Cloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA

Cloud Services The Path Forward Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA November 1, 2012

Agenda Integrated Technology Services (ITS) Cloud Acquisition Vehicles IT Security Cloud Broker Concept Appendix Digital Government Strategy Modular Contracting 2

Integrated Technology Services (ITS) 3

How GSA assists Federal Agencies ITS Program Offices administer contract vehicles and deliver acquisition services to customer agencies to buy IT and telecommunications offerings and strategic solutions. What is happening with GSA? 4

Helping agencies to meet their mission GSA believes there is significant value for our customers in having a portfolio of cloud computing services offering. These offerings have the potential to: Lower the cost of providing information technology (IT) services Improve the effectiveness of IT services Improve the speed of deployment of new technology Streamline acquisition responsiveness to agencies Provide a more environmentally efficient way of providing information technology services Cloud Services Factory 5

Cloud Acquisition Vehicles 6

Infrastructure-as-a Service (IaaS) Why use GSA s IaaS Blanket Purchase Agreement (BPA)? In accordance with FAR 8.405-3, a GSA Schedule BPA: Simplifies recurring acquisitions of products and services Provides an opportunity to negotiate further discounts Reduces administrative efforts Obtains best value by leveraging buying power Provides streamlined ordering procedures Allows for quicker turnarounds on orders Incorporates terms and conditions consistent with the underlying contract 7

IaaS BPA Offerings Three (3) Lots offered by one of the 12 IaaS BPA Vendors Data Storage Virtual Machines Server Hosting Online Web Based Storage Store Files & Data Objects Online VMs/ Computing Multiple CPU & OS Types On-demand Self Service Ability to unilaterally provision services without vendor review Online Server Hosting DNS and CDN Capabilities Ubiquitous Network Access Minimum 1Gb/s bandwidth, 2 DC s, 2 different locations within CONUS Location Independent Resource Pooling Provisioning of practically: unlimited storage, comp capacity, memory Rapid Elasticity Provision on demand near real-time request RFQ Required Cloud Computing Characteristics Measured Service Visibility into service usage via dashboard or similar means 8

IaaS Awards to date Eight (8) Awards to Date: DHS Awards CGI Federal, 3 year, $1.8M - Lot 3 - Web Hosting DOL Awards CGI Federal, 5 year, $6M - Lots 2 & 3 Virtual Machines & Web Hosting GSA OCSIT Awards CGI Federal, 5 year, $21M - Lot 3 - Web Hosting NEH Awards Autonomic Resources, 5 year, $250k - Lot 2 - Virtual Machines NARA Awards CGI Federal, 1 year, $80K - Lot 3 - Web Hosting EPA Awards CGI Federal, 3 year, $15M - Lots 2 & 3 Virtual Machines & Web Hosting FTC Awards CGI Federal, 1 year, $231K Lot 3 Web Hosting U.S. Fish & Wildlife Service (USFWS), Wildlife and Sport Fish Restoration Program (WSFR) Awards Apptis (URS), 1 year, $482K - Lot 1 - Storage Awarded $44.6Million out of $76M Estimated IaaS BPA value 9

Email-as-a Service (EaaS) BPA On August 29, 2012 GSA ITS awarded 21 Blanket Purchase Agreements for E-mail as a Service (EaaS) available to Federal, State and Local government agencies. The period of performance is 5 years: a base period of 2 years with 3 one year options. The estimated value of the BPA is $2.5 billion. This is the first governmentwide acquisition vehicle dedicated to Cloud Email services and the migration services which are necessary to help agencies move these services to the Cloud. 10

EaaS Procurement Structure Service Offerings E-mail as a Service Office Automation Electronic Records Management Migration Services Integration Services 5 Service Offerings 4 Delivery Models Deployment Models Government Community Cloud Private Cloud Secret Enclave Cloud Public Cloud 11

Email-as-a Service (EaaS) BPA Reduced Cost: Lower total cost of ownership Estimated to provide $1 million in annual savings for every 7,500 users based on GSA s experience of migrating 17,000 email accounts to Google s public cloud solution. GSA expects to save $15.2M over 5 years or 50% from previous email service Scalable: Rapidly add or reduce mailbox counts based upon mission needs without over purchasing capacity Get Off the Upgrade Treadmill: Cloud Providers perform upgrades without added expense or lengthy deployments Complexity Avoidance: EaaS delivered to a browser or mobile device while provider manages the infrastructure Operational, not capital, spending 12

