Cloud Procurement Discussion Paper. For Comment



Similar documents
Cloud Panel Draft Statement of Requirement

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

CSO Cloud Computing Study. January 2012

HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

IS PRIVATE CLOUD A UNICORN?

Cloud Computing in a Government Context

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Developing a Risk-Based Cloud Strategy

The NIST Definition of Cloud Computing (Draft)

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Tasmanian Cloud & Government use of public cloud services

G-Cloud. Lifting the digital cloud

The NIST Definition of Cloud Computing

/ WHITEPAPER / THE EVOLUTION OF CLOUD ADOPTION IN AUSTRALIA. By Melbourne IT Enterprise Services

GovDC Marketplace information pack


AGIMO and whole-of-government ICT Policy

Using the Cloud to fill the void between the business and the IT Department

New Zealand Cloud Computing Code of Practice

White Paper on CLOUD COMPUTING

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Computing Masterclass

Trends in Business Intelligence

Cloud Computing and Records Management

NATO s Journey to the Cloud Vision and Progress

Kent State University s Cloud Strategy

Berlin, 15 th November Mark Dunne SaaSAssurance

Incident Handling in the Cloud and Audit s Role

Cloud Computing in the Victorian Public Sector

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

G-Cloud II Services Service Definition Accenture Cloud SaaS Implementation Services Google Apps

Commercial Software Licensing

Mapping and Geographic Information Systems Professional Services

CHAPTER 8 CLOUD COMPUTING

GAMP 5 as a Suitable Framework for Validation of Electronic Document Management Systems On Premise and 'In the Cloud' Keith Williams CEO GxPi

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

OPEN SOURCE SOFTWARE AND THE AUSTRALIAN GOVERNMENT

Australian Government Cloud Computing Policy

ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Australian Government Cloud Computing Policy

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

Technology & Business Overview of Cloud Computing

Cyber Security Symposium 2015 September 29,2015

Australian Government Data Centre Strategy Industry Briefing - 2 December 2010

Cloud Computing. Bringing the Cloud into Focus

CLOUD COMPUTING S IMPACT ON OUTSOURCING IT SAURABH SHARMA TUCK 12

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption

opinion piece Cloud Computing The journey begins

Strategies for Secure Cloud Computing

Cloud Computing; What is it, How long has it been here, and Where is it going?

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

The HIPAA Security Rule: Cloudy Skies Ahead?

Flying into the Cloud: Do You Need a Navigator? Services. Colin R. Chasler Vice President Solutions Architecture Dell Services Federal Government

Cloud Terminology Handbook

G-Cloud and the Digital Marketplace. G-Cloud and the Digital Marketplace. The opportunity for small businesses

G-Cloud II Services Service Definition Accenture Cloud PaaS Implementation Services AWS Beanstalk

2012 Cloud Computing. Key Trends and Future Effects

Cloud service model provides levels of abstraction and automation for those tasks

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Dr.K.C.DAS HEAD PG Dept. of Library & Inf. Science Utkal University, Vani Vihar,Bhubaneswar

PLATFORM & INFRASTRUCTURE AS A SERVICE

Improving IT Service Management Architecture in Cloud Environment on Top of Current Frameworks

Cloud Computing in a Regulated Environment

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

CLOUD COMPUTING. A Primer

CLOUD COMPUTING S IMPACT ON OUTSOURCING IT SAURABH SHARMA TUCK 12

SaaS, PaaS & TaaS. By: Raza Usmani

Private Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist

UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public. 2:51 Outsourced Offshore and Cloud Based Computing Arrangements

Legislative Council Panel. on Information Technology and Broadcasting. Implementation of a Government Cloud Platform

Data Protection Act Guidance on the use of cloud computing

OPEN PROCEDURE INVITATION TO TENDER FOR

EDC Collaboration White Paper Cloud Companion SM IT Services Delivery Transformation

Why Private Cloud? Nenad BUNCIC VPSI 29-JUNE-2015 EPFL, SI-EXHEB

Title of the Paper: ACQUISITION OF VIRTUAL INFRASTRUCTURE FOR EGOVERNANCE. Theme: TECHNOLOGIES FOR REDEFINING INDIA. Keywords:

