Cloud computing opens new questions for procurements

The General Services Administration is figuring out what its options are now that the Government Accountability Office has sustained a protest of GSA's solicitation for cloud computing services.

“We are currently reviewing the GAO’s recommendation that GSA clarify the requirements language in the two sustained protest grounds,” Steve Kempf, commissioner of GSA’s Federal Acquisition Service, said in a statement.

GAO sustained a protest by two companies that challenged where a data center storing government information should be located. As reported in FCW sister publication Washington Technology, the companies argued that GSA’s solicitation, which requires vendors to locate their data services in “designated countries,” based on the Trade Agreements Act, unduly restricts competition. They also said the requirement has no basis in law or regulation.

GAO agreed.

“We conclude that GSA has failed to proffer an adequate explanation for limiting non-U.S. based data centers to those countries listed as designated countries,” GAO wrote.

GAO said GSA should amend the solicitation to reflect its actual needs concerning non-U.S. data center locations. GAO also sustained another protest regarding a clarification of a term in the solicitation.

Kempf said GSA officials will “make a decision on corrective action following a thorough review of the GAO’s decision.”

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Thu, Oct 20, 2011

GSA, if you are reading this... there is a partial solution to the problem where GAO disallowed your methodology for limiting cloud data centers in certain countries. Your RFP contains requirements for cryptography, which generally is subject to export control restrictions for certain rogue states (Cuba, Iran, Libya, North Korea, Syria, Sudan, etc). A vendor likely cannot meet the solictation's requirements for implementation of cryptography if they cannot export crypto technology to their data centers. And for EZGovOpps, you would understand why data centers in foreign countries are a concern if you understood network and application security and the threat of foreign actors who routinely target U.S. Government data. The benefits of cloud computing do not change the fact that the government has a legitimate interest in protecting the confidentiality and integrity of sensitive data.

Wed, Oct 19, 2011

Cloud computing technology should be embraced and encouraged in as many areas of business as possible, including B2B and B2G, and with as few unnecessary regulations as possible. Providers of cloud-based computing services and products have extensive security measures in place. Because of its affordability and efficiency, Cloud technology --- even with data services in locations other than the “designated countries” --- helps small businesses stay competitive in the government market. Absent any legitimate security concerns, I cannot understand why government contractors would have to be limited on which non-U.S. based data centers they can use for their data services. Allowing this requirement would definitely place an undue restriction on vendors competing for government contracts.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group