GSA's next cloud offering: e-mail-as-a-service

Tuesday - 10/26/2010, 7:21am EDT

WFED's Jason Miller

Click below to hear the interview

Download mp3

By Jason Miller
Executive Editor
Federal News Radio

WILLIAMSBURG, Va. - On the heels of awarding 11 vendors a spot on the infrastructure-as-a-Service governmentwide blanket purchase agreement, the General Services Administration is teeing up at least two other cloud offerings.

GSA issued a notice on FedBizOpps.gov Friday for e-mail-as-a-service under the software-as-a-service platform.

Under the notice, GSA expects to issue a request for proposals by March 2011.

GSA will issue a request for information to develop another BPA, said Katie Lewin, director of the Cloud Computing Program.

"We put out a request for information earlier this year with responses due last September," Lewin said during the 2010 Executive Leadership Conference sponsored by IAC and ACT. "We will hold an industry day Nov. 1 where we will push information out about what we are interested in to vendors. It's the next thing we are looking at. It's risky, but not high risk."

The notice states that GSA is looking for e-mail service, e-mail migration service and e-mail integration services.

GSA also is considering a platform-as-a-service offering. Lewin said the agency is working with the U.S. Geological Survey among others to create a geospatial information platform in the cloud.

"It is the natural candidate for cloud computing because you have massive amounts of geospatial data stored all over government," said Dave McClure, GSA's associate administrator for Citizen Services and Innovative Technologies. "If we can create a platform that would allow it to be stored securely and for common use, and leverage that across the entire government, I think we could some unbelievable cost savings in the geospatial areas."

Lewin said a RFP for geospatial could come out later in 2011.

While it prepares for another round of cloud RFPs, GSA and the departments of Homeland Security and Defense are preparing the draft FedRAMP specifications and requirements.

Vivek Kundra, the federal chief information officer, said the requirements document could be out as early as today for industry and agency comment.

FedRAMP is a voluntary governmentwide approach for agencies to submit cloud=based services to get certified and accredited (C&A) for cybersecurity once and trusted and used many times.

Agencies and vendors can find FedRAMP's documentation on FedBizopps.gov as well as the CIO Council Web site when it's released, Lewin said.

Kundra tried to clear up some confusion about whether winning vendors under the $76 million IaaS BPA will have to go through FedRAMP as well as the GSA C&A process.

"What GSA is doing as part of their certification process is trying to certify them to the 99th percentile," he said. "We know where we are at a high level. But we want to make sure we are working closely with industry in terms of making sure that everyone has vetted the security controls from an implementation perspective. The way it's going to be done is the certification GSA is going do is going to be mirroring the path around FedRAMP."

He said when the FedRAMP process is finalized, it can validate those controls.

McClure added that FedRAMP and IaaS were on similar guide paths and GSA hoped to get the two finished at the same time. He said because that didn't happen, GSA has to go forward with its own C&A process.

"Our GSA C&A process is pretty much patterned after the FedRAMP process. We have been heavily involved in designing it so we know what the additional controls are," he said. "IaaS vendors could wait for the FedRAMP process, but I don't think many of them will want to wait to get their products on the market."

McClure said FedRAMP could be finalized by early 2011.

He added that agencies could leverage GSA's C&A process.

"It is usually a culture or trust issue about whether the C&A is done to another agency's satisfaction," McClure said. "We do see a lot of duplication in terms of agencies performing the exact same test because they just want to do it themselves."

Vendors say it cost about $100,000 to do a C&A for a moderate level system.

Eventually, all of these offerings will go on the Apps.gov portal.

Kundra said the Office of Management and Budget's strategy has always been to build Apps.gov up slowly.

"The high value services were not on Apps.gov to this point," he said. "What is beginning to happen is the pieces are coming together. That was part of our design all along that our cloud strategy was to leverage consumer cloud, government owned and operated cloud and regional clouds with state and local governments. Now you are see that second level of services that are high value like infrastructure services that are being added on to Apps.gov. I think as more value is added on, agencies will be able to award that platform."

Kundra said he believes Apps.gov has been successful even without the high value services as agencies have downloaded many free tools such as IdeaScale.

(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)