cloud services the path forward - itpancc
TRANSCRIPT
Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA
November 1, 2012
Cloud Services – The Path Forward
Agenda
2
• Integrated Technology Services (ITS)
• Cloud Acquisition Vehicles
• IT Security
• Cloud Broker Concept
• Appendix
Digital Government Strategy
Modular Contracting
Integrated Technology Services (ITS)
3
ITS Program Offices administer contract vehicles and deliver acquisition services to customer agencies to buy IT and telecommunications
offerings and strategic solutions.
What is happening with GSA?
How GSA assists Federal Agencies
4
Cloud Services “Factory”
• Lower the cost of providing information technology (IT) services
• Improve the effectiveness of IT services
• Improve the speed of deployment of new technology
• Streamline acquisition responsiveness to agencies
• Provide a more environmentally efficient way of providing information technology services
Helping agencies to meet their mission
GSA believes there is significant value for our customers in having a portfolio of cloud computing services offering. These offerings have the potential to:
5
Cloud Acquisition Vehicles
6
Why use GSA’s IaaS Blanket Purchase Agreement (BPA)?
In accordance with FAR 8.405-3, a GSA Schedule BPA:
• Simplifies recurring acquisitions of products and services
• Provides an opportunity to negotiate further discounts
• Reduces administrative efforts
• Obtains best value by leveraging buying power
• Provides streamlined ordering procedures
• Allows for quicker turnarounds on orders
• Incorporates terms and conditions consistent with the underlying contract
Infrastructure-as-a Service (IaaS)
7
IaaS BPA Offerings
RFQ Required Cloud Computing Characteristics
Virtual Machines Server Hosting
• Online Web Based Storage
• Store Files & Data Objects
• Online VMs/ Computing
• Multiple CPU & OS
Types
• Online Server Hosting
• DNS and CDN
Capabilities
Data Storage
On-demand Self Service
Ability to unilaterally provision services without vendor review
Ubiquitous Network Access
Minimum 1Gb/s bandwidth, 2 DC’s, 2 different locations within CONUS
Location Independent Resource Pooling
Provisioning of practically: unlimited storage, comp capacity, memory
Rapid Elasticity
Provision on demand near real-time request
Measured Service
Visibility into service usage via dashboard or similar means
Three (3) Lots offered by one of the 12 IaaS BPA Vendors
8
IaaS Awards to date
Eight (8) Awards to Date:
• DHS Awards CGI Federal, 3 year, $1.8M - Lot 3 - Web Hosting
• DOL Awards CGI Federal, 5 year, $6M - Lots 2 & 3 – Virtual Machines & Web Hosting
• GSA OCSIT Awards CGI Federal, 5 year, $21M - Lot 3 - Web Hosting
• NEH Awards Autonomic Resources, 5 year, $250k - Lot 2 - Virtual Machines
• NARA Awards CGI Federal, 1 year, $80K - Lot 3 - Web Hosting
• EPA Awards CGI Federal, 3 year, $15M - Lots 2 & 3 – Virtual Machines & Web Hosting
• FTC Awards CGI Federal, 1 year, $231K – Lot 3 – Web Hosting
• U.S. Fish & Wildlife Service (USFWS), Wildlife and Sport Fish Restoration Program (WSFR) Awards Apptis (URS), 1 year, $482K - Lot 1 - Storage
_______________________________________________________ Awarded $44.6Million out of $76M Estimated IaaS BPA value
9
10
• On August 29, 2012 GSA ITS awarded 21 Blanket Purchase Agreements for E-mail as a Service (EaaS) available to Federal, State and Local government agencies. The period of performance is 5 years: a base period of 2 years with 3 one year options. The estimated value of the BPA is $2.5 billion.
• This is the first governmentwide acquisition vehicle dedicated to Cloud Email services and the migration services which are necessary to help agencies move these services to the Cloud.
