Erayga "daruur" waxa uu noqday mid caan ku ah ganacsiyada casriga ah. Tignoolajiyada Cloud^(Cloud) waa mid dhaqaale iyo dabacsanaan waxayna u saamaxdaa isticmaalayaasha inay xogta ka helaan meel kasta. Waxaa isticmaala shakhsiyaadka iyo sidoo kale ganacsiyada yaryar, kuwa dhexdhexaadka ah iyo kuwa waaweyn. Asal ahaan waxa jira saddex nooc oo adeegyada daruuraha ah oo ay ka mid yihiin:

1. Kaabayaasha Adeeg ahaan (IaaS)
2. Software-ka Adeeg ahaan (SaaS)
3. Platform Adeeg ahaan (PaaS).

Iyadoo ay jiraan faa'iidooyin badan oo tignoolajiyada daruuriga ah, waxay sidoo kale leedahay qaybteeda caqabadaha iyo khatarta amniga. Si la mid ah waxa ay caan ku tahay tuugada iyo weeraryahanada maadaama ay ka mid tahay isticmaalayaasha iyo ganacsiyada dhabta ah. La'aanta tillaabooyinka saxda ah ee amniga iyo hababka ayaa soo bandhigaya adeegyada daruuraha khataro badan oo sababi kara dhaawac soo gaara ganacsiga qofka. Maqaalkan, waxaan kaga hadli doonaa khataraha amniga iyo arrimaha u baahan in wax laga qabto oo laga taxadaro inta lagu darayo Cloud computing ganacsigaaga.

Waa maxay Caqabadaha Amniga^{(Security Challenges)} Cloud , hanjabaadaha^(Threats) , iyo arrimaha

Khataraha ugu waaweyn ee adeegyada xisaabinta daruuraha waa:

1. Weerarada DoS iyo DDoS
2. Afduubka Akoonka
3. Jebinta Xogta
4. APIs aan ammaan ahayn
5. Duridda Cloud Malware
6. Weerarada Kanaalka dhinac
7. Khasaaraha Xogta
8. La'aanta Muuqaal ama Xakameyn

1] DoS iyo DDoS werarada

Diidmada Adeegga^{(Denial of Service)} (DoS) iyo Diidmada Adeegga La Qaybiyay^{(Distributed Denial of Service)(Distributed Denial of Service)} ( DDoS ) waa mid ka mid ah khataraha ugu weyn ee amniga ee adeeg kasta oo daruur ah. Weeraradan, kuwa ka soo horjeeda waxay ka bataan shabakad codsiyo aan loo baahnayn si aad u badan oo shabakadu u noqoto mid aan awoodin inay ka jawaabto isticmaalayaasha dhabta ah. Weerarada noocan oo kale ah waxay sababi karaan in ururka uu soo galo dakhli yar, lumiyo qiimihii summada iyo kalsoonida macmiilka, iwm.

Shirkadaha waxaa lagula talinayaa inay shaqaalaysiiyaan adeegyada ilaalinta DDoS ee^{(DDoS protection services)} tignoolajiyada daruuriga ah. Waxay dhab ahaantii noqotay baahi loo qabo saacad si looga gaashaanto weerarradaas.

Akhriska la xidhiidha: ^{(Related read:)} Ilaalinta DDoS ee bilaashka ah ee degelkaaga Google Project Shield

2] Afduubka Akoonka

Afduubka^(Hijacking) xisaabaadka ayaa ah dambi kale oo dhanka internetka ah oo ay tahay in qof walba uu ka warqabo. Adeegyada daruuriga ah, waxay noqotaa mid aad u dhib badan. Haddii xubnaha shirkadu ay isticmaaleen furaha sirta ah ee daciifka ah ama ay dib u isticmaaleen furahooda sirta ah ee akoonnada kale, waxa u fududaanaysa cadawga inay jabsadaan akoonnada oo ay galaangal aan la ogolayn u galaan akoonadooda iyo xogtooda.

Hay'adaha ku tiirsan kaabayaasha daruuriga ah waa inay arrintan kala hadlaan shaqaalahooda. Sababtoo ah waxay u horseedi kartaa daadinta xogtooda xasaasiga ah. Marka, bar shaqaalaha muhiimada furaha sirta ah ee xoogga leh^{(strong passwords)} , weydii inayan dib u isticmaalin ereyadooda sirta ah meel kale, ka digtoonow weerarada phishingka^{(beware of phishing attacks)} , oo kaliya taxaddar guud ahaan. Tani waxay ka caawin kartaa ururada inay ka fogaadaan afduubka akoonka.

