Feds Add Infrastructure Services To Cloud Storefront
Using Apps.gov, agencies soon will be able to buy infrastructure-as-a-service offerings, such as storage and virtual machine services, as well as cloud-based web hosting.
Slideshow: Cloud Security Pros And Cons
(click image for larger view and for full slideshow)
The federal government's cloud computing storefront, Apps.gov, soon will give federal, state and local agencies access to commercial infrastructure-as-a-service offerings, the General Services Administration announced Wednesday. The GSA had awarded a contract to let a number of vendors sell their services through the portal.
The blanket purchase agreement, which will make cloud infrastructure services available -- typically through third-party contractors -- from large companies like Amazon and Microsoft as well as smaller cloud-focused companies like SoftLayer and Enomaly, was about 18 months in the making. The agreement was re-booted in March to account for security concerns and the rapidly changing cloud computing market.
The services will be available on Apps.gov, which allows government employees and contractors to use their government-issued purchase cards to procure services from Apps.gov. A virtual shopping cart mechanism is used similar to that found in commercial online shopping sites.
However, before the services become officially available, the GSA will subject them to a 90- to 120-day GSA certification and accreditation process. Their security must meet federal guidelines for "moderate impact" data under the Federal Information Security Management Act, which governs federal cybersecurity requirements.
According to Dave McClure, GSA's associate administrator of citizen services and innovative technologies, the GSA process will be distinct from, but will closely mirror, the processes of a new standardized, government-wide security accreditation effort in development called FedRAMP. Agencies will be able to leverage GSA's certification in order to cut out the heavy lifting typically required under traditional IT certification.
The draft FedRAMP process will be released for a brief period for government, industry and the general public within the next few days, McClure said, but it wasn't quite ready for use with GSA's cloud contract. "Once FedRAMP is live and real," McClure said in an interview, "these certifications cold transition to FedRAMP."
Among the services covered by the new contract are storage services, virtual machine services, and cloud-based web hosting. All the services were required to meet baseline functionality and security requirements, including on-demand self-service, resource pooling, rapid elasticity, service metering and an uptime of 99.5% availability.
The clear primary goal of making infrastructure-as-a-service available to agencies is to save costs and increase efficiency in federal IT spending. Estimates have shown that 20% of the federal government's approximately $80 billion in IT spending goes toward infrastructure, and the Office of Management and Budget has made clear its demands for more efficient spending on IT infrastructure with pushes for data center consolidation and cloud computing.
"Cloud computing services help to deliver on this administration’s commitment to provide better value for the American taxpayer by making government more efficient," federal CIO Vivek Kundra said in a statement. "Cloud solutions not only help to lower the cost of government operations, but they also drive innovation across government."
When it launched, Apps.gov didn't meet GSA's initial expectations for use. While there are "moderate" purchases being made, the site is more typically used for research before agencies make purchases via a regular GSA schedule or another acquisition vehicle, McClure said in an interview.
However, McClure said, interest may be on the rise with the impending release of infrastructure services. "We know from a lot of the inquiries we've been receiving from agencies that a lot of them are eager to use this," McClure said. "Infrastructure is near and dear to most of the government CIOs' hearts. It's a big ticket portion of IT spend in federal government, and agencies are asking to find savings in their IT budgets through the use of clouds."
Vendors represented as part of the new contract include: Apptis, which is partnering with Amazon Web Services; AT&T; Autonomic Resources, which is partnering with Carpathia, Enomaly and Dell; CGI Federal; Computer Literacy World, which is contracting with Electrosoft, XO Communications and Secure Networks; Computer Technology Consultants, which is partnering with Softlayer; Eyak Tech; General Dynamics IT, which is also partnering with Carpathia; Insight Public Sector, which is partnering with Microsoft; Savvis; and Verizon Federal.
There are two notable things about that list: Most of the cloud computing providers are actually partnering with federal contractors to provide their services to government; second, a few of what might be seen as infrastructure-as-a-service usual suspects, such as IBM, HP and Terremark, are missing.
"In the long run, the agencies are getting access to major players in the cloud space," McClure said. "It may be through partnering arrangements, and there are obviously business or marketing reasons behind that. But, from our perspective, we're just happy to see there's diversity in this space."
Whether other companies with infrastructure offerings are involved is as much about who bids for the contract as anything else, he added.
GSA has several options as next steps to expand Apps.gov and the infrastructure offerings, McClure said. This specific blanket purchase agreement could be reopened or revised to allow additional competitors to come. Or, new blanket purchase agreements could be opened up for other types of cloud services, such as platform-as-a-service, cloud e-mail and geospatial offerings.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.