Email-as-a Service (EaaS) BPA
Service Offerings
• E-mail as a Service
• Office Automation
• Electronic Records Management
• Migration Services
• Integration Services
5 Service Offerings
4 Delivery Models
Deployment Models
• Government Community Cloud
• Private Cloud
• Secret Enclave Cloud
• Public Cloud
EaaS Procurement Structure
11
12
– Reduced Cost:
Lower total cost of ownership
Estimated to provide $1 million in annual savings for every
7,500 users – based on GSA’s experience of migrating 17,000
email accounts to Google’s public cloud solution. GSA expects to
save $15.2M over 5 years or 50% from previous email service
– Scalable: Rapidly add or reduce mailbox counts based upon
mission needs without over purchasing capacity
– Get Off the Upgrade Treadmill: Cloud Providers perform
upgrades without added expense or lengthy deployments
– Complexity Avoidance: EaaS delivered to a browser or mobile
device while provider manages the infrastructure
– Operational, not capital, spending
Email-as-a Service (EaaS) BPA
IT Security
13
14
FISMA and the Cloud - Introduction
• FISMA is statuary; Agencies must follow NIST guidelines when using
commercial cloud services
• To assist Federal adoption of Cloud Services, GSA:
• Launched a Cloud Computing Security Working Group to develop a
consistent baseline for moderate services based on NIST 800-53
• Awarded Blanket Purchase Agreements (BPA) for Infrastructure-as-a-
Service (IaaS) in October 2011
• Since FedRAMP had not launched, GSA undertook the Assessment
and Authorization of IaaS services
• GSA has granted an Authority-To-Operate to six (6) providers of eight
different services
GSA launches CC Security
Working Group
Feb. 2010
GSA awards BPAs to 12
IaaS providers
Oct. 2010
GSA grants first of 8 ATOs to 6 providers
Aug. 2011
FedRAMP launches Initial
Operating Capability
Jun. 2012
First agency (DHS)
leverages IaaS ATO
Sep. 2011
15
FISMA and the Cloud - Continued
0 100 200 300 400
GSA Controls
FedRamp Controls
NIST Controls
314
297
252
GSA Controls
FedRamp Controls
NIST Controls
Comparison of GSA ATO, FedRAMP and NIST Baseline Security Controls
• GSA ATO and FedRAMP
contain controls and
enhancements above the
NIST baseline for Low and
Moderate impact systems that
address the unique elements
of cloud computing.
• Authorizations achieved
through GSA ATO and
FedRAMP are based on NIST
guidance and Special
Publications (800 series)
Cloud Broker Concept
16
Cloud Brokerage Concept
Goals – Standardize cloud service
offerings – Promote interoperability
and portability – Move towards pay-per-use – Standards monitoring – Higher Flexibility
• Onboarding of new providers
• Dynamic services
17
Vision Federal agencies achieve speed and cost savings in procuring a range of cloud services to accelerate government-wide cloud adoption through a GSA administered cloud service brokerage
Features – Drive lower prices
• Enhanced competition • Demand aggregation
– Consistent processes – Standardized terms and
conditions • Service Level Agreements • Security
– Support range of acquisition types from utility (commodity) to bespoke (customized)
Cloud Brokerage Concept
18
Cloud Brokerage Concept Development - FY12
FY12Q2
Brainstorming Group Scopes Need
Group Develops RFI
RFI Open for Response
Industry Day
Write and Publish RFI for Industry Response
Achievements to Date GSA assembled early adopters meetings with representation from:
DHS, HHS, DOL, DOJ, NASA, DOD, GSA (including OCSIT, AAS, ITS) Published Request for Information (RFI) on July 17, 2012; available
on www.fbo.gov (use link or search for “cloud broker” at GSA) Hosted Industry Day on August 2, 2012 with over 150 attendees By response deadline of September 21, 2012, GSA received close to
80 responses and over 1500 pages of materials
FY12Q3 FY12Q4 FY13Q1
GSA Analyzing Responses
Early Adopters Drivers
19
Increasingly Complex Supply
Base (CSPs)
Increasingly Complex Demand Base (Agencies)
Security Requirements (e.g. FedRAMP, agency)
OMB Directives (FDCCI, Shared Services, Cloud
First, etc.)
Cloud Acquisition Sprawl
Need for Standards Across
Gov. Cloud Services
Business Drivers
Potential Benefits Faster Provisioning
Long Lead Times for Cloud Procurement
Continuously Evolving Vendor
Technology
Duplication of Cloud Acquisition across Agencies
Shrinking Budgets
Ecosystem of Partners – One Location to Find Customized Services
Reduction of Duplication of Cloud Procurement Efforts
Increased Competition Among Vendors
Federated Security Governance & Policy Mgmt. Neutrality of Broker
Central Point of Governance SLA Management Shared Procurement Services
Adding Value to Services Enhanced Security Consistency of Quality of Services
Increased Transparency Aggregated Services Facilitated Transactions
Reducing Complexity for Agencies Maximizing Federal Purchasing Power of Cloud Solutions Across Agencies
Questions?
Appendix
21
Digital government strategy GSA’s Role
22
23
Digital government strategy GSA’s Role
Released in May 2012 - Digital Government Strategy guides Federal Government to deliver digital information and services at any time.