Akhriso^(Read) :  Khatarta Amniga Shabakadda^{(Network Security Threats)} .

3] Jebinta Xogta

Jebinta Xogta maaha erey ku cusub goobta amniga internetka. Kaabayaasha dhaqameed, shaqaalaha IT-ga ayaa si fiican u xakameynaya xogta. Si kastaba ha ahaatee, shirkadaha leh kaabayaasha daruuriga ah ayaa aad ugu nugul jebinta xogta. Warbixino kala duwan, weerar lagu magacaabo Man-In-The-Cloud ( MITC ) ayaa lagu aqoonsaday. Weerarka noocan oo kale ah ee daruuraha, hackers-ku waxay helayaan galaangal aan la ogolayn oo ay ku galaan dukumeentigaaga iyo xogta kale ee lagu kaydiyay khadka waxayna xadaan xogtaada. Waxaa sababi kara habaynta khaldan ee goobaha amniga daruuraha.

Shirkadaha isticmaala daruuraha waa inay si firfircoon u qorsheeyaan weerarradan oo kale iyagoo ku daraya hababka difaaca ee lakabka ah. Hababkan oo kale ayaa laga yaabaa inay ka caawiyaan inay ka fogaadaan jebinta xogta mustaqbalka.

4] APIs aan ammaan ahayn

^(Cloud)Bixiyeyaasha adeegga daruuriga ah ayaa siiya API-yada^(APIs) ( Application Programming Interfaces ) macaamiisha si fudud loogu isticmaalo. Ururadu waxay API-yada^(APIs) u adeegsadaan la-hawlgalayaashooda ganacsi iyo shakhsiyaadka kale si ay u helaan aaladaha software-ka. Si kastaba ha ahaatee, API-yada^(APIs) si aan ku filneyn loo sugo waxay u horseedi karaan luminta xogta xasaasiga ah. Haddii API-yada^(APIs) la abuuray iyada oo aan la aqoonsanayn, interface-ku waxa uu noqonayaa mid nugul oo weeraryahan internetku waxa uu heli karaa xogta sirta ah ee ururka.

Si loo difaaco, API-yada^(APIs) waa in lagu abuuraa xaqiijin xooggan, sir, iyo ammaan. Sidoo kale, isticmaal halbeegyada API-yada^(APIs) kuwaas oo laga naqdiyay dhanka amniga, oo isticmaal xalalka sida Shabakadda Detection^{(Network Detection)} si loo falanqeeyo khataraha amniga ee la xiriira API-yada^(APIs) .

5] Duridda Cloud Malware

duritaanka Malware^(Malware) waa farsamo lagu jiheeyo isticmaalaha server xaasidnimo ah oo lagu xakameeyo xogtiisa/keeda daruuraha. Waxaa lagu fulin karaa iyadoo lagu duro codsi xaasidnimo ah adeegga SaaS , PaaS , ama IaaS iyo in la khiyaaneeyo si loo jiheeyo isticmaalaha server-ka hackerka. Tusaalooyinka qaar ee werarada duritaanka Malware^{(Malware Injection)} waxaa ka mid ah Weerarada Qorista Isku-tallaabta^{( Cross-site Scripting Attacks)} , Weerarada duritaanka SQL^{(SQL injection attacks)} , iyo Weerarada Duubista^{(Wrapping attacks)} .

6] Weerarrada Kanaalka Dhinacyada

Weerarada dhanka kanaalka ah, cadawgu waxa uu isticmaalaa mishiin dalwad ah oo xaasidnimo leh isla martida loo yahay mishiinka jireed ee dhibbanaha ka dibna ka soo saara macluumaadka sirta ah mishiinka la beegsaday. Tan waxaa lagaga fogaan karaa iyadoo la adeegsanayo habab ammaan oo xooggan sida dab-baneedhka casriga ah, adeegsiga qarsoodi-dejinta random-ka, iwm.

