Cloud vendors get $77M opportunity from GSA

Standards are up in the air, security questions linger and misconceptions abide, but the push to the cloud continues to gather strength, this time from the General Services Administration’s five-year, $76.5 million blanket purchasing agreement for infrastructure as a service (IaaS).

Via the government’s cloud services storefront, Apps.gov, the 11 contract winners can provide federal, state, local and tribal governments with cloud storage, virtual machines and Web hosting services. Contract-holders range from single providers to teams.

Stand-alone contract winner Verizon Business will provide IaaS via its cloud computing platform and will offer virtualization and data center consolidation services.

Although use of cloud in government might be sparse — no bigger than a man’s hand, as some would have it — that’s on the brink of change, said Susan Zeleniak, president of Verizon Federal Business. In public and private enterprises, “the use of everything as a service is really starting to blossom,” she said. “And our experience in most technologies is that once a few people figure it out, then a whole lot of people figure it out. So we really expect this to be a game changer.”

The company recently won a Schedule 70 federal agency contract to provide primarily computing as a service, also referred to as platform as a service, Zeleniak said.

GSA IaaS contract winner Apptis Inc., partnered with Amazon Web Services, also has seen interest and implementation of cloud services increase. It already has a handful of federal agency cloud customers, including the Homeland Security Department, through GSA’s Schedule 70, said William Perlowitz, vice president of advanced technology at Apptis.

One customer agency is redeveloping its public-facing website in the cloud, Perlowitz said. “So we’re doing the agency’s public website for something like $7,000 a month,” he said. “The argument for cloud doesn’t get more compelling than that.”

But as compelling as controlling cost is, it is cloud security that makes agency CIOs twitchy — one reason federal agencies “tend to be interested primarily in private clouds,” Zeleniak said.

Security was the top cloud concern for 75 percent of IT executives in IT research consulting firm IDC’s 2008 enterprise panel, and that level of concern continues, according to the National Institute of Standards and Technology.

Security is also a top concern at Verizon, said Ken Biery, cloud security strategist at Verizon. For example, he said “on our IP network, we have more than a million sensors that sit on our backbone and that’s where we gather information about activity, and we can identify user devices or nodes that are trying to attempt malicious activity,”

Such efforts by the telecommunications company to secure its global IP, wired and wireless networks is one reason “we think we’re in such a good position to support government networks from a security perspective,” Zeleniak said. “It’s what we do for a living.”

But if all roads lead to Rome, the roads themselves are not identical. Apptis is a pioneer in a new contracting niche, that of a cloud broker to handle acquisition and maintenance of cloud services.

“Cloud brokers act as intermediaries to explain the requirements of government to cloud vendors, so the customer has a single point of contact for everything,” Perlowitz said.

Although government business processes often resemble those in private enterprise, federal agencies have requirements that private-sector organizations don’t have, such as government-only data centers located only in the United States and Section 508 accessibility standards.

“Government also has billing requirements,” Perlowitz said. “They need monthly billing, and they need to have a ceiling set. While private enterprises can just give us a credit card number and use what they need, government can’t.”

The company’s FedCloud portal, with Amazon Web Services’ infrastructure serving as the back end, “only lets agencies select those services that meet government requirements and makes it easier for agencies to comply,” he said.

A prerequisite for all GSA Cloud IT contract winners is certification and accreditation, at the Federal Information Security Management Act moderate impact data security level, by GSA’s Office of the CIO.

That GSA-awarded authority to operate immediately advances agency cloud service acquisitions to the 80 percent mark for FISMA compliance, Perlowitz said. “Agencies are then responsible for only 20 percent — ensuring their applications are FISMA-compliant,” he added. “We do the operational work, and the customer adds the application piece, which means agencies effectively shift 80 percent of the work [toward ensuring FISMA compliance] to us.”

Although the total contract is for $76.5 million over five years, that spending is likely to soar, in part from the push to the cloud by Federal CIO Vivek Kundra.

“In total, spending on public IT cloud services, [excluding private cloud spending], will grow from $16.5 billion in 2009 — a modest, recession-driven haircut from last year’s forecast — to over $55 billion in 2014,” said Frank Gens, senior vice president and chief analyst at IDC. “This is scorching-fast growth of 27 percent per year.”