GSA White Paper: Best Practices for Effective Cloud Computing Services Procurement within the Federal Government
This paper provides public sector organizations guidance on addressing common challenges with cloud computing services procurement and will reflect alignment with the Federal Government’s “Cloud First” policy per the Federal Cloud Computing Strategy. Guidance presented in this document is not intended to be prescriptive but to serve as supplemental, as use cases can be quite diverse in regards to purchasing cloud services. For the purpose of illustration this white paper considers a notional cloud acquisition lifecycle approach that reflects common acquisition practice.
Lessons learned from an introductory small but end-to-end implementation or pilot have been cited repeatedly by agencies such as NASA for their usefulness. For example, system integration challenges and legal, security and regulatory compliance issues are important and might be reasonably anticipated; however, for an enterprise level program there are often cultural impacts relating to how cloud services will be consumed. Thus, lessons learned following an iterative cloud adoption approach can help shape a successful program.
While what constitutes a “cloud service” is subject for debate, especially among industry providers, the Federal government generally adopts the cloud computing definition provided by NIST in SP 800-145. The essential characteristics in this definition are:
- On-demand self-service
- Broad network access
- Resource pooling
- Rapid elasticity
- Measured service
To ensure the benefits of cloud computing are fully realized and to protect against vendor “cloud-washing” (i.e., overstating the application of cloud services) it is recommended that prospective buyers seek to ensure cloud services meet these five essential characteristics as defined. Typically, this is achieved by evaluating potential services for adherence to these characteristics in the resulting solicitation.
Proactive planning with all necessary organization stakeholders, including chief information officers (CIO), general counsels, privacy officers, records managers, e-discovery counsels, Freedom of Information Act (FOIA) officers, and of course procurement staff, will be essential when planning, evaluating and procuring cloud computing services. Planning and executing this stakeholder engagement will be very helpful throughout the procurement process.
Download the paper now!