Strategy Objectives • Enable access to high-quality digital government information and
services anywhere, anytime, on any device.
• Ensure government procures and manages devices, applications, and data in smart, secure and affordable ways.
• Unlock the power of government data to spur innovation across our Nation and improve the quality of services for the American people.
Building a 21st Century Platform to Better Serve the American People
24
Digital government strategy GSA’s Role
GSA Milestones
• Digital Service Innovation Center – a proving ground for leveraging technology in Government to serve the American people
• Wireless Federal Strategic Sourcing Initiative (FSSI) – Reduce costs and time associated with acquiring commodity wireless services
• Managed Mobility – Bring Government use of wireless technologies to leading edge while meeting Federal security standards
• Data.gov - Provide a catalog of machine consumable services facilitating the big data needs of a worldwide audience
• Dot Gov Guidance - Ensure all new digital services meet improvement guidelines and provide support to agencies
25
Digital government strategy GSA’s Role
Center for Excellence in Digital Government
Under the Office of Citizen Services & Innovative Technologies (OSCIT) the Center provides government-wide support and solutions that help agencies deliver excellent customer service to the public via web, social media, mobile, phone, email, print and newly evolving media
• DigitalGov University
• HowTo.gov
• Federal Web Managers Council
• Innovation Challenges and Prizes to Promote Open Government
• Citizen Engagement Platform
26
Digital government strategy GSA’s Role
Reference only: Milestones as posted in the Digital Government Strategy
# Milestone 1 3 6 12
2.3 Expand Data.gov to include a web API catalog that centrally
aggregates web APIs posted on agencies’/developer pages. •
3.1 Establish a Digital Services Innovation Center to improve the
government’s delivery of digital services. •
5.1 Establish government-wide contract vehicle for mobile devices
and wireless service. •
5.5 Set up a government-wide mobile device management platform. •
6.2
Update the dot.gov domain guidance and procedures to help
ensure all new digital services meet improvement guidelines and
provide support to agencies. •
What is Managed Mobility?
Managed Mobility is a Broad Solution Concept that Addresses:
• Securing Mobile Devices that have Increasing Access to Core Agency Data and Applications
• Multi-OS Device Management
• Managing the Growth of Mobile Applications
• Centralized Reporting
• Policy Implementation and Management (i.e. BYOD, personal use, etc)
Managed Mobility enables wireless assets to become a fully integrated component of the IT enterprise across the entire continuum from acquisition to disposal and disposition.
The Wireless FSSI is a cross government initiative sponsored by the Office of Management and Budget (OMB) and the Strategic Sourcing Working Group (SSWG).
Mobility Program
Wireless FSSI Managed Mobility
27
Mobility Management Across the Federal Government
• The need and challenges are recognized across many agencies. Varying levels of development are underway.
• Federal CIO VanRoekel tasked GSA in his May 24th Digital Government Strategy Release with developing an initial Mobility Management platform based on cross-government needs
• The Managed Mobility Program will be a sister program to the Wireless FSSI and address the increased management needs identified in the Wireless FSSI
28
What is Status ?
Managed Mobility Program Goals and Objectives
Strategic Goals for Managed Mobility
Comprehensive Mobile Security Management
Acquisition and Operational Cost Savings
Provide Foundation for Mobile Application Development, Management and Deployment
Enable Comprehensive Mobile Policy and Operational Management
CIOs and CTOs
Agency and Mission Directors
External Stakeholders
(e.g., Citizens, Congress, OMB)
Users and Customers
• Security: Implement and mange
• Application Deployment and Management
• Policy Management
• Cost Control • Access to
applications and data
• Right tool for the right job
• Access to applications and data
• Ability to meet evolving mission requirements
• Ability to adopt technology • Control cost and deliver
increased value to all stakeholders
• Compliance and Management: Ability to develop and implement policy
29
Modular Contracting
30
Modular Contracting
• What is Modular Contracting?
– Use one or more contracts to acquire Information Technology in successive, interoperable increments (FAR subpart 39.002)
– Used as an acquisition method to mitigate and reduce risk associated with acquiring Information Technology
31
• Benefits:
– Smaller acquisitions provide flexibility by using technology on incremental basis
– Avoids spending substantial funds on outdated solutions
– Offers additional opportunities to small businesses
• GSA’s Role:
– GWACs and Federal Supply Schedules support modular contracting through Task Orders
• Resources: OMB’s “Contracting Guidance to Support Modular Development” ; GSA’s Technology Programs