The Defense Information Systems Agency wants secure, cloud solutions from industry for data storage, Web hosting, database hosting services and virtual machine services that can replace the need for multiple physical servers. (Army)
- Filed Under
Some contractors are questioning whether the Defense Department’s planned $450 million cloud-computing project will offer the most cost-effective solutions for its customers or merely resell industry products and services for a higher price.
When asked by vendors during a July presolicitation conference in Laurel, Md., if the Defense Information Systems Agency was simply reselling industry’s cloud solutions to its DoD customers, a DISA official said the agency provides needed contracting language for DoD to acquire cloud services and ensure adequate security is built in.
DISA wants secure, cloud solutions from industry for data storage, Web hosting, database hosting services and virtual machine services that can replace the need for multiple physical servers, according to the draft request for proposals. Jack Wilmer, DISA’s deputy chief technology officer for enterprise services, said the draft RFP is an attempt to spark a conversation with potential vendors about how to make secure commercial cloud services available to other DoD agencies.
DISA expects to release the final RFP this month and award seven to 10 contracts in March.
An industry source, speaking on condition of anonymity, said there is nothing innovative or unique about the commercial services DISA wants to offer. “I was very disappointed with the way DISA approached this,” he said. It appears, he added, that DISA is more concerned about meeting mandates to consider commercial providers.
The 2012 Defense Authorization Act requires DoD to develop a strategy to move its data and services from department-owned and operated data centers to cloud computing solutions. Cloud solutions “provide a better capability at a lower cost with the same or greater degree of security” and are generally available in the private sector, the law says.
This has prompted DISA to expand cloud offerings beyond its current private clouds, where services are provided exclusively to DoD and hosted in DISA data centers. But some vendors question whether cloud services provided though DISA will be cheaper for the agency’s customers than dealing directly with cloud service providers. DISA customers will be charged a 2 percent fee for using the contract.
Kaus Phaltankar, chief technology officer at View Trust Technology, said DoD agencies may be more inclined to use the DISA contract for smaller purchases because it would cost more to launch a separate contract. But if the Air Force, for example, need to purchase a cloud solution for the entire service, it might be more economical to go directly to a vendor.
Companies vying for a spot on the contract will have to adhere to strict security requirements.
In addition to meeting governmentwide standards for cloud security, prime contractors must also assure that they have control over the operation and configuration of hardware and software used to store and process government data, according to DISA contracting officials and other DoD representatives at the industry event. DISA requested officials not be identified by name.
DoD requires that vendors have control over processes that could affect government data stored in a commercial facility and control over who has access to DoD information. However, industry concerns about how to adequately meet that requirement forced DISA to clarify what is and is not acceptable. Some small businesses, for example, may not own the facility where government data is stored. DISA officials said vendors who lease or rent data center space could meet the requirement, but they must ensure they have control over the environment.
“Those are requirements by DoD,” one official said. “They are not currently part of FedRAMP [Federal Risk and Authorization Management Program], but it is our expectation these are many things being done by [cloud service providers]. They represent industry best practice.”
Andy Medici contributed to this story.