5 ways to prep for procuring cloud services

Government acquisition personnel must often perform a balancing act to achieve the cost and efficiency benefits promised by cloud providers. On the one hand, they need to contract for solutions that share a common set of hardware and software resources to benefit from money-saving economies of scale. Unfortunately, one-size-fits-all solutions aren’t always appropriate, especially when missions and support requirements differ so widely across the government.


Joint Cloud Report:

Is government procurement ready for the cloud?

Cloud procurement stumbling blocks


Agency officials and consultants say some core definitions and tools could speed contract negotiations and bridge the sometimes conflicting needs of agencies and cloud providers. Here is a list of techniques that could help speed government’s move to the cloud.

1. Security accreditation

Security fears rank among the top obstacles to cloud migrations. Fortunately, procurement officers could have an important tool to address those issues this year — the Federal Risk and Authorization Management Program (FedRAMP). It will create a security baseline that any agency can use to ensure that cloud contracts meet a standard level of protection. Combined with security guidelines from the National Institute of Standards and Technology, FedRAMP promises to simplify and speed the acquisition process.

2. Service-level agreements

The FedRAMP model for an accredited baseline of requirements could be useful in other areas, including the creation of service-level agreements. Agencies and cloud providers often struggle to balance conflicting requirements when it comes to SLAs, said William Corrington, former chief technology officer at the Interior Department and now the cloud strategy lead at Stony Point Enterprises.

For example, the Office of Management and Budget or the General Services Administration might specify that all cloud-based e-mail solutions achieve a minimum uptime rating of 99.95 percent, which would relieve agencies and vendors from hashing out those terms for each contract and thereby speed negotiations.

“Government lawyers would have some confidence that contract language is coming down from OMB or GSA, and cloud vendors would understand what the government is expecting for terms and conditions,” Corrington said.

3. Standardized service definitions

A similar framework for predetermined terms and conditions would benefit common cloud services, such as e-mail solutions or IT infrastructure services. “There are a lot of variables, but if you lock everyone down into a set of services that are utilitarian, then many challenges go away and agencies can compare pricing apples to apples,” said Michael Sorenson, director of cloud services at QinetiQ North America.

The framework would differ from traditional governmentwide acquisition contracts and blanket purchase agreements (BPAs) by establishing standard service definitions all vendors in a particular cloud category would use. Cloud providers might be willing to embrace standardized definitions as a way to discourage agencies from negotiating special terms for commodity solutions.

“Even when the new BPA for [GSA’s proposed e-mail-as-a-service agreement] comes out, I still think agencies will look at terms of service and want to negotiate them,” said Peter Gallagher, a partner in the Civilian Federal Systems group at Unisys. “If you are a [software-as-a-service] provider, it is difficult to negotiate different terms of service in a multi-tenant environment.”

To accommodate varying needs, the government could create standardized terms for tiers of service, such as gold, silver and bronze levels with different performance characteristics, Gallagher added.

4. Clear rules for data management

Today, agencies must negotiate to insert clauses into cloud contracts that specify how their information is maintained and protected by cloud providers. For example, officials at Customs and Border Protection are concerned about having exit strategy options for their data if they decide to switch cloud providers.

“I want that language in the contract going in," said Wolf Tombe, the agency's chief technology officer. "I don’t want that to be an afterthought.”

Another issue is the physical location of the storage systems that house government data. Some security rules call for sensitive data to remain in the United States or in select overseas countries. But that can be hard to nail down, as GSA learned when two contractors successfully challenged its original e-mail-as-a-service request for quotations, which restricted data services to certain specified locations.

5. New skill sets for procurement employees

Some acquisition officers might need training to help them negotiate and manage cloud contracts. “Agencies don’t necessarily need to hire legions of new people, but they should make sure their acquisition workforce understands the difference in service acquisitions and why they’re different from products,” said Larry Allen, president of Allen Federal Business Partners.

Key skills for a cloud-rich environment include project and vendor management. The IT Acquisition Advisory Council, among others, is working with the government to promote new acquisition methodologies that are better suited to the cloud, Tombe said.

About the Author

Alan Joch is a freelance writer based in New Hampshire.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group