Maintaining cloud flexibility: Where is the Department of Defense headed?

This column was originally published on Roger Waldron’s blog at The Coalition for Government Procurement and was republished here with permission from the author.

Recently, the Coalition for Government Procurement observed the Department of Defense’s release of a request for information seeking input regarding how to best acquire an enterprise-wide cloud services architecture to support the needs of DoD both domestically and internationally.

The RFI raises serious concerns about the potential negative government market impact of the single provider approach that the RFI appears to promote, especially recognizing that DoD’s diverse mission requirements and need for innovation suggest that it would be better served by multiple cloud services providers. As the Coalition noted in response to the RFI:

A multiple award IDIQ approach that offers diversified solutions from the commercial market will facilitate a culture of experimentation, adoption, and risk-taking and increase the speed of technology development and procurement, as envisioned by the recent cloud acceleration memorandum by Deputy Secretary of Defense Patrick Shanahan. In contrast, a single award DoD Enterprise Cloud Acquisition contract would lock-in DoD to a single approach, and, by so doing, give rise to performance and national security risks.

A recent posting of an Air Force Justification and Approval (J&A) for Other than Full and Open Competition in the acquisition of web services validates the growing concern regarding cloud lock-in based a single solution strategy. The sole source J&A in question is for Smartronix Amazon Web Services (AWS) to support Air Force development and test initiatives. As an operational example of the potential for cloud vendor lock-in, the J&A raises serious policy, management, and strategic concerns.

Advertisement

The J&A cites the “sole-source” exception to competition in 10 USC 2304(c)(1) (the property or services are available from only one responsible source) as the basis for awarding a sole source contract for one base year and two option years. Because the sought solution must mirror the existing hardware architecture to assure independent quality test and evaluation, the J&A states that, “the continued use of AWS Cloud Solution is essential to the Government’s requirements.”

At the same time, however, it states that, “Failure to be functionally identical (operating system/hardware/network/COTS software) with the production framework will prevent” completion of the mission. [Emphasis added.]

In addition, according to the J&A, the activity could not be reconstituted with another vendor; award to another vendor would be costly and time-consuming; and “the current cloud space will expire in approximately two (2) weeks, on 15 Nov 2017.”

The J&A is lacking in detail, if not internally inconsistent. For instance, the J&A does not explain how the need for a “functionally identical” solution translates into a solution from only one source. The J&A appears to be justifying that the requirement can only be met by a single source based on the view that a full and open competition award and performance would be costly and take time. This approach is akin to pre-selecting the winner before ever competing for the requirement. How does the Air Force know without actually conducting the competition?

Moreover, the notion that the sole-source action here is justified based on the imminent expiration of the current cloud space flies in the face of settled procurement practice. Noncompetitive procedures cannot be justified based on the lack of advanced planning. 10 USC 2304(f)(4). The Air Force still must make an effort to promote competition, say through a sole-source bridge to a competitive procurement, and, in this regard, it is not apparent how a contract for one base year and two option years constitutes such a bridge.

In addition, virtually all the arguments raised in support of this sole-source award demonstrate the risk to the government of cloud vendor lock-in. Indeed, the J&A states that the agency, “…invested in the initial architect [sic] of AWS Cloud[,] and because of this investment[,] we are limited to AWS Cloud products when expanding and technically refreshing the environment.”

At a minimum, the apparently limited flexibility of the agency, even at this early stage of adoption, suggests that, in the context of national defense, the issue of cloud vendor lock-in is ripe for review.

Finally, the J&A states that, “[t]he AWS Cloud Solution is a DoD priority as per the Secretary of Defense Memorandum date 13 Sep 2017… Air Force IT personnel are being trained on this solution.”

It is unclear on what basis one commercial solution was selected as a priority for a whole service, let alone the entire DoD. Notwithstanding that decision and what led up to it, however, as mentioned in the Coalition’s earlier blog, it is not apparent how the long-term interests of defense, like maintenance of the nation’s technological edge, are being served with a single vendor solution. History is replete with examples of how the absence of a vibrant, competitive market stifles performance and innovation.

DoD’s actions of late are raising more questions than they are answering, leaving stakeholders to wonder where the Department of Defense is headed with cloud. As policy-makers address these and other issues, the Coalition stands ready to work with the department and all stakeholders towards a flexible, open, innovative, and transparent cloud procurement approach that facilitates innovation and access to best-value solutions from across the commercial market.


Roger Waldron is the president of the Coalition for Government Procurement, and host of Off the Shelf on Federal News Radio.