GSA Eases Cloud Computing Procurement

Cloud computing certification, contract negotiations, and pricing terms already in place for federal agencies

Last week I had the pleasure to co-chair a cloud computing and virtualization event in Washington DC for federal IT professionals. As part of former federal CIO Vivek Kundra's plan, federal agencies have adopted a "cloud-first" policy toward all IT projects. While most people understand the rationale for this, there are still a number of cloud computing hurdles to overcome to make this vision a reality. I hosted a cloud computing security tutorial and yes, cloud security remains a big issue but there are others as well. Since cloud computing is still relatively new, many agencies simply don't know how to consume cloud services even if they want to. To be more specific, there are lots of questions that need to be answered before jumping to the cloud. How do you negotiate a contract that covers all of your technical and legal needs? How do you assess a cloud providers financial stability, technical integrity, and disaster recovery processes? How do you know if you are getting a fair deal? Enter the General Services Administration (GSA) which acts as a combination Sears catalog and Amazon for federal agencies. Of the $80 billion U.S. Federal IT budget, 25% of IT spend flows through GSA. One of the presenters at the conference was Mary Davie, Assistant Commissioner for the Office of Integrated Technology Services at GSA. Mary described how GSA is taking a lot of the upfront work to make it easier for Federal agencies to buy cloud services. For example, GSA has already: 1. Certified the Google cloud at a FISMA moderate level. 2. Awarded IaaS contracts to 12 service providers this spring. These vendors now have the Authority to Operate (ATO) with 252 security controls tested and certified. 3. I believe Mary said that GSA is in the process of qualifying 5 SaaS vendors for cloud-based email. GSA is also working on SaaS for collaboration, office automation, and records management. Mary mentioned that each cloud certification costs around $400k. When GSA does this as a proxy for all agencies it saves on redundant costs and certification efforts. In aggregate, GSA helps other agencies by streamlining the acquisition process, comparing services, negotiating pricing models, automating ordering, and providing guidelines and help with RFIs and RFPs. I know that there is a lot of hype out there but I truly believe that cloud computing can help save real money, especially in big organizations where there is lots of "low hanging fruit" ready for the cloud today. GSA's role as facilitator here can help accelerate these savings. Who says that everything is broken in Washington?

Copyright © 2011 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline