Good. Again, these are services and practice that are always applied to you by the cloud vendor.
We’re not really disagree on the actual way the stuff works, just who has the most resources to provide it.
The Air Force doesn’t make its own airplanes, those are contracted out to vendors. Same with all manner of government data and communications systems.
For getting you critical and sensitive communications OFF the internet, you can also use ExpressRoute with Azure.
ExpressRoute enables you to extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. This connection is private. Traffic doesn’t go over the internet. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Microsoft 365, and Dynamics 365.
This is NOT a routed (using TCPIP) connection. It relies on a third party—through a commercial communications provider—usually fiber from a business’s demarcation point to Microsoft’s physical internal network.
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-introduction
“The Air Force doesn’t make its own airplanes, those are contracted out to vendors. Same with all manner of government data and communications systems.”
We always divide the ideas of buying things we can use from “services”. and our philosphy on services is - especially if you are the government - you can buy the equipment you need AND you can HIRE the talent to run the equipment, and that combination allows you to control and secure the security of that equipment yourself.
The idea that the “cloud” is inherently bigger and therefor can afford and perform services “better” than the U.S. government misunderstands (1) how massive the federal government is and (2) once you reach a certain internal scale of things “outside” is not more affordable than inside.