7] Xog Luminta

Tirtirida xogta shilalka^(Accidental) , faragelinta xaasidnimada leh, ama adeegga daruuriga oo hoos u dhaca waxay u horseedi kartaa luminta xogta shirkadaha. Si looga gudbo caqabadan, ururada waa in lagu diyaariyaa qorshe soo kabashada masiibada daruuriga ah, ilaalinta lakabka shabakada, iyo qorshayaasha kale ee yaraynta.

8] Muuqasho la'aan ama xakameyn

La socodka ilaha daruuriga ku salaysan ayaa caqabad ku ah ururada. Maadaama aysan kheyraadkaas lahayn ururka laftiisa, waxay xaddidaysaa awoodda ay u leeyihiin inay la socdaan oo ay ka ilaaliyaan agabka weerarrada internetka.

Ganacsiyadu waxay faa'iidooyin badan ka helayaan tignoolajiyada daruuraha. Si kastaba ha ahaatee, ma dayaci karaan caqabadaha amni ee ay la yimaadaan. Haddii aan la qaadin tillaabooyin ammaan oo habboon ka hor inta aan la hirgelin kaabayaasha daruuriga ah, ganacsiyadu waxay la kulmi karaan waxyeello badan. Waxaan rajeyneynaa, maqaalkani inuu kaa caawiyo inaad barato caqabadaha amniga ee ay la kulmaan adeegyada daruuraha. Wax ka qabashada khataraha, hirgeli qorshooyinka amniga daruuraha, oo ka faa'iidayso tignoolajiyada daruuriga ah ee ugu fiican.

Hadda akhri: ^{(Now read:)} Hagaha Dhamaystiran ee Qarsoonnimada khadka.^{(A Comprehensive Guide to Online Privacy.)}

What are Cloud Security Challenges, Threats and Issues

The term “cloud” has become eminent in modern-day businesѕes. Cloud technology is еconomical and flexible and it еnables users to access data from anywhere. It is used by indiνiduals as well as small, medium, and large size enterprises. There are basicаlly three types of cloud serviсes that include:

1. Infrastructure as a Service (IaaS)
2. Software as a Service (SaaS)
3. Platform as a Service (PaaS).

While there are a lot of advantages to cloud technology, it also has its share of security challenges and risks. It is equally popular amongst hackers and attackers as it is amongst genuine users and businesses. The lack of proper security measures and mechanisms exposes cloud services to multiple threats that can cause damage to one’s business. In this article, I am going to discuss the security threats and issues that need to be addressed and taken care of while incorporating cloud computing in your business.

What are Cloud Security Challenges, Threats, and Issues

The main risks with cloud computing services are:

1. DoS and DDoS attacks
2. Account Hijacking
3. Data Breaches
4. Insecure APIs
5. Cloud Malware Injection
6. Side Channel Attacks
7. Data Loss
8. Lack of Visibility or Control

1] DoS and DDoS attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are one of the major security risks in any cloud service. In these attacks, adversaries overwhelm a network with unwanted requests so much that the network becomes unable to respond to genuine users. Such attacks may cause an organization to suffer less revenue, lose brand value and customer trust, etc.

Enterprises are recommended to employ DDoS protection services with cloud technology. It has actually become a need of the hour to defend against such attacks.

Related read: Free DDoS protection for your website with Google Project Shield

2] Account Hijacking

Hijacking of accounts is another cybercrime that everyone must be aware of. In cloud services, it becomes all the more tricky. If the members of a company have used weak passwords or reused their passwords from other accounts, it becomes easier for adversaries to hack accounts and get unauthorized access to their accounts and data.

Organizations that rely on cloud-based infrastructure must address this issue with their employees. Because it can lead to leak of their sensitive information. So, teach employees the importance of strong passwords, ask them to not reuse their passwords from somewhere else, beware of phishing attacks, and just be more careful on the whole. This may help organizations avoid account hijacking.

Read: Network Security Threats.

3] Data Breaches

Data Breach is no new term in the field of cybersecurity. In traditional infrastructures, IT personnel has good control over the data. However, enterprises with cloud-based infrastructures are highly vulnerable to data breaches. In various reports, an attack titled Man-In-The-Cloud (MITC) was identified. In this type of attack on the cloud, hackers get unauthorized access to your documents and other data stored online and steal your data. It can be caused due to improper configuration of cloud security settings.

