I can't speak for the city or agency involved here, but some it depends on the definition of "high security". We usually split security into confidentiality, integrity and so on: for some data, integrity and immutability matter far far more than confidentiality? For example, sensor data that have to be published later at some point anyway - it's far more important to make sure it can't be altered or data injected than to keep it top secret: a case-by-case analysis has to be undertaken, however, and it has to get possible to change.
For high integrity but "to be publishedl" grade info, i would say stuff should go to wherever shows the best cost/benefit IFF the integrity requirements can be met. As our internal storage typically costs 20 times AWS S3, for example, you can guess what that means for bulk / archives. Again, IFF the integrity requirement can be met.
For "high security data", it's not on the main network anyway. Entire systems run on private networks - but then you get a different problem: what do you with terabytes of archives when PHBs won't allow any capital spending on IT equipment for things that aren't safety critical or aren't public-facing? Archive offline & lose the ability to do trending / long-term work other than on samples? Say "but we need to spend it to meet your other requirements" and be told "ok but your overall budget is going down this year and next, so you have to find savings elsewhere to cover it, with no loss in functionality"?