Auditors question value for money in cloud contracts


Written by

The U.S. government might not be getting full value from the $2 billion it spends annually on cloud computing, according to a new audit from congressional investigators. 

The Government Accountability Office examined 21 cloud contracts from five agencies to see how many of them included the 10 key principles auditors identified as necessary in a so-called service-level agreement, or SLA. Just seven contracts included all 10, while 13 incorporated more than five, and one lacked an SLA altogether, GAO reported.

Agencies need an SLA when they buy new cloud services to ensure they get what they pay for, says the report. GAO recommends SLAs incorporate 10 key principles, including setting out roles and responsibilities, clear performance measures, security expectations, disaster recovery, and other issues. They also recommend that consequences be outlined for parties who fail to meet any of their obligations.

“Until these agencies develop SLA guidance and incorporate all key practices into their cloud computing contracts, they may be limited in their ability to measure the performance of the services, and, therefore, may not receive the services they require,” the report said.

The GAO reviewed contracts from the departments of Defense, Homeland Security, Health and Human Services, the Treasury, and Veteran Affairs. Both the DOD and HHS had no contracts that included all 10 of GAO’s best practices.

One contract in VA did not follow a single key practice. In response, the VA said “an SLA was not developed between the agency and cloud service provider,” according to the report.

“Overall, this is a good start towards ensuring that agencies have mechanisms in place to manage the contracts governing their cloud services,” the report said. “However, given the importance of SLAs to the management of these million-dollar service contracts, agencies can better protect their interests by incorporating the pertinent key practices into their contracts in order to ensure the delivery and effective implementation of services they contract for.”

Contact the reporter on this story via email: Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here:

-In this Story-

Congress, Government Accountability Office (GAO), Government IT News, Regulations & Oversight
TwitterFacebookLinkedInRedditGoogle Gmail