For decades, the federal government’s had a policy of buying commercial products wherever possible. Over time, government demand can affect the capabilities of commercial products just as surely as can regulation.
Mainly this is because federal appetites are too large to ignore. The government employs more than 4 million civilian and uniformed people and spends close to $100 billion a year in information technology. Actually substantially more, but I don’t know how much the intelligence community spends.
But government requirements are not only large. They’re also exacting.
The government, which is a little late to use cloud computing, is nevertheless driving the way commercial providers are engineering their clouds. That’s according to an executive of one of the biggest cloud providers. Cloud design, he said, is to a large extent driven by federal scale and security requirements. He said if a cloud provider can meet federal requirements — and especially military and intelligence — it can meet anybody’s.
True clouds are more than data centers at the end of a wire. The giant players design their own hardware, string their own fiber, even lay their own undersea cables. Their server utilization can be so efficient that with merely standard cooling systems the servers might burst into flames. They’ve developed ways to create and move workloads far beyond what the average corporate data center operator can do. They have staffs devoted to land acquisition, architecture and construction.
Still, federal security requirements have forced cloud providers to offer a stack of services they might not otherwise have. FedRAMP — the government’s certification program — encompasses some 400 controls.
Agencies regularly find themselves choosing among three options. They can have applications or facilities custom developed. They can buy a commercial product and heavily adapt it. Or they can adapt themselves to commercial products.
I think cloud provides an example of how the government can influence a product of which it is a major buyer without the expense of custom designs. And without driving off suppliers who don’t want the hassle of specialized government specs.
One reseller executive told me recently about what happened when a major agency went to Apple and asked about specialized capabilities for the iPhone. The Apple people practically laughed him out of the room. The agency’s requirements would represent about a day’s worth of iPhone sales. The company couldn’t be bothered. Not a perfect analogy, because Apple long ago gave up any pretense of being an enterprise IT supplier.
Requirements drive the cost and complexity of acquisitions. Too vague and bidders bring what they thought they heard. Too detailed and picky, and bidders salivate at the prices. Poorly thought out and change orders drown the project. The two-phase approach seems to work best. Phase 1 is where the government discovers what’s out there with calls for white papers and industry days. Phase 2 is RFPs that have some semblance to real world capabilities without ignoring government’s sometimes unique needs.
In the case of cloud, the government mainly adapted itself to commercial products, but ended up influencing them to the benefit of both sides.