1. From the CIO Strategic Direction for Cloud Computing at Kent State Cloud Computing at Kent State University 5

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Cloud Business Guide for Business Leaders. March 2016

Towards the Cloud! Ian Osborne Director, Digital Systems KTN, Intellect

Information Security: Cloud Computing

Software-as-a-service Delivery: The Build vs. Buy Decision

Capability Paper. Today, aerospace and defense (A&D) companies find

How To Get A Cloud Based System In Your Country

Managing Cloud Computing Risk

6 Cloud strategy formation. 6.1 Towards cloud solutions

Federal Cloud Computing Initiative Overview

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Table of Contents. Abstract. Cloud computing basics. The app economy. The API platform for the app economy

G-Cloud IV Services Service Definition Accenture Force.com Cloud Services

Timo Koskinen, Cloud Computing Leader & Chief Technologist, IBM Finland IBM Corporation

The IBM SmartCloud Enterprise and hybrid solution for simple, secure integration and management of public & private clouds

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

Five Tactics to Hybrid Cloud Success

Transcription:

Cloud Procurement Discussion Paper For Comment AUGUST 2014

Acronyms Acronym AGIMO ASD DCaaS MUL IaaS NIST PaaS RFT SaaS SCS Definition Australian Government Information Management Office Australian Signals Directorate Data Centre as a Service Multi Use List Infrastructure as a Service National Institute for Standards and Technology (Refer to Appendix A for details) Platform as a Service Request for Tender Software as a Service Specialist Cloud Services

Table of Contents Acronyms 2 Introduction 4 Purpose 4 Proposed Procurement Model 4 Proposed Panel Structure 5 Agency and Industry Engagement 6 Initial Setup 6 Flexible arrangement to add Categories and/or Suppliers 7 Liability and Insurance 7 Considered Funding Models 8 Policy Environment and Impact 9 A Snapshot of the Marketplace 9 Conclusion 10 Discussion Points 10 Appendix A: General Definitions 11 Appendix B: Statement of Requirement (Separate document) 13 Appendix C: Service Evaluation Scenarios (Separate document) 13

Introduction Finance established a Data Centre as a Service Multi Use List (DCaaS MUL) in October 2012 to provide Agencies with a simple way to procure cloud and cloud-like services under $80,000 (inc GST) for terms of less than 12 months. The DCaaS MUL has been successful and well received by Agencies with over 35 contracts being signed under the MUL at a total value in excess of $1.4 million (ex GST). Feedback provided by Agencies indicated that take-up of cloud services could have been higher, if the DCaaS MUL did not have the limitations on contract duration and value. Finance has undertaken research to identify what is currently in the marketplace both nationally and internationally including how governments have approached the implementation of cloud services and the key factors that may affect Agencies and suppliers. In line with egovernment and Digital Economy election commitments and following the success of the DCaaS MUL, Finance has investigated a number of procurement methods for cloud services with the intention of identifying an appropriate approach to market in the 1 st quarter 2014/2015 to form a Whole of Government arrangement for cloud services. Purpose The objectives of establishing a whole of government cloud procurement are to: provide simple access to cloud procurement for Agencies; and support a flexible, agile and competitive marketplace for cloud services. The purpose of this discussion paper is to promote feedback and suggestions from government Agencies and industry, including on the model that will deliver the best outcomes for government and encourage innovation in the use of cloud services. The proposed model may change following consultation, for that reason interested suppliers should not rely on the statements in this paper. The final procurement model will be outlined in the approach to market documentation provided through AusTender when the tender is released. Proposed Procurement Model The whole of government approach to cloud procurement needs to provide a flexible mechanism for Agencies to procure cloud services. Participation Finance considers that a cooperative (voluntary) procurement approach is suitable for this procurement due to the following reasons: The maturity of the market is insufficient to treat cloud services as a commodity; The Government has not directed this procurement to be undertaken as a coordinated procurement; and Discussion Paper Cloud Procurement 4

