AzureAD vs UTM in a company?

EOF said:

I like to prefer the good old and tested stuff wich are here near by me and I as a sysadmin can always keep an eye on the trafic, the users etc.

Me as a system admin, I would really enjoy to work with MS Azure.

Not only because it's made by MS, but because there is nothing worse than when you have to dig trough bad and incomplete documentation online and when you have to hack other peoples work just to make your setup start working because you can't afford it.

I mean I dont really trust that cloud based technology.

It's not so much about trust, but rather about money, can you afford running your own servers and paying people to write good algorithms?

We should migrate our servers, databases, backup etc. to the cloud.

Obviously, you do, many do this.

How safe is all that from malware, viruses, hackers attack?

That IMO depends more on you and people around you, rather than outside world.

What is your experience with this technology?

Sorry, no XP with azure at all, I hate web, but I'm sure learning this stuff would be very easy for someone dedicated in this area.

EOF said:

First of all, sorry cos I'm late here. and hank you for your very comprehensive and very delegated answer.

As my company where I am a sys.admin is in transition from local computing to cloud based resources like Azure I'm really afraid about the security.
Why ?
Mi first and the biggest nightmare is the 24/7 online situation.
Mainly all our PC's must non-stop transmit data from - to the cloud system which is in my case Azure.

I read tons of documentations about this new technology from MS, but all they promote all the time, how safe is
Azure, but not the LAN and not the communication between the cloud and LAN.
Ok, the communication is highly encrypted, that is nice and fine, but there are so many people out there who
also is thinking does their LAN is now, with Azure much much safer, but I can't see any safe measurement and
relationship between Azure safety measurement and let's say my company LAN - ISP path.

Azure is just another place on the Internet like any other.
And our data are non-stop travelling from-to the cloud system.
In some case, some of our servers will be transferred to the cloud too, that means, our employee will be non-stop connected from LAN to the cloud.
And who takes care about the path between LAN and the cloud server?
I know, I have to take care about this, but many IT managers which who I was talking say "... no no ... no more expensive firewall apps needed, no more expensive AV's needed, Azure will take care about the security..."
I don't really trust 1. app's made by MS 2. Azure.

I feel Azure like a giant CMS and nothing more.

Should I still pressing my boss to invest in good firewall, AV apps etc. ?
Or should I leave everything as is, in the hands of windows 10 and a cheap router from the ISP?

Thanks.

I don't profess to know much about Cloud security but I had a contract once with an IT company that used Google apps - we worked in a super competitive logistics environment - so assume the security was OK - my 2c but would like to hear others' experiences.

EOF said:

And who takes care about the path between LAN and the cloud server?
I know, I have to take care about this, but many IT managers which who I was talking say "... no no ... no more expensive firewall apps needed, no more expensive AV's needed, Azure will take care about the security..."
I don't really trust 1. app's made by MS 2. Azure.

I feel Azure like a giant CMS and nothing more.

I don't want to discourage you, but it's not like you have many choices regarding cloud security...

First, you do have to trust someone, be it some piece of software or paid expert, which depends on your budget.
in both cases you should seek to oversee the working, because, well, nothing is perfect. (if you want perfect setup)

I think (but not 100% sure) most important part of cloud security is centralization, enforcing and overseeing inner working must begin and end somewhere (which must be only one person sitting somewhere and pointing out priorities)

If I have to choose between having bad and centralized security vs. having all this managed somehow in non centralized fashion then I would rather choose bad security and start reducing the risk.

How does this answer your question?

My point is that you need one skilled person (either you or someone else) who will take responsibility of security in centralized fashion.

Your only limitation is the cost of doing so.

built in cloud security features can only help with time need to prepare all this but is not the main criteria, the difference between different cloud solutions is not that much important regarding security (it's more about features and cost), more or less they all do this in similar way.

EOF said:

When I talk to my friend who are older than I and also have much more experience with sys.admin. stuff,
they all worried about they real security of their data and LAN.

Your friend is correct, protecting your "physical" network is more important than cloud network.

How much depends on what kind of intellectual material you are keeping on those computers.
Most secure option is to split your LAN into online part and offline part, and keep intellectual material away from online machines.

At least that's how most firms do, do you think Microsoft keeps their Windows source code somewhere online?
I don't think so