U.S. General Services Administration Government Cloud / Data Center Conference Presented by Stan Kaczmarczyk
CCS PMO - Overview The Cloud Computing Services (CCS) Program Management Office (PMO) is an organization within GSA s Federal Acquisition Service, (FAS) Office of Integrated Technology Services (ITS). DEVELOPS & MANAGES cloud focused acquisition vehicles and services. PROMOTES Cloud Adoption & Innovation across the Government through offered services. PARTNERS & COLLABORATES across the government to understand customer business needs; & with industry to track market trends. ASSISTS government stakeholders with their cloud acquisitions and cloud strategy.
CCS PMO - Key Initiatives The CCS PMO manages a portfolio of cloud offerings & services, included but not limited to: The two (2) Cloud Blanket Purchase Agreements (BPAs): INFRASTRUCTURE AS A SERVICE (IAAS) EMAIL AS A SERVICE (EAAS) Champions next generation cloud initiatives such as: Cloud Services Broker (CSB) Market Research and Proof of Concept (POC) (Project completed in April 14) Proposed addition of new Cloud SIN on IT Schedule 70 Market Research (Project in progress)
CCS PMO Ancillary Initiatives The CCS PMO conducts following additional efforts to promote cloud adoption and innovation across the government : MARKET RESEARCH to keep abreast with market trends and Information Technology (IT) innovation. SPONSORS & SUPPORTS Good for Government Initiatives sharing lessons learned and best practices. PARTNERS & COLLABORATES across the government to reduce duplicate efforts and promote efficiency. Offers PROGRAM, TECHNICAL, ACQUISITION and FACILITATION SUPPORT to GSA internal and external stakeholders. COMMUNICATES with customers, industry & other stakeholders REPORTS (to OMB, Congress, media others) on cloud progress
CCS PMO managed Cloud Contract Vehicles BPA (POP: 10/15/2010-10/14/2015) This BPA enables the Government to buy services from 3 Lots: Cloud Storage, "Virtual Machines, and/or Web Hosting EaaS BPA (POP: 09/01/2012 08/31/2017) This BPA enables the Government to Buy from 5 Service Lots: And Select from 4 delivery models: E-mail as a Service, Government Community Cloud, Office Automation, Private Cloud, Electronic Records Management, Secret Enclave Cloud or Migration Services and/or Public Cloud Integration Services The and EaaS BPAs leverage IT Schedule 70, one of the most widely used IT acquisition offerings available to federal, state, local and tribal governments.
Advantages of using existing GSA Vehicles Purchasing cloud services through an existing contract is faster and less costly. In accordance with FAR 8.405-3, a GSA Schedule BPA: Simplifies recurring acquisitions of products and services Provides an opportunity to negotiate further discounts Reduces administrative efforts Obtains best value by leveraging buying power Provides streamlined ordering procedures Allows for quicker turnarounds on orders Incorporates terms and conditions consistent with the underlying contract On an average, the agencies completed procurement and made an award against GSA s BPA within 2 months after releasing their solicitation.
GSA ITS Cloud Activity 2011 to present, Almost $1 billion in awarded Cloud Computing Services PMO More than 20 different government agencies customers BPA total sales: $52.1 million / Top 3: General Services Administration (OCSIT) Environmental Protection Agency (EPA) Department of Labor (DoL) EaaS BPA total sales: $107.5 million / Top 3: Health and Human Services (HHS) National Archives and Records Administration (NARA) The Space and Naval Warfare Systems Command (SPAWAR) More than a dozen opportunities in progress Additional $40 Million awarded by Department of the Army based on GSA EaaS BPA.
GSA ITS Cloud Activity GWACs Nearly 20 different federal agencies using GSA GWACs for Cloud solutions $808 million in total awards / Top 3: Department of Defense Defense Travel Management Office Department of Treasury Department of Justice Alcohol Tobacco and Firearms Projections for 2016 and 2017 at GSA Financials Second half of FY2015 FY2016 FY2017 Projected Business Volume $1,067 $2,250M $2,254M Cost Savings to Customers (Conservative Estimate based on Deltek data. It projects an average of 12% cost savings, i.e., moving from legacy system to the cloud migration and deployment.) $145.5M $306.82M $331.9M
GSA Acquisition Hallway Acquisition Gateway - https://hallways.cap.gsa.gov Contract information Pricing Tools Best practices Data supporting agency programs Data supporting acquisition planning
FedRAMP and the Cloud FedRAMP creates the mandatory government-wide requirements for security authorizations of cloud computing based IT services. December 8, 2011 OMB Policy Memo Federal policy for the protection of Federal information in cloud services : Established the Joint Authorization Board (JAB) governing body of FedRAMP CIO s of GSA, DoD, DHS Details agency compliance requirements All agencies must ensure any use of cloud computing based IT services meet the FedRAMP requirements by June 2014
Why FedRAMP? Do once, use many times framework Problem: A duplicative, inconsistent, time consuming, costly, and inefficient cloud security risk management approach with little incentive to leverage existing Authorizations to Operate (ATOs) among agencies. Solution: FedRAMP Uniform risk management approach Standard set of approved, minimum security controls (FISMA Low and Moderate Impact) Consistent assessment process Provisional ATO
FedRAMP Policy Framework FedRAMP fits within the same framework agencies are using currently to provide security authorizations of IT services FedRAMP is how agencies implement FISMA for use of cloud based IT products and services Essentially, FedRAMP is a supplemental policy to OMB A-130 for security authorizations. Agencies are still required to grant individual authorizations
FedRAMP Compliant CSPs JAB Provisional Authorizations Autonomic Resources IBM PaaS CTC w/ Autonomic Resources SaaS HP ECS- VPC CGI Federal Lockheed Martin SolaS-I AT&T SaaS Microsoft GFS Akamai CDN Microsoft Azure w/ MS GFS PaaS Agency Authorizations Amazon US East West Amazon GovCloud USDA (NITC) For more information: Visit www.fedramp.gov
Hybrid vs. Private vs. Public Cloud Private Cloud appeals to those agencies that desire full control over their data, secured behind an internal firewall which guarantees more control over security. More control over compliance management Price will be higher, due to the dedication of hardware, a price most are willing to pay in order to meet the security and compliance issues. Public Cloud, open and shared environment, where the server is inhabited by other organizations. Security and compliance is a concern. Pay as you go, without contracts Shared hardware to assist in lowering the costs. Utilized by organizations where security / compliance is not a concern. Great for development projects, or web servers, but most larger organizations and agencies are forced, due to the security and need for compliance, to go to a private or hybrid cloud. Hybrid Cloud, combination of private computing resources (data centers and private clouds) and public services, where some of the services existing in these environments touch each other.
Establishing a Hybrid Cloud Strategy For a successful hybrid cloud strategy, a phased approach has proven to be best: Examine all the different cloud options / solutions that meet your organization s needs. Identify the blend of public cloud and on-premises solutions that fit your organization to create the best possible combination. Consider the capabilities / scalability of the cloud solution over time Establish which capabilities public cloud providers will offer, and which your team will offer. Establish and document any kind of post-migration support your team will need, if you are equipped to provide it, and if not, how will you get prepared to do so.
17