The primary objective of this Panel is not to generate savings but to encourage and support Agencies in considering cloud options and in moving to the cloud. Finance intends to establish a panel of cloud service providers through an open approach to market and be made available to Agencies including: Timing All Corporate and Non-corporate Entities subject to the Public Governance Performance and Accountability Act 2013 (Cth); Any other body governed by the Governor-General or State Governor or by a Minister of State of the Commonwealth or a State or Territory including departments in State or Territory Governments; and Any other body over which the Commonwealth or a State or Territory exercises control. Finance intends to approach the market in 1 st expected to be established in December 2014. quarter 2014/2015 with the Panel Contract Term and Value The term of the arrangement is to be two years, with four extension options of one year each. The procurement approach is intended to be iterative with a separate approach to market occurring every 12-18 months to encourage new vendors and new offerings to be added to the Panel. The term of the agreement will alter with each iteration so that all vendor agreements have the same end date. Agencies may enter into contracts with a different term to the Panel, depending on Agencies individual requirements. There is no intention to cap contract value under this arrangement in which will provide Agencies with greater opportunities for procuring cloud services. Proposed Panel Structure Services in Scope of the Panel The Panel of cloud services will potentially include services under specific Service Models, as defined by the National Institute for Standards and Technology (NIST) and outlined in Appendix A: Software as a Service; Platform as a Service; and Infrastructure as a Service. In addition to the above service models, cloud specialist services (such as cloud integration and optimisation, etc.) can be procured under the service model of Specialist Cloud Services. Services Out of Scope of the Panel Services which do not meet the NIST definition of cloud will not be included in the proposed Panel arrangements, nor will any services or products provided by existing whole of government coordinated procurement arrangements. Discussion Paper Cloud Procurement 5

Agency and Industry Engagement Finance has engaged with Commonwealth Agencies and industry to ensure the Statement of Requirement reflects services that are both in demand and available from industry. Finance invites feedback and comments on a draft Statement of Requirement at Appendix B which includes proposed service specification templates and sample service evaluation scenarios at Appendix C. Agency Working Group meetings have been undertaken by Finance with a range of Agencies, from micro to large. The Working Group gave Agencies the opportunity to express their requirements, security issues and other factors. Key outcomes from these forums were: Feedback on the Statement of Requirement: o o o Definition of Cloud Computing; Structure of the Panel; and Scope of Service. List of possible categories for inclusion in the initial set up of the Panel: o Specifications for individual Categories. In addition to the Agency Working Group, Finance conducted an open survey in May 2014, invitations were sent to all suppliers listed on the DCaaS MUL, members of the Australian Information Industry Association and a general invite via the Finance Blog. This survey was well received with 70 organisations completing the survey and providing Finance with feedback from industry identifying key themes in relation to obstacles, lessons learned from previous implementations and general advice: A high level of support from industry for a centralised approach for various reasons. Promote Agency awareness of considerations in the adoption of cloud services eg: the transition requirements for cloud services, the required skill sets within Agencies; and the perceived issues around data sovereignty/policy/security. Industry feedback indicates that Agencies need to ensure requirements are clearly defined but need to be open to alternative solutions. For example, when procuring SaaS, Agencies should not dictate the service stack. Industry states that there is a need to ensure that the service catalogue is sufficiently accurate to differentiate the scope of services being offered; and accept multiple pricing models, as this will provide Agencies with flexibility in their decision making process. Initial Setup Finance will approach the market for limited categories in the first instance to cater for current products in demand based on feedback received through engagement with Agency and industry. As demand changes over time, Finance will add more categories Discussion Paper Cloud Procurement 6

