Hybrid cloud architectures have taken hold in recent years as the US government looks to unify its many different on-premises, custom-built, and cloud applications. However, as federal agencies begin to adopt more cloud technologies, one common challenge has emerged: the need to comply with stringent regulatory standards that govern Secret and Top Secret data.

Regulations like the Intelligence Community Directive (ICD) 503; the Memorandum on Improving the Cybersecurity of National Security, DoD, and Intelligence Community Systems (NSM-8); and the Executive Order on Improving the Nation’s Cybersecurity ensure that our nation’s most sensitive data is properly secured. NSM-8, for example, places a heavy focus on encryption, identifying and strengthening defense mechanisms for cross-domain connections, increasing the National Security Systems’ (NSS’) use of cloud technologies, and requiring NSS to implement multi-factor authentication. Microsoft helps organizations assess, monitor, and enhance their security posture relative to Zero Trust practices in keeping with these requirements.

In the past, Secret and Top Secret information was traditionally hosted on-premises while the cloud was reserved for unclassified materials. However, growing amounts of sensitive data have strained—and, in some cases, overloaded—the processing ability of existing on-premises solutions. Using a hybrid cloud approach means that agencies can bring in cloud capabilities like artificial intelligence (AI) and machine learning (ML) where needed to more quickly process and act on incoming data. But agencies must have a way to secure Secret and Top Secret data across the various cloud platforms where it resides.

To that end, Microsoft has developed a hybrid-first cloud architecture that better integrates and secures the full spectrum of third-party US government vendors, managed through a centralized view via Microsoft Azure for Government.

Microsoft is unique in the fact that we operate across the full spectrum of the federal infrastructure—encompassing everything from security and identity solutions to email and collaboration. And because we’re opening our hybrid cloud architecture to competitive vendors, this enables us to protect and secure the Microsoft cloud in addition to outside cloud providers and on-premises solutions in compliance with federal regulatory standards. The end result is a more versatile, more scalable, and more secure infrastructure that’s designed to empower the modern warfighter all the way to the tactical edge.

Security should enable, not restrict

Microsoft’s goal with a secure hybrid-first cloud architecture is to enable agencies, not restrict them. When we think about security in terms of regulatory compliance and identity management, there can often be a misconception that security regulations stand in the way of the public sector innovating at the same pace as their private sector counterparts. But this couldn’t be further from the truth.

Take Microsoft’s recent Authorization to Operate (ATO) of Azure Government Top Secret infrastructure in accordance with ICD 503, for example. With this ATO, Microsoft is able to provide multiple options for data residency, offering new air-gapped regions of Azure to accelerate the delivery of national security workloads classified at the US Top Secret level. This allows the US government to ingest data from disparate sources while modernizing its existing infrastructure to enable agility and protect data, assets, and people across a rapidly evolving global threat landscape.

It also opens up a wider array of toolsets and use cases for federal employees who are working with Secret and Top Secret intelligence. The ATO empowers agencies that are working through an on-premises environment to take advantage of technology innovations that are happening in the cloud—ultimately scaling and prioritizing workloads and classified data within the Azure for Government portfolio.

But the key to this enablement is meeting government agencies where they are at. Understanding that the US government works with an array of vendors, not just Microsoft, we have opened up our hybrid-first architecture to secure outside vendors, so that federal employees have the tools they need to conduct mission-critical tasks in the least amount of time and in the most secure way possible.

A hybrid-first approach allows federal agencies to do more with less

A major challenge facing the cybersecurity industry is workforce shortages. By 2025, Cybersecurity Ventures predicts there will be a skills gap of 3.5 million open cybersecurity positions. The federal government faces an additional hurdle on top of this existing shortage as employees increasingly exit the public sector in favor of private sector positions. Federal employees left their jobs at an attrition rate of 6.1% in 2021, with nearly 9% of employees under 30 leaving public sector positions. This means that incoming employees must be retrained on tools and procedures in order to operate in a highly-sensitive data environment.

Microsoft’s hybrid-first approach allows agencies to more easily upskill their existing workforce by unifying operations and bringing more efficiency into their technology model. When on-premises and cloud solutions are consolidated into a single view, it’s easier for federal agencies to train their employees and reduce the need for additional hands on keyboards.

Another challenge that federal agencies have to account for is unpredictable data workloads. Taking a hybrid cloud approach allows agencies to scale their workloads dynamically without overprovisioning large amounts of their infrastructure as capacity needs fluctuate, but agencies must first have a solid data classification system in place in order to fully capitalize on on-premises and cloud technology.

Data classification is critical because there are different regulatory standards that govern how technology providers can host Secret data compared to Top Secret data. Before Microsoft can determine which cloud techniques to deploy, we must first look at how an agency classifies its data. At its core, a hybrid-first cloud utilizes Secret and Top Secret on-premises data sets in concert with cloud tools in order to scale and lean into things like data center modernization, unified operations, application innovation, and unpredictable workflows.

As hybrid cloud technology continues to grow, security must be center focus

As we look towards the future of hybrid-first cloud architectures, security must remain a key focus. When dealing with Secret and Top Secret data, the US government is constantly looking for new ways to strengthen security compliance, identity management, and privacy. Meeting these regulatory standards without restricting technology or performance will require a robust and baked-in solution set.

One of the most effective methods we can use to accomplish this is Zero Trust. Regardless of whether classified data is stored on-premises or across cloud platforms, it still needs to be secured according to the same regulatory standards. However, this can be challenging when you’re dealing with a range of toolsets from across distributed environments. As more and more agencies look to adopt cloud technology, they’ll need to ensure that they’re in compliance with the Zero Trust framework. Microsoft helps agencies meet the requirements of Zero Trust within air-gapped environments thanks to our suite of Zero Trust optimization models and built-in security solutions that allow agencies to assess their Zero Trust maturity and implement improvements.

Microsoft Azure for Government is designed to bring commercial cloud computing capabilities to classified environments, centralizing best-in-class security solutions in a single pane that aligns with broader federal security regulations. Our goal is to protect not only Microsoft solutions but other vendors’ technology as well. In doing so, we’re meeting our federal customers where they are at with the toolsets they already use—taking a hybrid-first approach to enable innovation at speed.

Explore Microsoft’s Classified Cloud solution to learn why Microsoft is the choice for classified missions.