IT Security 13

FISMA and the Cloud - Introduction FISMA is statuary; Agencies must follow NIST guidelines when using commercial cloud services To assist Federal adoption of Cloud Services, GSA: Launched a Cloud Computing Security Working Group to develop a consistent baseline for moderate services based on NIST 800-53 Awarded Blanket Purchase Agreements (BPA) for Infrastructure-as-a- Service (IaaS) in October 2011 Since FedRAMP had not launched, GSA undertook the Assessment and Authorization of IaaS services GSA has granted an Authority-To-Operate to six (6) providers of eight different services Feb. 2010 Oct. 2010 Aug. 2011 Sep. 2011 Jun. 2012 GSA launches CC Security Working Group GSA awards BPAs to 12 IaaS providers GSA grants first of 8 ATOs to 6 providers First agency (DHS) leverages IaaS ATO FedRAMP launches Initial Operating Capability 14

FISMA and the Cloud - Continued GSA ATO and FedRAMP contain controls and enhancements above the NIST baseline for Low and Moderate impact systems that address the unique elements of cloud computing. Authorizations achieved through GSA ATO and FedRAMP are based on NIST guidance and Special Publications (800 series) NIST Controls FedRamp Controls GSA Controls 252 297 314 0 100 200 300 400 GSA Controls FedRamp Controls NIST Controls Comparison of GSA ATO, FedRAMP and NIST Baseline Security Controls 15

Cloud Broker Concept 16

Cloud Brokerage Concept Vision Federal agencies achieve speed and cost savings in procuring a range of cloud services to accelerate government-wide cloud adoption through a GSA administered cloud service brokerage Goals Standardize cloud service offerings Promote interoperability and portability Move towards pay-per-use Standards monitoring Higher Flexibility Onboarding of new providers Dynamic services Features Drive lower prices Enhanced competition Demand aggregation Consistent processes Standardized terms and conditions Service Level Agreements Security Support range of acquisition types from utility (commodity) to bespoke (customized) 17

Cloud Brokerage Concept Cloud Brokerage Concept Development - FY12 FY12Q2 FY12Q3 FY12Q4 FY13Q1 Brainstorming Group Scopes Need Group Develops RFI RFI Open for Response GSA Analyzing Responses Industry Day Achievements to Date GSA assembled early adopters meetings with representation Write and Publish RFI for from: Industry Response DHS, HHS, DOL, DOJ, NASA, DOD, GSA (including OCSIT, AAS, ITS) Published Request for Information (RFI) on July 17, 2012; available on www.fbo.gov (use link or search for cloud broker at GSA) Hosted Industry Day on August 2, 2012 with over 150 attendees By response deadline of September 21, 2012, GSA received close to 80 responses and over 1500 pages of materials 18

Early Adopters Drivers Business Drivers Increasingly Complex Supply Base (CSPs) Increasingly Complex Demand Base (Agencies) Long Lead Times for Cloud Procurement OMB Directives (FDCCI, Shared Services, Cloud First, etc.) Duplication of Cloud Acquisition across Agencies Need for Standards Across Gov. Cloud Services Security Requirements (e.g. FedRAMP, agency) Continuously Evolving Vendor Technology Cloud Acquisition Sprawl Shrinking Budgets Ecosystem of Partners One Location to Find Customized Services Potential Benefits Reduction of Duplication of Cloud Procurement Efforts Faster Provisioning Increased Competition Among Vendors Federated Security Governance & Policy Mgmt. Neutrality of Broker Central Point of Governance SLA Management Shared Procurement Services Adding Value to Services Enhanced Security Consistency of Quality of Services Increased Transparency Aggregated Services Facilitated Transactions Reducing Complexity for Agencies Maximizing Federal Purchasing Power of Cloud Solutions Across Agencies 19

Questions?

