Is government procurement ready for the cloud?

Cloud computing can present unfamiliar territory for government acquisition officials.

Mention cloud computing to true believers and you’ll likely hear all about speed and agility. They'll tell you that agencies can simply dial IT services up or down as needed to quickly support new mission plans or workload changes. As a bonus, agencies pay only for what they use instead of bankrolling the often idle, over-provisioned computing capacity common in most data centers.

Unfortunately, there’s a rub when it comes to the cloud. Many IT procurement practices and contracting vehicles were designed to help managers provision hardware and software, not on-demand services. Can the current acquisition practices translate easily to the dynamic world of cloud computing?


Joint Cloud Report:

Cloud procurement stumbling blocks

5 ways to prep for procuring cloud services


Not really, said Barry Brown, executive director of the Enterprise Data Management and Engineering Division at Customs and Border Protection. He echoed a view shared by others in the federal government. With cloud computing, “the technology delivery model has changed,” he said. "What has not changed is the procurement model."

The methodology gap between procuring IT systems and procuring IT services has been intensifying in the past year, ever since former Federal CIO Vivek Kundra outlined the government's cloud-first policy. That initiative seeks to reduce costs and increase IT acquisition flexibility by pushing federal IT systems to cloud environments. Each agency has until May to identify three IT resources that it will move to the cloud.

But the move is straining traditional procurement departments. Rather than promoting speed and agility, in some cases cloud initiatives are spawning extended contract negotiations and legal challenges that are making it take even longer for agencies to get the resources they need.

Not all the early obstacles are specific to the cloud, so they won't be permanent. But other features that are essential parts of the cloud model will continue to present challenges. Technology executives will need to accommodate them with new procurement and vendor management practices if the switch to on-demand, utility computing is to succeed.

Counterpoint

But not everyone agrees that cloud services represent such a significant departure from past IT practices that they require new acquisition methods. Some say only minor changes are needed for future cloud acquisitions to be well served by existing contracting vehicles, such as the General Services Administration’s Alliant governmentwide acquisition contract and IT Schedule 70 blanket purchase agreements, which specify firm fixed prices for cloud services negotiated on behalf of the entire federal government.

“I don’t think cloud procurement is as different or problematic as people make it out to be,” said Larry Allen, president of Allen Federal Business Partners, which provides procurement policy support for government contractors. “I’m not an advocate for creating new cloud-based contract vehicles. It’s much better to use what’s out there.”

In fact, for all the contracting uncertainties, agencies are making progress toward the cloud-first deadline. GSA and the National Oceanic and Atmospheric Administration are just two examples of agencies with large-scale cloud initiatives. Last year, GSA moved 17,000 staff members to Google Apps for Government, a cloud-based e-mail and collaboration system, and NOAA awarded an $11.5 million, three-year contract to migrate 25,000 employees to the Google messaging platform.

Wake-up calls

But cloud procurements don’t always go smoothly. In some cases, the problems are inherent to the cloud, such as determining how much customization of services, if any, is acceptable. In other cases, procurement officers are still sorting out when and how to apply existing rules to the cloud environment. Working through those issues can put the brakes on cloud procurements.

For example, in October 2011, the Government Accountability Office upheld a protest by Technosource Information Systems and TrueTandem that challenged a specification in a GSA request for quotations for cloud-based e-mail services. The RFQ required that data services be located in the United States or other designated countries.

GSA responded to the challenge in part by arguing that the government needs to control where information is stored because of concerns about foreign jurisdictions asserting access rights to data that resides in or moves through their country. Location would likely not have been an issue for agencies that opted to host services in-house, but in the cloud, data could conceivably be stored anywhere in the world.

Nevertheless, the challenge by the two contractors said the GSA requirement unduly restricted competition. GAO agreed, saying that GSA failed to establish a legitimate government need for the stipulation and calling on the agency to amend the RFQ to reflect its actual needs regarding data centers located outside the United States. After reviewing the decision, GSA issued an amended RFQ, nearly six months after issuing the original request.

Earlier, the Interior Department became embroiled in an even bigger contracting controversy after a lawsuit by Google put the brakes on a $59 million, five-year external private cloud intended to provide e-mail and collaboration capabilities for 88,000 of Interior’s employees. A lawsuit by Google charged that Interior’s request for proposals was “unduly restrictive of competition” because it specified a private cloud solution using Microsoft Business Productivity Online Standard Suite. Early last year, a federal judge sided with Google in a ruling that said Interior violated federal acquisition rules for open competition.

Part of the ruling stemmed from Interior’s choice of Microsoft technology, which the department had been using in a traditional implementation. The bigger question appeared to be Interior’s stipulation of a private cloud, which Google, as a supplier of technology for multi-tenant public cloud solutions, could not support.

Knowing that the private cloud stipulation might be challenged, Interior’s procurement and legal staffs tried to be proactive by documenting market research the agency had gathered about the potential risks of public clouds, said William Corrington, Interior’s CTO at the time and now cloud strategy lead at Stony Point Enterprises, a consulting firm that specializes in cloud strategies for federal agencies.

According to court documents, Interior said its research led it to a single-user, private cloud solution because of the sensitive nature of the data that would be stored in the cloud, the agency’s tolerance for risk, and “the benefits and liabilities of each cloud model.”

The case illustrates how questions about emerging cloud technologies add complexity to government procurements. As a result, some Interior officials felt they were being forced to accept undue risks because acquisition rules altered the agency’s original cloud choice, Corrington said.

The legal challenges also led to significant delays. Interior awarded the original contract in late 2010 but is still trying to move the project forward. In early January, the agency issued a new RFP that just now reopens the bidding. This time the department is calling for a commercial provider that can transition its current in-house e-mail systems to “an integrated, cost-effective, cloud solution.” It makes no mention of a private cloud or specific products.

Such legal challenges and protracted contract negotiations over sticking points such as security and service-level monitoring are prompting some observers to call for new methodologies to guide everyone in the procurement community.

“Our acquisition people are doing the best they can, but progress [toward cloud adoption] represents transformation and change for IT,” said Wolf Tombe, chief technology officer at Customs and Border Protection. “That transformation and change require that some of our partners and stakeholders change along with us.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.