Key Takeaways

  • The National Nuclear Security Administration added its fifth cloud service to the Department of Energy’s classified environment.
  • Sandia National Laboratories and Microsoft 365 play central roles in the expansion of unified, high‑side collaboration.
  • The initiative reflects broader federal momentum around Zero Trust and enterprise cloud modernization.

The National Nuclear Security Administration marked a step in its multi‑year effort to modernize how classified work is conducted across the nuclear security enterprise. The agency’s chief information officer highlighted the arrival of the fifth cloud service authorized to operate inside the Department of Energy’s classified environment, signaling a deeper shift in how the agency wants to balance mission execution, consistency, and cost control.

The CIO noted the broader strategy has been years in the making, describing a push to better connect NNSA’s many mission areas to cloud‑based services on the classified networks the agency manages. The work began by targeting low‑risk use cases, starting with Microsoft 365 because of the institutional familiarity staff already have with the platform on the unclassified side. That familiarity offered a safer entry point for introducing enterprise collaboration tools into a secret enclave.

The most recent milestone moves Sandia National Laboratories onto Microsoft 365 at the high classification level, a transition that agency leadership wants every DOE component to complete by the end of 2026. Seven other labs and offices are already in progress. According to Sandia National Laboratories, the lab leads the design and operation of the NNSA Secret Cloud Network, which functions as a single shared classified cloud for email, communication, and collaboration across the enterprise. This consolidates duplicative services and enables teams to move between unclassified and classified environments.

Some of the recent work centers on nuclear emergency response, a mission in which NNSA collaborates closely with the Department of Defense, the Department of Justice, and the Department of Homeland Security. The Microsoft 365 implementation for that mission area includes configurations intended to maximize interoperability with these partners. Not everything NNSA does is classified, and not all work can begin in a classified setting, so the agency has built an unclassified engineering environment that mirrors the classified setup. The CIO said this dual structure lets teams shift resources and insights more fluidly.

The NNSA expects to ultimately consolidate its classified users into a single Microsoft 365 tenant. The CIO views this consolidation as a way to lower complexity, ensure consistency, and free personnel to focus on higher-value activities. The work echoes broader federal trends. Analysts at Gartner have projected growth in government cloud spending into the tens of billions of dollars by the middle of the decade, partly because of shifting missions and the desire for cohesive collaboration across agencies.

Federal agencies frequently adopt guidance such as NIST SP 800‑53 and the Zero Trust Architecture principles outlined in NIST SP 800‑207 to govern secret and restricted data environments. The National Institute of Standards and Technology notes that Zero Trust assumes no connection or identity is automatically reliable, fitting the posture required for high‑side cloud services. The agency has emphasized the importance of clear security boundaries, personnel clearances, and controlled connectivity between on‑premises sites and cloud infrastructure.

To address technical debt, the NNSA works to retire custom applications and replace them with Microsoft Power Apps and other software as a service tools. The agency's reported 80% to 20% split between operations and modernization spending resembles what many large organizations face. The CIO suggested that the organization has made progress in cybersecurity and system modernization while stretching resources further.

The NNSA supports seven active weapons programs, placing heavy demands on modeling, engineering, and coordination. Cloud environments help teams operate on shared models without shuttling data across sites, resulting in less duplication and fewer opportunities for information to become outdated. Agencies increasingly see value in enterprise cloud environments designed for sensitive data, a view reflected in findings from public sector groups like the GAO, which documents federal modernization challenges and the tradeoffs between onsite and cloud‑based systems.

Collaboration in classified environments often involves restrictive protocols. The agency's goal is for teams to internalize that information is a strategic asset and that sharing it appropriately drives mission outcomes. Leadership acknowledged that users might be accustomed to spinning up their own cloud environments, especially with services like Amazon Web Services GovCloud. However, when the mission includes classified data, every connection must align with the enterprise security approach, ensuring personnel clearances, site‑to‑site connectivity, and consistent security parameters.

FinOps practices are also entering the picture. The CIO launched an initiative this spring to gain better visibility into cloud spending. The aim is to help labs and mission partners understand what the agency can centrally fund and what additional usage they may be responsible for. It becomes more complicated when commercial partners, academia, or other government agencies participate in a joint cloud environment, and agency leaders noted that the financial model for such collaboration is still being shaped.

Beyond the technical architecture and compliance frameworks, the long-term objective involves building an enterprise environment where distributed teams can work together at speed. Federal modernization, influenced by groups like the NASCIO, tilts toward shared platforms and centralized services that help agencies focus on mission output rather than infrastructure mechanics.

The NNSA milestone indicates the agency is following this trajectory. As more capabilities move into the Secret Cloud Network and Microsoft 365 tenant, and as FinOps and modernization efforts mature, the agency can support demanding mission programs without expanding its legacy footprint.