The Azure, AWS, and and Google data centers are some of the most secure facilities on the planet, maybe even rivaling that of our nuclear missile silos. If us-east-1 got nuked or went offline [for months], we'd probably see an instant depression in the U.S. economy as so many parts of life break, so it's in the DoD's best interest to protect Virginia and North Carolina extremely well[0].
Azure even offers multiple levels of clouds that can house government secrets[1], although I couldn't find a way to tell whether an outlook hostname is part of a higher-security region or not.
I did a bunch of security contract work for NASA and have worked in security capacities for other government and financial institutions. Honestly I think a lot of the migration to cloud providers is a form of mutiny against the ever increasing cost of running highly regulated workloads in your own data center. It’s nearly impossible to do anything in a reasonable amount of time when you’ve got layer upon layer of regulatory and internal audit oversight. It’s not just basic processes but governance around those processes and governance around the governance of those processes. It’s a nightmare.
I believe someone once characterized AWS success as stemming from hacking around procurement and IT policies in sclerotic organizations. One approval, one admin => all services.
It was ultimately Bezos' API mandate that made this (and the cloud as we know it) happen:
> 1. All teams will henceforth expose their data and functionality through service interfaces.
>...
>5. All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
us-east-1 is made up from several availability zones, it is extremely unlikely to go offline for months. If a catastrophe of a scale to do that happened, some datacenters being offline wouldn't be the headline news.
