Yes, you should. Many people said that cloud service provide many feature and security control to protect their customer. We are totally agreed that. It is because when migrated to cloud service, your staffs can access the service and anytime and anywhere. At the same time, it applied to hacker too, they can hacking your cloud service at anytime and anywhere too.

Cloud service provider have built a number of security feature and control, but most of them will be disabled by default. You need to have a person to enable and setup these feature in order to suitable for your company. For example, two muti-factor authentication (MFA), conditional access, audit log, you need to setup and monitor the security log. Otherwise, if you service is under problem, nobody will receive the alert or log, therefore, you CANNOT fix the problem. Cloud service provider will not inform you or fix the problem for you.

Actually, manage cloud service is more challenging than manage on-premise server. It is because,, we can manage all feature at the on-premise server, moreover, we can install monitor agent on the server to monitor network traffic or event log. Moreover, most of the on-premise server can only access from internal network. But for cloud service, we need to depend on the monitor and security log provided by cloud service to inspect, identify and monitor.

For example, if user cannot receive a email, we can very easy to check or fix the problem at on-premise server. But for cloud service, we can check the log in cloud service to identify the problem, but we may not be allowed to fix it, because it may be blocked by some server security setting and which we cannot control, or need special setup to work around the problem.