Industry concerned about Pentagon plan to 'lock in' one cloud services provider

By Justin Doubleday / December 6, 2017

Industry groups are sounding the alarm over the Pentagon's plan to select one cloud services provider for the entire Defense Department, arguing the strategy could lead to a costly and limiting situation of "cloud lock-in."

In recommendations sent to DOD in November, four groups representing defense and commercial companies urged the Pentagon's cloud executive steering group to consider using multiple providers for cloud services. The groups were responding to an Oct. 30 request for information posted by the steering group.

Deputy Defense Secretary Pat Shanahan established the cloud executive steering group in September to accelerate DOD's adoption of commercial cloud services capable of supporting unclassified, secret and top-secret information. He tasked Chris Lynch, director of the Defense Digital Service, with leading the development of an acquisition strategy.

The steering group developed a strategy termed the "Joint Enterprise Defense Infrastructure." According to a Nov. 6 information paper on JEDI obtained by Inside Defense, the acquisition strategy involves awarding an indefinite-delivery, indefinite-quantity contract to a single cloud services provider "using full and open competitive procedures." The contract would have up to a 10-year ordering period, according to the paper.

The objectives of JEDI include acquiring "a worldwide, highly available, exponentially elastic, secure, resilient cloud computing and storage environment that seamlessly extends from the homefront to the tactical edge," the paper states.

DOD plans to release a draft solicitation and host an industry day in the second quarter of fiscal year 2018, with the JEDI contract award planned for the fourth quarter of FY-18, according to the information paper. The Pentagon would begin migrating select projects to the contract in the first quarter of FY-19, but it would eventually be available to all DOD organizations.

A Pentagon spokesman told Inside Defense the steering group is in the "analysis and review process," and it's too early to discuss the acquisition strategy.

But Pentagon acquisition chief Ellen Lord, chair of the cloud executive steering group, has signaled DOD is prepared to set aside its other cloud contracts to move the department to one service provider.

"We right now have a number of different clouds, but we are no kidding right now writing the contracts to get everything moved to one cloud to begin with and then go from there," Lord said Dec. 2 during the Reagan National Defense Forum in Simi Valley, CA. She said the approach is a "fundamental shift" that will allow DOD to take advantage of big data analytics and artificial intelligence.

But industry groups, including the Coalition for Government Procurement, say the single-provider strategy is flawed.

"Specifically, the coalition is concerned that the RFI appears to be directed towards a single provider result," Roger Waldron, the coalition's president, wrote in a Nov. 17 letter to the steering group. His letter warns a single cloud approach would "give rise to performance and national security risks."

Waldron said he wants to see a "level playing field" for all companies offering cloud services and believes DOD should consider a multiple-award IDIQ approach. Otherwise, the department may limit future competition and miss out on new technology, he argues.

"Ten years ago we barely had iPhones, iPads didn't exist -- technology changes rapidly," Waldron said in an interview. "I think it's important over the long term to be thinking about competition and maintaining sources across the board. Locking into one vendor limits competition, especially for that long a contract."

The Professional Services Council is also urging the steering group to avoid "vendor lock-in" as part of its Nov. 17 response to the RFI. The IT Alliance for Public Sector (ITAPS), meanwhile, is worried the steering group will cancel all other DOD cloud efforts in pursuit of a single provider.

"We are concerned with reports regarding a single-award cloud contract for the [department], as well as possibly canceling all awarded DOD cloud contracts, leaving the department with only one cloud solution," ITAPS senior vice president Trey Hodgkins wrote in a Nov. 17 letter to the steering group.

In June, the Defense Information Systems Agency awarded CSRA a contract worth up to $498 million for milCloud 2.0 commercial cloud services. DOD services and agencies will be able to begin accessing milCloud 2.0 starting in January, DISA officials said at a recent forecast to industry. Furthermore, several other DOD organizations and agencies have awarded individual cloud contracts in recent years.

Considering "the significant investment and effort that has gone into existing cloud contracts already in place across a wide variety of DOD agencies," ITAPS argues the Pentagon should pursue a strategy using multiple cloud providers.

Military services and defense agencies spent just over $1 billion on cloud efforts in FY-17, with plans to increase cloud-related spending to over $1.5 billion in FY-18, according to an analysis of spending estimates released in October by market intelligence firm Deltek. Conservative estimates show DOD spending $2.5 billion on cloud efforts by FY-22, according to Deltek.

Alexander Rossino, a Deltek analyst, said he hopes the steering group will take into account the investments DOD services and agencies have made to date in enterprise cloud services, pointing to efforts like milCloud 2.0, the Army Private Cloud Enterprise contract, the Navy's Next Generation Enterprise Network-Recompete and the Air Force's Cloud Hosted Enterprise Services program.

"My hope is the steering group will see that [another contract] is redundant and turn to contract vehicles that are in place or are in the process of being put in place," Rossino told Inside Defense.

Amazon in the mix?

John Weiler, managing director of the IT Acquisition Advisory Council, argued the steering group could be specifically tailoring the award to Amazon Web Services. He pointed to Air Force Material Command's recent justification for inking a follow-on award for AWS cloud services.

"The AWS cloud solution is a DOD priority as per the Secretary of Defense memorandum dated 13 Sep 2017," the Nov. 27 justification and approval document states, referencing Shanahan's Sept. 13 memo establishing the cloud executive steering group.

In a Dec. 5 statement to Inside Defense, DOD spokesman Navy Cmdr. Patrick Evans said the justification and approval document has been "withdrawn," although both the document and the corresponding award for AWS cloud services remain posted on the Federal Business Opportunities website.

"The CESG was not aware of the J&A until it was posted in error," Evans wrote when asked whether the solicitation is tailored to AWS. "The CESG is not planning this acquisition to be a sole source to any cloud service provider. . . . The CESG is still analyzing how many contracts will be awarded for cloud services."

AWS is a behemoth in the cloud marketplace, owning 34 percent of the cloud infrastructure services market share, according to market intelligence firm Synergy Research Group. AWS has also moved aggressively into the federal marketplace. In 2013, the CIA awarded Amazon Web Services a 10-year, $600 million contract to provide commercial cloud services to the entire intelligence community.

AWS offers GovCloud to government agencies that can't access the intelligence community's contract. GovCloud, an isolated data center region on the West Coast, provides security for sensitive government data. Earlier this year, Amazon announced plans to open a second GovCloud region on the East Coast in 2018.

AWS did not respond to requests for comment.

Waldron, from the Coalition for Government Procurement, said Air Force Materiel Command's justification and approval document presents an example of the "cloud lock-in" DOD should seek to avoid. The document states the command had to award the follow-on contract for AWS cloud services because of the time and cost it would take to get another company to "come up to speed and create its own cloud space" that meets the requirements.

"They justified going to the same contractor because of that expense that nobody else could do it efficiently and effectively," Waldron said. "It's the same logic, only you're exponentially increasing that kind of risk of locking into one particular solution over that long period of time."

DOD has traditionally avoided commercial off-the-shelf solutions for IT requirements, according to Weiler, leading to increased costs and little access to commercial innovation. "Now we are seeing the pendulum swing to the other extreme," he wrote in an email.

"The military operates in a highly classified structure where data and mission cannot afford to be compromised or shared," Weiler continued. "So here you're saying, 'I'm going to put all my eggs in a basket in a shared resource.' If you go talk to corporate America, they would never operate in that environment."

Weiler said the steering group should take advantage of significant investments already made to understand "failure and patterns of success" before deciding on an enterprise solution.

"Give the just awarded milCloud 2.0 a chance to hatch before throwing out the baby with the bathwater," he added.