The Defense Authorization bill makes it even more important for federal acquisition officials to learn how to craft sound cloud procurements.
The conversation about cloud computing in government has taken a new direction, courtesy of the National Defense Authorization Act for fiscal 2012.
In the past several years, technology experts in government and industry have debated whether commercial cloud computing services are secure enough to meet the needs of federal agencies. Some people have argued that agencies would be better off developing their own cloud offerings and sacrificing some cost-efficiency for the sake of better security.
But lawmakers disagree. As part of the Defense Authorization bill, they are directing the Defense Department to make the leap from department-owned operations to commercially available cloud computing services “that provide a better capability at a lower cost with the same or greater degree of security.” You can expect similar directives for civilian agencies.
As a result, acquisition policy is likely to become the most pressing topic of conversation as federal officials seek to become better-versed in the particularities of cloud procurements.
Security is the overriding concern. Federal officials want to ensure that government data is stored and managed in compliance with existing security requirements. The policies are well-known; the question is how to translate them into clear and enforceable contract language.
Case in point: Officials at the General Services Administration ran into problems with their e-mail-as-a-service procurement when they tried to limit where government data could reside. Several bidders lodged a protest, which the Government Accountability Office upheld. In their decision, GAO auditors said GSA’s security concerns were legitimate but concluded that the provisions were ambiguously worded. The solicitation has been reworked, with awards expected in the spring.
Ambiguous security provisions could lead to protests in some cases and lousy security in others. Procurement officials should not let the Obama administration’s cloud-first policy rush them into deals that they might later regret.
NEXT STORY: CES 2012: What feds need to know