Does buying cloud services have to be this hard?
The acquisition options are getting better, but many agencies are still relying on workarounds.
John Hale is far from the first to note that federal acquisition practices make purchasing cloud services more difficult than it should be. As head of the Defense Information Systems Agency Cloud Portfolio Office, however, he sees the obstacles more often than most.
Acquisition officers "are faced with trying to buy commercial cloud capabilities with a model that was designed to buy bolts and pencils and paper," Hale said at FCW's May 3 cloud event. "It just doesn't work."
The result, he said, is often a series of workarounds to get the benefits of cloud through existing contract vehicles.
For example, a major selling point for cloud is consumption-based pricing and the rapid scalability that allows customers to avoid purchasing capacity until they need it, but that doesn't easily square with the ways government traditionally buys. So DISA has set up "project accounts" for some agencies' cloud services buys.
"You can put your money into it," Hale said, and DISA pays out the money as services are consumed. "When you get to a certain point, you get notified that you need to put more money in the pot. And if you get to a point where there are zero dollars, the services get turned off. "
The Antideficiency Act forbids a cloud service provider from continuing to provide services "if you’re not actually paying for it," Hale noted. "It’s against the law. So therefore, we always have to stay one step ahead ... so that they don’t end up in a situation where they’re forced to shut the services down."
Nor does DISA work directly with either Amazon Web Services or Microsoft Azure, Hale noted. "I go through a contractor like Lockheed Martin," he said, adding that most DOD agencies are similarly turning to third-party contractors to acquire cloud services.
While systems integrators and cloud brokers can play a valuable role, Hale said, "it's a bad model" if the sole purpose is to pass through the spending and get around acquisition rules.
“There is a better way to handle the acquisition piece," he said, "so we are trying to work with the [General Services Administration] to set a new policy.”
GSA recently stood up a Federal Cloud Center of Excellence, which is tackling the biggest barriers to cloud adoption: procurement, workforce education, standardized offerings and security concerns. Federal Communications Commission CIO David Bray, who is co-chairing the effort, told FCW in a separate interview that a playbook for agencies will be out this summer, while recommendations to the Office of Management and Budget could inform future governmentwide cloud policies.
Cloud procurement should be better centralized, Bray suggested. When his agency moved its operations to the cloud in 2015, "we did the procurements ourselves, which is ridiculous," he said.
More contract vehicles are available now than when the FCC embarked on its migration, but Bray said the prices different agencies pay for the same cloud service can still vary by a factor of 10 or more.
Hale, meanwhile, said at the May 3 event that DISA is "working in lockstep with GSA" make cloud acquisition easier.
Capt. Craig H. Hodge, who is the deputy CTO for U.S. Immigration and Customs Enforcement, said at event that his agency relies on a full-time cloud broker to help navigate the contracting and integration challenges. The broker is a federal employee, Hodge explained, who "has contract support staff and other government employees supporting him." For ICE, he said, the broker "is the face to not just the cloud service providers but also to our customers" and to the core IT staff.
Connectivity into the agencies’ multiple cloud services has been a huge headache, Hodge said, and getting billing broken down to the point where "we can see the charges based on specific program areas" is a work in progress -- but progress is being made.
And according to the Department of Agriculture's Chad Sheridan, that incremental progress and the tricks that enable it are what agencies should be sharing.
"We don’t have enough time, money, energy or people to solve our all of our problems and only look at it ourselves," Sheridan, who is CIO of USDA's Risk Management Agency, said at the event.
Sheridan also urged agencies to charge ahead and address the challenges as they arise, rather than waiting for permission or policy changes. "See the world as it is, not as you want it to be," he said. The Federal Acquisition Regulation could certainly be improved, he acknowledged, but "the FAR is here. ... The FAR is. It does not care that we think it needs to be rewritten, it just is."
NEXT STORY: VA chief talks commercial Vista