gröber AND Rafael Mrowczynski AND Nimisha Vijay AND Daphne A. Muller AND Adrian Dabrowski AND Katharina Krombholz},
title = {To Cloud or not to Cloud: A Qualitative Study on Self-Hosters’ Motivation, Operation, and Security Mindset},
booktitle = {USENIX Security '23},
year = {2023}
}