Savvy cloud suppliers can steal a march on the Federal Government’s intended cloud services panel procurement by examining the Statement of Requirement (Appendix B) and the proposed procurement templates (Appendix C) attached to the Department of Finance’s Cloud Procurement Discussion Paper as these are unlikely to undergo wholesale change as a result of the consultation.
The Australian Government Chief Technology Officer (CTO) and Procurement Coordinator, John Sheridan, has outlined the likely terms of a whole-of-government (WofG) cloud services panel (the panel) at the Technology in Government conference in Canberra on 5 August 2014. The establishment of the panel is in line with the Coalition Government’s eGovernment Policy and as recommended by the National Commission of Audit earlier this year
Sheridan indicated that Finance was using the expiry of its Data Centre-as-a-service multi-use list (DCaaS MUL) in October 2014 as the trigger for the transition to a more extensive cloud procurement panel arrangement.
Sheridan said Finance intends to take comments on the paper until 19 August and launch an Approach to the Market (ATM) within the remainder of the first quarter of the 2014-15, with the panel expected to be established in December 2014. The short window for consultation is likely due to the fact extensive agency and industry consultation on the nature of the panel has preceded the release of the paper.
Sheridan said the 35 supplier-strong DCaaS MUL was a great experiment, as it had been through seven refreshes to date. However, he said, "running that sort of system chews up staff", and this appears to have been a key consideration in the proposed intention to create a panel instead of a multi-use list.
The DCaaS MUL, established in October 2012 to provide agencies with a way to procure cloud and cloud-like services under $80,000 for terms of less than 12 months, resulted in over 35 contracts being signed at a total value in excess of $1.4 million, according to the paper, which also states that agency feedback was that the take-up of cloud services could have been higher if the DCaaS MUL did not have these specified limitations of contract duration and value.
Sheridan said at the conference that it was impossible to build cloud infrastructure internally due to the cost of building separate data centres that would need to operate for 20 years, with significant updates every five years.
While procurement panels generally do not allow for new suppliers to be added to the panel once established, the proposed new WofG panel will allow for periodic refreshes. Suppliers will have the opportunity to join the panel at intervals, somewhere between 12 and 18 months.
Suppliers will also be able to update their services, with the approval of Finance. “This will provide flexibility to capture new services available in the market and also increase competition. Providing multiple opportunities for suppliers to join the Panel will allow new industry participants to access government business,” the Paper states.
Sheridan said at the conference that the panel will be refreshed every year except for the first year. In other words, suppliers who are accepted at the commencement of the Panel will enter into contracts for a term of two years, with four one-year extension options. The paper indicates that irrespective of when a supplier joins the panel, their resultant panel contract will be drafted such that its end date harmonises with the end date of the panel.
According to the paper, the use of the WofG Panel will not be mandatory for three reasons:
- “The maturity of the market is insufficient to treat cloud services as a commodity;
- The Government has not directed this procurement to be undertaken as a coordinated procurement; and
- The primary objective of this Panel is not to generate savings but to encourage and support Agencies in considering cloud options and in moving to the cloud”.
Seeking to provide standardisation of definitions and offerings, the paper indicates that the services sought will be those as defined by the National Institute for Standards and Technology (NIST).
The panel will potentially include Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). The initial ATM will include nine sub-categories including CRM, ERP, ITSM, Productivity solutions under the SaaS category; Application deployment and web hosting under the PaaS category and Compute and Storage under the IaaS category.
Finance will add more categories through the iterative refreshes of the Panel as demand changes over time.
Out of scope will be “services which do not meet the NIST definition of ‘cloud’” as will be “any services or products provided by existing whole of government coordinated procurement arrangements”.
Proposed mandatory requirements as listed in the Statement of Requirement include:
- On-demand self-service;
- Broad network access;
- Resource pooling;
- Rapid elasticity; and
- Measured service.
Finance is proposing that the administrative costs of managing the panel be re-couped, stating that it runs many of its panels on a cost-recovery basis. The paper postulates a number of funding options but the preferred model is a $250 application fee for every service category that suppliers apply for.
Under the proposed procurement model, suppliers will be able to apply for insurance under a just-in-time arrangement, so as to “support a level playing field for small, medium, or newly established companies”.
The announcement of the Panel’s proposed procurement model comes after Federal Communications Minister, Malcolm Turnbull, last week indicated that the government will seek to dismantle barriers to the adoption of cloud—among which the double sign-off policy on offshore cloud hosting has attracted significant criticism.
The current Australian Government Policy and risk management guidelines for the processing and storage of Australian Government information in outsourced or offshore ICT arrangements requires that agencies looking to store personal or private information in outsourced or offshore cloud facilities are now required to gain authorisation from both the relevant portfolio minister and the Attorney-General.
The complexity of this cloud policy drew criticism in the Coalition Government’s eGovernment Policy, which noted that the “process required to demonstrate a business case and obtain approval, coupled with the onerous legal and security hurdles, have led many observers to interpret the existing rules as a decision to largely avoid the cloud.”
This criticism recurred early this year in a Microsoft submission to the Department of Communication’s consultation on deregulation in the communications sector, where the submission cited the double sign-off policy as a “procedural barrier” and “an additional hurdle for agencies’ consideration of cloud computing services”.
Earlier this year, the National Commission of Audit recommended that Government agencies increase their adoption of cloud by implementing a mandatory, ‘cloud-first’ policy, and by establishing a whole-of-government cloud computing provider panel.
The Government’s current National Strategy for Cloud Computing states that Government agencies must consider using cloud services as part of any new procurement, and that agencies must opt for cloud where it represents the best value for money and has an adequate management of risk.