through the iterative refreshes of the Panel. The initial approach to market will include nine categories as per the following diagram. Figure 1: Proposed Structure of the Cloud Panel Service Model Proposed Structure of Cloud Panel Cloud Panel SaaS PaaS IaaS SCS - CRM - ERP - IT Service Management - Productivity Solutions - Application Deployment - Web Hosting - Compute - Storage - Cloud Specialists ` Flexible arrangement to add Categories and/or Suppliers During the life of the Panel Arrangement, suppliers will have the opportunity to join the Panel or add new service offerings, which will benefit both Agencies and industry. This will provide flexibility to capture new services available in the market and also increase competition. Providing multiple opportunities for suppliers to join the Panel will allow new industry participants to access government business. Industry participants that are accepted at the commencement of the Panel will enter into contracts for a term of two years, with four one-year extension options. Once a supplier has been appointed to the panel it is intended that they will be able to update their services as required, with the approval of Finance. Liability and Insurance Finance aims to support a level playing field for small, medium, or newly established companies by providing the same opportunities available to mature and large companies. In doing so, Finance intends to offer industry participants the opportunity to apply for insurance under a just-in-time arrangement. That is, for participants, once they have secured a contract to then increase their insurance to the appropriate level. Discussion Paper Cloud Procurement 7

Further, Finance proposes that liability be capped at whichever is the greatest: two times the agreed contract value or the amount paid to the supplier under all contracts under the Head Agreement in the previous 12 months. Finance is also open to have this amount agreed with Agencies at the contract level. Finance considers this approach would encourage a wide range of industry participants from small start-ups to large mature companies to be represented on the Panel. Considered Funding Models It is proposed that an administrative charge to be applied to recover the cost of the establishment and the on-going management of the cloud Panel. Finance runs many of its Panels on a cost recovered basis, and it is intended that this Panel be managed in the same manner. As this Panel will be voluntary, it is more difficult to recover funds as purchases through the Panel are not guaranteed and Agencies may avoid using the Panel to avoid paying fees. Several possible funding models have been considered: Funding Model 1 Cost recovery of administering the Panel will be borne by Tenderers via an application fee. This application fee may be scalable; if a business applies for one model and one service, the fee would be less than a business applying for multiple models and/or services. Funding Model 2 The Panel Usage Fee is to be borne by each Agency on a per use basis. A fixed percentage is applied each time the Agency uses the Panel Arrangement. Funding Model 3 The Panel Usage Fee is to be borne by Agencies on a tiered approach. This tiered approach was considered, however, has not been modelled due to the insufficient availability of data. This model will be reviewed after the first iteration of the Panel. Funding Model 4 Panel Usage Fee is borne by Agencies on a subscription basis. Agencies pay a one off fee at the Agency level, scalable (depending on size of the Agency), regardless of whether they use the Panel; this will encourage Agencies to actively participate on the Panel as they have paid the cost upfront I have paid for this, so therefore I might as well use it. Risks Complaints from tenderers who do not obtain business through the Panel. May be cost prohibitive for start-up or small businesses applying for the Panel. Risks Agencies use the Panel for short listing only, therefore, bypassing the requirement of payment. Cost to smaller Agencies may be prohibitive to participation. Risks Insufficient data available through AusTender on contract values for cloud computing in excess of $80,000. Risks The make-up of Agencies will change over time which may reduce the cost recovered. Discussion Paper Cloud Procurement 8

The preferred model is a scaled-down version of Model 1, which is an application fee of $250 per Service for tenderers. This model should not financially disadvantage niche businesses that may only have one service to offer. A supplementary fee from Agency participation may be introduced, however, details of which have yet to be determined. It is proposed that the funding model used for this Panel is reviewed after 12 months to ensure that the funding model remains fair and relevant in consideration of Panel usage. Policy Environment and Impact As part of the Commonwealth policy environment, Agencies are required to comply with relevant policies as released by the sponsoring portfolios. This discussion paper does not seek comments on the implementation of these policies however they need to be considered in the discussion points that may be raised. As with all policy documents, regular reviews will be undertaken and any arrangement that Finance puts in place for cloud procurement will need to be compliant. The relevant cloud policies are listed below with links to the documents for further reading: Australian Signals Directorate (ASD) 2014: Information Security Manual Department of Finance (AGIMIO) July 2013: Australian Government Cloud Computing Policy V2.1 Attorney-General s Department (Protective Security) July 2013: Australian Government Policy and Risk management guidelines for the storage and processing of Australian Government information in outsourced or offshore ICT arrangements V1 Department of Communications May 2013: National Cloud Computing Strategy Australian Government Data Centre Strategy 2010-2025 A Snapshot of the Marketplace International Governments Cloud Arrangements Cloud Procurement initiatives are being introduced globally by government organisations and are at different levels of maturity. The challenge for the Australian Government is to look at what has worked well at a State and Territory level and what trends are emerging in international markets. The United Kingdom (UK), United States of America (USA), New Zealand, Singapore, Europe and Canada are each at a different level of maturity and have different approaches to how they implement their cloud solutions. For example, parts of the USA have adopted a Government Cloud. The Australian Government has considered this option, however, initial thoughts are that Finance may not be able to leverage the full flexibility of a single government cloud service offering. A list of some of the global cloud arrangements are included below with links to the documents for further reading: United Kingdom (Cloud Store UK Gov) United States of America Discussion Paper Cloud Procurement 9

