Thanks to GWACs and small businesses, a growing number of options are available.
Stories about insider threats pop up with alarming frequency. When I searched for that term on FCW.com, there were literally 1,000+ results, several within the last couple weeks. The problem is so prevalent that the General Services Administration issued a Schedule 70 special item number for Continuous Diagnostics and Mitigation products and services after having jointly set up a CDM contract with the Department of Homeland Security.
Bloomberg Government recently issued a study that pegged CDM as a $1 billion opportunity for contractors and listed top providers and the contracts being used. While that study focused on the industry perspective, it contained valuable insights for government as well.
With agency IT departments under constant pressure on several cyber fronts, federal IT managers often need quick access to the best solutions to combat each threat. The Bloomberg study shows the preferred contract vehicles for acquiring CDM tools and services, and these are often government-wide acquisition contracts -- especially the NASA SEWP program -- or other indefinite delivery, indefinite quantity contracts. Other vehicles include the GSA/DHS CDM contract; GSA's Schedule 70 and 8(a) STARS; DHS' First Source II and EAGLE II; the Department of Veterans Affairs' T4, the Centers for Medicare and Medicaid Services' Enterprise System Development; and NITAAC’s CIO-SP3 from the National Institutes of Health.
The BGov study covered the period of 2012-2016, and while the usual large contractors (Booz Allen, HPE, and others) were on the leader list, small business contractor Sword & Shield led the CDM vendors, posting over $531 million in CDM-related sales to the federal government over the five year period. Further, 99 percent of Sword & Shield’s CDM-related sales went through NASA SEWP.
On the Sword & Shield blog, VP of Federal Raymond Kahre stated “Whether by accident, negligence or ill intent, insider threats present a real danger to federal agencies and battling them requires an intentional approach. At Sword & Shield Federal, we partner with government and industry to design and implement the right solutions to minimize the risk that insider threats pose to agencies.”
When I called and asked Kahre about the insider threat offering, he indicated that the Knoxville, Tenn.-based firm looks at enterprise security and puts together solutions based on the best products for each specific problem area.
Kahre also pointed out that Sword & Shield, now 20 years old, does nothing but enterprise security for both the public and private sectors, and that the firm has been on the SEWP contract since SEWP III. More recently, Sword & Shield began selling through the NITAAC CIO-CS vehicle as well.
I have recently written about the growing use of GWACs. These contracts are growing in popularity due to several factors, including the intense vetting process to win a coveted prime contractor spot, the ease of use for agencies when it comes to purchasing, the lower fees associated with some, and the rapid turnaround time. SEWP, NITAAC and GSA's Alliant work hard at being the least expensive and easiest place to buy.
Two things about the Bloomberg study really got my attention: the obvious growing use of GWACs to address security threats and the fact that a small company like Sword & Shield competes head-to-head with larger suppliers and comes out on top. As agencies look for security solutions, they would do well to shop around.