Does this ASP have bite?

An application service provider (ASP) is in the business of offering your

organization access, for a fee, to a remotely hosted computer application.

Your users most likely would access the application using Internet protocols

and a standard Web browser. The ASP takes care of all the details — arranging

for computers to run the application, software and hardware maintenance,

and their side of the telecommunications connection.

Sounds a lot like time sharing to a guy who grew up with Control Data's

Cybernet and its competitors such as Service Bureau Co. and Infonet.

The benefits of application outsourcing are pretty clear. Agencies are

not, in general, chartered to do software development and computer center

operations. If those activities could be handled by a specialist, it's logical

that the overall cost associated with those systems could be lowered and

service improved.

But agencies will soon find that the quality of an ASP arrangement largely

depends on the fine print in the contract.

Cost is a central issue. If you don't currently measure how much it

costs to operate and maintain a computer system, you can't tell what's a

fair price to pay an ASP to run it for you.

On the business side, the ASP contract must define ownership of data

and software modifications, along with the protocol for requesting data

and the format and timeliness of delivery. Otherwise, you can wind up being

held hostage (intentionally or otherwise) in the event of a dispute or a

decision by the agency to take the systems work back in-house.

You also need technical controls, including a service level agreement

that specifies reliability and availability. For example, an uptime of 99.9

percent with a response time of two seconds or less sounds good, but those

terms need to be thoroughly defined, along with who is responsible for what.

For example, the application could be running just fine, but it doesn't

do you any good if the network is down. And it may not be immediately clear

whose network, gateway or router is down. For those kinds of situations,

it's good to designate the ASP as the prime contractor and hold them responsible

for the Internet service provider performance. The last thing you want to

do is try to negotiate multiple contracts simultaneously.

Another issue involves soft-ware maintenance. Frequently, software licenses

are written to allow access to an application for the authors and the end

user, and nobody else. Since the ASP's staff is supposed to be taking care

of the application for you, you must ensure that it has the tools to do

its job, including access to source code for modifications, if necessary.

You also need to specify some reasonable security measures, including

protections against denial-of-service attacks like those recently in the


Like seat management, ASP relationships can be a step toward turning

information processing into a utility, paid for as it's used. Done right,

taxpayers and agencies can share the rewards.

— Bragg is an independent consultant and systems architect with extensive

experience in the federal market. He welcomes your questions and topic suggestions

at [email protected]


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected