When I talk to customers and colleagues about cloud offerings, most of them are still concerned about the cloud, and especially about the security of public cloud offerings. One of the most mentioned concerns is based on the belief, that each and every cloud-based VM is publicly reachable over the internet. This can be so, but it does not have to. It relies on your design. Maybe that is only a problem in germany. German privacy policies are the reason for the two german Azure datacenters. They are run by Deutsche Telekom, not by Microsoft.
Sophos offers a free license of their UTM firewall for private use. The product was originally developed by Astaro and since these days I use it at home. After the merger with Sophos I switched to the new Sophos UTM 9, still using my old license. I use it to seperate my test VLAN from my normal VLAN, and I use it as proxy with antivirus scanning for all my devices (iPhone, iPad, laptop etc.), but the UTM can do a lot more than this. This morning I wanted to read my Twitter timeline on my iPhone but I got no connection over WLAN. After disabling the proxy it worked fine. I took a look at the admin interface of my UTM and what did I see? An expired license. WTF?!