I've worked at companies who sell software to state governments. They usually run sensitive software in their own servers with no external internet access. We would have to send someone onsite to perform their upgrades or send detailed list of instructions so they can resolve the issues themselves.
I suspect Microsoft would do something similar, no data would leave government property.
More than that, they even have an air-gapped regions for more sensitive purposes, where you need not only to be a US citizen, but also a certain level of security clearance to access. As an (now ex-) AWS SDE working outside of the US, those regions were a pain in the ass to bring up your service in (as was govcloud, but that wasn't nearly as bad—at least there the ops guys could share logs and screenshots without having to work around an airgap)
The ops guys with direct access to those regions had to be on-site, as they only had access from a limited number of locations, and they were often severely understaffed. They were a pleasure to work with, but you could be waiting a day or more to find out your deployment had failed (the longest SLA I had to deal with in my time there was ~2 weeks due to some unfortunate vacation timings over the summer).
Yep. Both have gov cloud offerings that live in their own datacenters completely segregated from the public cloud side. There's even a gov cloud version of Microsoft 365.
Oras|2 years ago
Doesn’t AWS have a gov offering? I would assume MS can have similar offering with Azure using their express route.
messe|2 years ago
More than that, they even have an air-gapped regions for more sensitive purposes, where you need not only to be a US citizen, but also a certain level of security clearance to access. As an (now ex-) AWS SDE working outside of the US, those regions were a pain in the ass to bring up your service in (as was govcloud, but that wasn't nearly as bad—at least there the ops guys could share logs and screenshots without having to work around an airgap)
The ops guys with direct access to those regions had to be on-site, as they only had access from a limited number of locations, and they were often severely understaffed. They were a pleasure to work with, but you could be waiting a day or more to find out your deployment had failed (the longest SLA I had to deal with in my time there was ~2 weeks due to some unfortunate vacation timings over the summer).
mcmcmc|2 years ago