Cloud computing certification, contract negotiations, and pricing terms already in place for federal agencies Last week I had the pleasure to co-chair a cloud computing and virtualization event in Washington DC for federal IT professionals. As part of former federal CIO Vivek Kundra’s plan, federal agencies have adopted a “cloud-first” policy toward all IT projects. While most people understand the rationale for this, there are still a number of cloud computing hurdles to overcome to make this vision a reality. I hosted a cloud computing security tutorial and yes, cloud security remains a big issue but there are others as well. Since cloud computing is still relatively new, many agencies simply don’t know how to consume cloud services even if they want to. To be more specific, there are lots of questions that need to be answered before jumping to the cloud. How do you negotiate a contract that covers all of your technical and legal needs? How do you assess a cloud providers financial stability, technical integrity, and disaster recovery processes? How do you know if you are getting a fair deal? Enter the General Services Administration (GSA) which acts as a combination Sears catalog and Amazon for federal agencies. Of the $80 billion U.S. Federal IT budget, 25% of IT spend flows through GSA. One of the presenters at the conference was Mary Davie, Assistant Commissioner for the Office of Integrated Technology Services at GSA. Mary described how GSA is taking a lot of the upfront work to make it easier for Federal agencies to buy cloud services. For example, GSA has already:1. Certified the Google cloud at a FISMA moderate level.2. Awarded IaaS contracts to 12 service providers this spring. These vendors now have the Authority to Operate (ATO) with 252 security controls tested and certified.3. I believe Mary said that GSA is in the process of qualifying 5 SaaS vendors for cloud-based email. GSA is also working on SaaS for collaboration, office automation, and records management.Mary mentioned that each cloud certification costs around $400k. When GSA does this as a proxy for all agencies it saves on redundant costs and certification efforts.In aggregate, GSA helps other agencies by streamlining the acquisition process, comparing services, negotiating pricing models, automating ordering, and providing guidelines and help with RFIs and RFPs.I know that there is a lot of hype out there but I truly believe that cloud computing can help save real money, especially in big organizations where there is lots of “low hanging fruit” ready for the cloud today. GSA’s role as facilitator here can help accelerate these savings. Who says that everything is broken in Washington? Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe