GSA's Google Apps award raises Microsoft’s hackles

Microsoft Corp. is questioning the General Services Administration’s decision to amend a request for proposal that resulted in Unisys Corp. winning a $6.7 million contract for a cloud-based e-mail system for GSA that would store data in overseas locations, contrary to prior agency regulations.

Unisys won the five-year task order to build the platform using Google Apps for Government so GSA employees could collaborate and work remotely from any location at any time.

The award makes GSA the first federal agency to move e-mail to a cloud-based system agencywide, agency officials said.

In a statement dated Dec. 1, Microsoft said it was disappointed with the GSA decision.

“Our [Business Productivity Online Suite]-Federal proposal was a conscious decision to provide GSA with U.S.-only data center support, where data is maintained in the U.S., administered by U.S. citizens with background checks, in accordance with [International Traffic in Arms] standards in a [Federal Information Security Management Act]-certified environment,” the company said in the statement.

The software giant said its offering “meets the most stringent requirements of governments and we are working with several agencies who see this as essential.”

According to GSA Confidentiality, Security and Privacy requirements, “all data at rest will reside with the contiguous United States, the District of Columbia, and Alaska with a minimum of two data center facilities at two different and distant geographic locations.”

In a statement of Sept. 10 citing its reasons for the modification, GSA said, “Our primary concern was and continues to be for the security of our data.”

But as more information about software as a service has emerged since GSA issued the RFP, the agency said it “has gained a better understanding of the level of maturity of this new and exciting environment.”

The statement added that “while GSA prefers a location within the United States, we recognize we may have equated location with security and excluded other factors that could also ensure the security of our data, which unduly restricted offerors.”

Therefore, the agency said, GSA had revised the requirement. “The requirement for the minimum two data centers is still applicable; however, offerors are provided the opportunity to review their proposals in relation to the revised [contiguous United States] requirement.”

GSA requested that all responders to the RFP clarify how they intended to meet the security requirement, regardless of location.

“The paramount concern for all of GSA’s decisions in this case and every case is information security,” Casey Coleman, GSA’s chief information officer, said Dec. during a conference call with reporters. “The cloud, while it offers considerable economies and efficiencies, security is still paramount."

“So, the vendor team is required to comply and will comply – and we will monitor them to make sure that they are compliant with all applicable federal regulations and requirements regarding information security,” she said.

The Unisys contract requires that data ownership and control remain with GSA, Coleman said. “The data cannot be used by any other party for any purposes and cannot be released without GSA authorization.”

All key individuals will be required to undergo background checks, Coleman said, and if GSA should ever end the agreement, all data will be moved from the Google servers, whose location she declined to cite.

Asked why GSA awarded the contract to Unisys, Coleman said, “The award went to the proposer who offered the best value solution according to GSA objectives,” which included modernization of the e-mail systems, an effective collaboration and working environment, and a reduction in the burden of government maintenance of the systems.

Responding to a request for comment, Unisys public relations director Brad Bass said, “Unisys plans to deliver to GSA a secure, FISMA-compliant solution to increase employee productivity while saving money. We are excited about this contract award and look forward to working with GSA. However we cannot comment on issues specific to this procurement.”

Unisys Corp., of Blue Bell, Pa., ranks No. 38 on Washington Technology’s 2010 Top 100 list of the largest federal government contractors.