Enterprises that utilize the cloud must plan proactively for such attacks by incorporating layered defense mechanisms. Such approaches may help them avoid data breaches in the future.

4] Insecure APIs

Cloud service providers offer APIs (Application Programming Interfaces) to customers for easy usability. Organizations use APIs with their business partners and other individuals for access to their software platforms. However, insufficiently secured APIs can lead to the loss of sensitive data. If APIs are created without authentication, the interface becomes vulnerable and an attacker on the internet can have access to the organization’s confidential data.

To its defense, APIs must be created with strong authentication, encryption, and security. Also, use APIs standards that are designed from a security point of view, and make use of solutions like Network Detection to analyze security risks related to APIs.

5] Cloud Malware Injection

Malware injection is a technique to redirect a user to a malicious server and have control of his/ her information in the cloud. It can be carried out by injecting a malicious application into SaaS, PaaS, or IaaS service and getting tricked into redirecting a user to a hacker’s server. Some examples of Malware Injection attacks include Cross-site Scripting Attacks, SQL injection attacks, and Wrapping attacks.

6] Side Channel Attacks

In side-channel attacks, the adversary uses a malicious virtual machine on the same host as the victim’s physical machine and then extracts confidential information from the target machine. This can be avoided using strong security mechanisms like virtual firewall, use of random encryption-decryption, etc.

7] Data Loss

Accidental data deletion, malicious tampering, or cloud service being down can cause serious data loss to enterprises. To overcome this challenge, organizations must be prepared with a cloud disaster recovery plan, network layer protection, and other mitigation plans.

8] Lack of Visibility or Control

Monitoring cloud-based resources is a challenge for organizations. As these resources are not owned by the organization themselves, it limits their ability to monitor and protect resources against cyberattacks.

Enterprises are gaining a lot of benefits from cloud technology. However, they can’t neglect the inherent security challenges it comes with. If no proper security measures are taken before implementing cloud-based infrastructure, businesses can suffer a lot of damage. Hopefully, this article helps you learning security challenges that are faced by cloud services. Address the risks, implement strong cloud security plans, and make the most out of cloud technology.

Now read: A Comprehensive Guide to Online Privacy.

Related posts

• Kaspersky Security Cloud Dib u eegis Kahortagaha Bilaashka ah - Ilaali Windows 10

• Crystal Security waa aaladda ogaanshaha Malware ee ku saleysan Cloud ee bilaashka ah ee PC

• Waa maxay Khatarta Ammaanka ee Xisaabinta Daruudaha?

• Hanjabaadaha Amniga Shabakadda ee aan la aqoon ee ay tahay in maamulayaashu ka digtoonaadaan

• Hanjabaadaha Amniga Biometric iyo Kahortagga

• Adeegyada Kaydinta Daruug ee Qarsoon ee bilaashka ah ee ugu fiican | Software Sync aamin ah

• OneDrive vs Google Drive - Kee baa ka wanaagsan Adeegga Daruucda?

• Farqiga u dhexeeya xisaabinta Cloud iyo Grid computing

• Software-ka ugu Fiican iyo Qalabka Maareynta Mashruuca Cloud ee Bilaashka ah

• Cloud Computing Shaqooyinka iyo shuruudaha xirfada

• Sida Dropbox loogu daro Adeeg Cloud ahaan Microsoft Office

• Dib u deji ama dib u rakib Windows 11/10 addoo isticmaalaya Cloud Reset option

• Maamulaha sirta ah ee SafeInCloud waxa uu isku xidhaa Database iyo xisaabaadka Cloud

• Kordhinta Mulcloud Chrome: Qalabka Maaraynta Cloud Drive ee bilaashka ah

• Cilad 0x8007017C, Hawlgalka Cloud waa mid aan shaqayn - Faylka Shaqada

• Zapier vs IFTTT: Keebaa U Fiican Automation Cloud?

• Cloud Clipboard (Ctrl+V) oo aan shaqaynayn ama ku shaqaynayn Windows 10

• Sida loo kaydiyo dhammaan sawiradaada iyo fiidyahaaga daruuraha

• Adobe Creative Cloud Installer ayaa ku guul daraystay in uu khalad ku bilaabo Windows 11/10

• Fahamka Blob, Safka, Kaydinta Miiska ee Windows Azure