DOD defends its decision to move to commercial cloud with a single award

Air Force Senior Airman Isiah Chaney, right, and Airman 1st Class Reginald Maffett install a switch panel at Bagram Airfield, Afghanistan, July 29, 2016. (Air Force photo by Senior Airman Justyn M. Freeman)


Written by

Despite industry concern that a single-award acquisition could inhibit the Defense Department’s massive migration to the commercial cloud, the Pentagon maintains that the smartest move is to eventually have one contract for a departmentwide cloud environment.

After months of developing a commercial-cloud acquisition strategy for what’s known as the Joint Enterprise Defense Infrastructure, DOD officials at an industry day revealed the draft solicitation Wednesday as a 10-year single award, indefinite delivery, indefinite quantity contract with full-and-open competition.

The Pentagon’s stance is that multiple awards would make the project too complex and too risky.

“The government made a decision that its best interest is for this to be a single award, IDIQ contract,” Sharon Woods, general counsel for the Defense Digital Service, the team that led development of the acquisition strategy, told reporters late Wednesday afternoon. “What that means is the government will put out its requirements in a solicitation and a team can formulate itself however it wants to, but ultimately a proposal is put forth, the government will do a source selection and award a single contract to whatever proposal team wins that contract.”

Industry irked by single award

The single award is by far the most contentious aspect of the contract, and it has been since word got out early that the Pentagon might use the approach for what will be a multibillion-dollar contract that spans a decade.

Many vendors expressed their dismay for what they say is the wrong way to approach the monstrous acquisition, particularly as DOD officials stress the need for “commercial parity” — the avoidance of vendor lock-in and the ability to stay current with commercial innovation.

“The Pentagon would never limit the Air Force to flying only cargo planes for every mission. Locking the entire U.S. military into a single, restrictive cloud environment would be equally flawed,” Sam Gordy, general manager of IBM U.S. Federal, said in a statement.

Donald Robinson, CTO for CSRA’s Defense Group, said a single award would “unnecessarily limit options and innovation.”

“Most cloud-savvy Fortune 500 companies manage the seams between cloud providers quite well,” Robinson said. “I think the DoD, as really a Fortune 0 entity, should reconsider its ability to manage multiple cloud providers.”

In a statement, Microsoft expressed disappointment in the decision. “We believe the best approach is one that leverages the innovations of multiple cloud service providers. Therefore, we are disappointed to learn today that DoD, in its draft cloud RFP, is pursuing a single cloud solution.”

DOD wants to escape multi-cloud complexity, insecurity

But when asked how the department still justifies a single award in light of such criticism, Tim Van Name, deputy director of DDS, told reporters more than one award would increase complexity in an already overly complex environment.

“The department is framing the solicitation in a way to best meet the department’s requirements,” Van Name said. “The lack of standardization and interoperability today creates pretty significant barriers to accessing our data where and when it is needed, especially at the tactical edge on the battlefield. The decentralized management and our inability to automate provisioning and configuration overburdens our teams. And we believe that multiple award cloud would exponentially increase the overall complexity.”

As it stands now, the Defense Department in its entirety — including component agencies and military services — has more than 500 existing cloud initiatives, an environment that is detrimental to security and data flow. And DOD officials expect JEDI to serve as a departure from that — though in the meantime, the department says it intends to continue the “good work” being done on existing cloud contracts, like milCloud 2.0.

“Systems in different clouds, even when designed to work together, would require complex integration, which raises the bar for the development, testing and ongoing maintenance,” Van Name said. “The department would have to manage the seams between the various cloud-hosted applications and deal with the challenges associated with accessing data in multiple cloud environments.

Van Name said those seams — the same ones CSRA’s Robinson said aren’t major detriments to large private corporations —introduce “considerable security risk.”

“That’s really tough to manage. As data moves from one environment to the other…managing those seams is challenging.” On day one of JEDI’s launch, he said, “the department will see significant security benefits that dramatically improve our overall posture, and we’ll benefit from the ability to manage that centrally.”

“As you think about moving toward a single provider, for the JEDI cloud, we will bring the department’s considerable technical talents and resources into maximally protecting our data and applications,” he told reporters. But in a multi-cloud environment, “you then are taking the department’s resources and our technical security talent and putting them in a bunch of different places, rather than where the majority of where our data will reside.”

For those technical reasons, he said, “we’re confident that the single award strategy is the best approach for the department. But I want to reiterate very specifically that this a full-and-open competition, so it’s about the best proposal.”

That still leaves open questions of how the contract provides DOD flexibility in adopting the latest market technologies while preventing the department from locking itself in to a 10-year contract with a cloud service provider whose solution may or may not be cutting-edge later in the deal.

The DOD insists that there are vendors capable of filling the contract. Many point to Amazon Web Services as one possible option, given that it has a similar contract with the U.S. intelligence community. Some, in fact, question whether the contract has been tailored for an easy AWS win, or for some other large cloud provider with ample government experience. But Van Name countered that allegation, saying DOD has “no favorite” and will pick the best solution to fit its needs.

In a statement to FedScoop, rather than levying criticism like other cloud providers, AWS showed support for DOD’s decision. “As we have always said, an open and competitive bidding process allows for the customer to thoroughly analyze the various providers and select the solutions that best meet their needs,” a spokesperson said.

As another way to help combat such worries, Woods also emphasized the department’s desire for a solution that features portability and regularly demonstrates that capability.

“There are a number of clauses and requirements that we put in place to guard against the kind of situation [of vendor lock in],” she said. “One of the things the vendor will have to do on a regular basis is prove to us that we can very easily migrate an application in the JEDI cloud environment to another environment, and not only prove that to us on a regular basis, but actually write out the step-by-step plans that any user would be able to execute against that plan.”

DOD is the first to admit that it is far from the commercial cloud expert and that it must depend on industry to develop the best capabilities. And as they emerge and “the commercial marketplace is competing and innovating, those are things that the contract itself will automatically ingest,” Woods told reporters.

Such an arrangement suggests the eventual awardee might serve as a systems integrator of sorts, plugging in the right pieces to the JEDI puzzle as DOD needs them. But department representatives wouldn’t comment on the specifics. “The department is not dictating how teams formulate, but ultimately it’s going to be a contract going to one particular proposal,” Woods said.

“Industry in particular will really understand what [the contract’s evaluation] criteria mean and understand how to position themselves to be competitive in this environment,” she explained.

And if industry doesn’t understand or is concerned by the contract or parts of it, DOD welcomes all feedback on the draft solicitation until March 21.

Still, Van Name said, DOD did its homework and believes the contract has “been written to adequately capture the department’s requirements and needs that are in the interest of the department.”

-In this Story-

Cloud, DDS, Defense Digital Service, Department of Defense, DOD, JEDI, milCloud 2.0, Pentagon, Tim Van Name