Sumair Ijaz Hashmi (CISPA Helmholtz Center for Information Security, Germany, Saarland University, Germany and Lahore University of Management Sciences (LUMS), Pakistan), Shafay Kashif (The University of Auckland, New Zealand and Lahore University of Management Sciences (LUMS), Pakistan), Lea Gröber (International Computer Science Institute (ICSI), USA and Lahore University of Management Sciences (LUMS), Pakistan), Katharina Krombholz (CISPA Helmholtz Center for Information Security, Germany), Mobin Javed (Lahore University of Management Sciences (LUMS), Pakistan)
Misconfigurations in cloud services remain a leading cause of security and privacy incidents, often stemming from the complexity of configuring cloud platforms. To better understand these challenges, we analyzed approximately 251,900 security and privacy-related Stack Overflow posts spanning from 2008 to 2024. Using topic modeling and qualitative analysis, we systematically mapped cloud use cases to their associated security and privacy configuration challenges, revealing a comprehensive landscape of the hurdles cloud operators faced. We identified both technical and human-centric issues, including problems related to insufficient documentation and the lack of context-aware tooling tailored to operators’ environments. Notably, authentication and access control challenges appeared in all identified use cases, cutting across nearly every stage of cloud deployment, integration, and maintenance. Our findings underscore the need for usable, tailored, and context-sensitive support tools and resources to help developers securely configure cloud services.