New Zealand Singapore Domestic Cloud arrangements Cloud computing is in its relative early stages of implementation across the majority of the Australian states and territories. There are several states that have policies or strategies in place, these are listed below with links to the documents for further reading: New South Wales Victoria Queensland Conclusion This discussion paper has been provided to assist with commentary from Agencies, industry and relevant third parties on Cloud Procurement. Finance welcomes feedback on the issues identified in the Discussion Points box below. Feedback should be provided via email to CloudProcurement@finance.gov.au. Finance looks forward to engaging in robust and relevant discussion in relation to the Discussion Points listed within this paper, cloud services and the proposed procurement model. Discussion Points Finance would like your feedback and comments on the following: the proposed contract term the proposed iterative approach of refreshing the panel the proposed flexibility in adding categories and suppliers to the panel the liability cap set for each individual contract and agreed with the customer on a contract by contract basis the proposed approach for suppliers to have just-in-time insurance based on contracts secured the proposed funding model the proposed Statement of Requirement(Appendix B) the specification templates of individual categories (Appendix B) the sample evaluation scenario (Appendix C) Are there any key issues relevant to cloud procurement you would like to comment on? Discussion Paper Cloud Procurement 10

Appendix A: General Definitions National Institute for Standards and Technology (NIST) The NIST Special Publication 800-145 has the following definitions: Essential characteristics of Cloud Computing: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service. Service Models Software as a Service (SaaS): The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g. web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g. firewalls) UK G-Cloud defines: Specialist Cloud Services (SCS): Support services associated with the different service models above. These may include services to transfer data/configuration between G- Cloud providers, management and support of applications (workloads) operating on G- Cloud services, multi-supplier service integration services and cloud strategy and implementation services. The Attorney-General s Department defines: Domestically hosted public cloud: Information is stored or processed in equipment which is located in Australia, offers services to the public, and is not under the direct control of the Commonwealth Government. It involves an organisation using a tenderer s cloud infrastructure which is shared via the internet with many other organisations and members of the public. Domestically hosted private cloud: Information is stored or processed in equipment which is located in Australia and is restricted to a single or small class of tenants. The Discussion Paper Cloud Procurement 11

facility can be under the direct control of the Commonwealth Government. It involves an organisation s exclusive use of cloud infrastructure and services located at the organisation s premises or offsite, and managed by the organisation or a tenderer. Community Cloud: Involves a private cloud that is shared by several organisations with similar security requirements and a need to store or process data of similar sensitivity. Finance defines: Agency: i) All Corporate and Non-corporate Entities subject to the Public Governance Performance and Accountability Act 2013 (Cth); ii) iii) Any other body governed by the Governor-General or State Governor or by a Minister of State of the Commonwealth or a State or Territory including departments in State or Territory Governments; and Any other body over which the Commonwealth or a State or Territory exercises control. Discussion Paper Cloud Procurement 12

July 2014 Appendix B: Statement of Requirement (Separate document) Appendix C: Service Evaluation Scenarios (Separate document) Discussion Paper Cloud Procurement 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information