Appendix 21

Digital government strategy GSA s Role 22

Digital government strategy GSA s Role Building a 21st Century Platform to Better Serve the American People Released in May 2012 - Digital Government Strategy guides Federal Government to deliver digital information and services at any time. Strategy Objectives Enable access to high-quality digital government information and services anywhere, anytime, on any device. Ensure government procures and manages devices, applications, and data in smart, secure and affordable ways. Unlock the power of government data to spur innovation across our Nation and improve the quality of services for the American people. 23

Digital government strategy GSA s Role GSA Milestones Digital Service Innovation Center a proving ground for leveraging technology in Government to serve the American people Wireless Federal Strategic Sourcing Initiative (FSSI) Reduce costs and time associated with acquiring commodity wireless services Managed Mobility Bring Government use of wireless technologies to leading edge while meeting Federal security standards Data.gov - Provide a catalog of machine consumable services facilitating the big data needs of a worldwide audience Dot Gov Guidance - Ensure all new digital services meet improvement guidelines and provide support to agencies 24

Digital government strategy GSA s Role Center for Excellence in Digital Government Under the Office of Citizen Services & Innovative Technologies (OSCIT) the Center provides government-wide support and solutions that help agencies deliver excellent customer service to the public via web, social media, mobile, phone, email, print and newly evolving media DigitalGov University HowTo.gov Federal Web Managers Council Innovation Challenges and Prizes to Promote Open Government Citizen Engagement Platform 25

Digital government strategy GSA s Role Reference only: Milestones as posted in the Digital Government Strategy # Milestone 1 3 6 12 2.3 Expand Data.gov to include a web API catalog that centrally aggregates web APIs posted on agencies /developer pages. 3.1 Establish a Digital Services Innovation Center to improve the government s delivery of digital services. 5.1 Establish government-wide contract vehicle for mobile devices and wireless service. 5.5 Set up a government-wide mobile device management platform. 6.2 Update the dot.gov domain guidance and procedures to help ensure all new digital services meet improvement guidelines and provide support to agencies. 26

What is Managed Mobility? Managed Mobility is a Broad Solution Concept that Addresses: Securing Mobile Devices that have Increasing Access to Core Agency Data and Applications Multi-OS Device Management Managing the Growth of Mobile Applications Centralized Reporting Mobility Program Managed Mobility Policy Implementation and Management (i.e. BYOD, personal use, etc) Wireless FSSI Managed Mobility enables wireless assets to become a fully integrated component of the IT enterprise across the entire continuum from acquisition to disposal and disposition. The Wireless FSSI is a cross government initiative sponsored by the Office of Management and Budget (OMB) and the Strategic Sourcing Working Group (SSWG). 27

What is Status? Mobility Management Across the Federal Government The need and challenges are recognized across many agencies. Varying levels of development are underway. Federal CIO VanRoekel tasked GSA in his May 24 th Digital Government Strategy Release with developing an initial Mobility Management platform based on cross-government needs The Managed Mobility Program will be a sister program to the Wireless FSSI and address the increased management needs identified in the Wireless FSSI 28

Managed Mobility Program Goals and Objectives Users and Customers Right tool for the right job Access to applications and data External Stakeholders (e.g., Citizens, Congress, OMB) Cost Control Access to applications and data Strategic Goals for Managed Mobility Comprehensive Mobile Security Management Acquisition and Operational Cost Savings Provide Foundation for Mobile Application Development, Management and Deployment Enable Comprehensive Mobile Policy and Operational Management Agency and Mission Directors Ability to meet evolving mission requirements Ability to adopt technology Control cost and deliver increased value to all stakeholders Compliance and Management: Ability to develop and implement policy CIOs and CTOs Security: Implement and mange Application Deployment and Management Policy Management 29

Modular Contracting 30

Modular Contracting What is Modular Contracting? Use one or more contracts to acquire Information Technology in successive, interoperable increments (FAR subpart 39.002) Used as an acquisition method to mitigate and reduce risk associated with acquiring Information Technology Benefits: Smaller acquisitions provide flexibility by using technology on incremental basis Avoids spending substantial funds on outdated solutions Offers additional opportunities to small businesses GSA s Role: GWACs and Federal Supply Schedules support modular contracting through Task Orders Resources: OMB s Contracting Guidance to Support Modular Development ; GSA s Technology Programs 31