5 ways to prep for procuring cloud services

Government acquisition personnel must often perform a balancing act to achieve the cost and efficiency benefits promised by cloud providers. On the one hand, they need to contract for solutions that share a common set of hardware and software resources to benefit from money-saving economies of scale. Unfortunately, one-size-fits-all solutions aren’t always appropriate, especially when missions and support requirements differ so widely across the government.

Joint Cloud Report:

Is government procurement ready for the cloud?

Cloud procurement stumbling blocks

Agency officials and consultants say some core definitions and tools could speed contract negotiations and bridge the sometimes conflicting needs of agencies and cloud providers. Here is a list of techniques that could help speed government’s move to the cloud.

1. Security accreditation

Security fears rank among the top obstacles to cloud migrations. Fortunately, procurement officers could have an important tool to address those issues this year — the Federal Risk and Authorization Management Program (FedRAMP). It will create a security baseline that any agency can use to ensure that cloud contracts meet a standard level of protection. Combined with security guidelines from the National Institute of Standards and Technology, FedRAMP promises to simplify and speed the acquisition process.

2. Service-level agreements

The FedRAMP model for an accredited baseline of requirements could be useful in other areas, including the creation of service-level agreements. Agencies and cloud providers often struggle to balance conflicting requirements when it comes to SLAs, said William Corrington, former chief technology officer at the Interior Department and now the cloud strategy lead at Stony Point Enterprises.

For example, the Office of Management and Budget or the General Services Administration might specify that all cloud-based e-mail solutions achieve a minimum uptime rating of 99.95 percent, which would relieve agencies and vendors from hashing out those terms for each contract and thereby speed negotiations.

“Government lawyers would have some confidence that contract language is coming down from OMB or GSA, and cloud vendors would understand what the government is expecting for terms and conditions,” Corrington said.

3. Standardized service definitions

A similar framework for predetermined terms and conditions would benefit common cloud services, such as e-mail solutions or IT infrastructure services. “There are a lot of variables, but if you lock everyone down into a set of services that are utilitarian, then many challenges go away and agencies can compare pricing apples to apples,” said Michael Sorenson, director of cloud services at QinetiQ North America.

The framework would differ from traditional governmentwide acquisition contracts and blanket purchase agreements (BPAs) by establishing standard service definitions all vendors in a particular cloud category would use. Cloud providers might be willing to embrace standardized definitions as a way to discourage agencies from negotiating special terms for commodity solutions.

“Even when the new BPA for [GSA’s proposed e-mail-as-a-service agreement] comes out, I still think agencies will look at terms of service and want to negotiate them,” said Peter Gallagher, a partner in the Civilian Federal Systems group at Unisys. “If you are a [software-as-a-service] provider, it is difficult to negotiate different terms of service in a multi-tenant environment.”

To accommodate varying needs, the government could create standardized terms for tiers of service, such as gold, silver and bronze levels with different performance characteristics, Gallagher added.

4. Clear rules for data management

Today, agencies must negotiate to insert clauses into cloud contracts that specify how their information is maintained and protected by cloud providers. For example, officials at Customs and Border Protection are concerned about having exit strategy options for their data if they decide to switch cloud providers.

“I want that language in the contract going in," said Wolf Tombe, the agency's chief technology officer. "I don’t want that to be an afterthought.”

Another issue is the physical location of the storage systems that house government data. Some security rules call for sensitive data to remain in the United States or in select overseas countries. But that can be hard to nail down, as GSA learned when two contractors successfully challenged its original e-mail-as-a-service request for quotations, which restricted data services to certain specified locations.

5. New skill sets for procurement employees

Some acquisition officers might need training to help them negotiate and manage cloud contracts. “Agencies don’t necessarily need to hire legions of new people, but they should make sure their acquisition workforce understands the difference in service acquisitions and why they’re different from products,” said Larry Allen, president of Allen Federal Business Partners.

Key skills for a cloud-rich environment include project and vendor management. The IT Acquisition Advisory Council, among others, is working with the government to promote new acquisition methodologies that are better suited to the cloud, Tombe said.