Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
•Download as PPTX, PDF•
2 likes•425 views
In this session, we provide an overview of existing cloud-ready contracts, such as cooperative, federal, and state directed contracts, and walk through steps on how to choose the right one for your procurement. We compare various cloud-ready contracts by identifying scope, end-user eligibility, and primary service offerings to help you make the right choice for your mission needs. Learn More: https://aws.amazon.com/government-education/
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
Similar to Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
Get Started Today with Cloud-Ready Contracts | AWS Public Sector Summit 2017
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jane Lacy, Senior Capture Business Development Manager, Amazon Web Services June 21, 2016 Get Started Today with Cloud-Ready Contracts
- 2. Government Agencies and Educational Institutions Worldwide Use AWS 2
- 3. 3 What is the Cloud? Networking Storage Servers Virtualization Operating System Middleware Runtime Data Applications Infrastructure (as a Service) Networking Storage Servers Virtualization Data Applications Platform (as a Service) Operating System Middleware Runtime Networking Storage Servers Virtualization Software (as a Service) Operating System Middleware Runtime Data Applications Provider Responsible Consumer Responsible
- 4. 4 Why Move to the Cloud?
- 5. 5 1. Build a Cloud-Centric Procurement • Successful cloud adoption flows down from well-built procurement strategies and cloud-centric contract vehicles. • Getting procurement ‘right’, will lead to a portfolio of cloud technology and services that truly realizes the benefits cloud computing offers government agencies. • Central to the success of cloud procurement is making sure end users have access to the cloud services they need, when they need them. • Focus on how cloud computing can benefit agencies and end users, and work backwards from these benefits – avoiding needless obstacles that could hinder rapid access to the services users need. Cloud procurement should be purposively different from existing procurement
- 6. 6 2. Involve Key Stakeholders Early A successful cloud strategy involves all key stakeholders at an early stage • Senior executive of organization • Chief Information Officers (CIOs) • Program managers and Contracting Officer's Technical Representatives (COTRs) • Acquisition/procurement specialists • Directors of IT and mission-critical systems • IT professionals • Security professionals • Legal and policy experts • Finance and budget staff • Human Resources (HR) and staff development • Industry partners • Academia partners
- 7. 7 3. Ask the Right Questions You’ll only get what you ask for • You are not buying physical assets; therefore, you do not need to ask for many things you are used to asking for in a traditional data center RFP. • Recycling data center RFP questions will inevitably lead to data center answers, and may leave cloud vendors unable to bid. • Make sure you ask the right question to get the best cloud solution. • Cloud allows you to focus on application-level and performance-based requirements – there is no need to dictate specific methods, infrastructure, or hardware.
- 8. Gartner “Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,” Lydia Leong, Douglas Toombs, Bob Gill, May 18, 2015. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at http://aws.amazon.com/resources/analyst-reports/. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 3.1. Analyst Reports Use third-party analyst reports during Cloud Provider evaluations
- 9. 4. Separate Infrastructure from Services/Labor 9 + • Cloud IaaS/PaaS • Training • Support • Marketplace • Requirements Analysis • Strategy & Roadmap • Solution Design & Architecture • Application Development/Support • Tech Review & Audit • Implementation/Migration • Governance • Security • Billing & Account Management • Program Management • Service Desk Cloud Service Providers Resellers, System Integrators, Managed Services Public Sector Customers
- 10. 10 4.1. The Cloud Ecosystem
- 11. 5. Security Is a Shared Responsibility 11 Security expertise is a scarce resource; Cloud Providers oversee the big picture, letting your security team focus on a subset of overall security needs
- 12. 5.1. Architected for Government Requirements Cloud Providers should have certifications and accreditations for workloads that matter to public sector customers 12
- 13. 13 6. Utility Pricing Model Build an acquisition model for the on-demand, pay-as-you-go nature of cloud computing • Traditional IT pricing approaches can reduce or eliminate benefits of cloud. • Accept different vendor pricing models – do not create single pricing model. • Embrace on-demand, utility-like, OpEx model cloud pricing. • Understand cloud provider tiered pricing, and reserved pricing (such as AWS's Reserved & Spot Instances), to budget for estimated usage and reduce expenses.
- 14. 14 7. Tech Refresh/Innovation Pace of innovation and continuous service improvements are a major reason why more and more public sector customers are moving to the cloud
- 16. 16 9. Acquisition Regulations Cloud computing should be purchased as a commercial item and/or services • Broadly speaking, a commercial item is recognized as an item that is of a type that has been sold, leased, licensed, or otherwise offered for sale to the general public. • In order to maximize the benefits of cloud computing, commercial terms should govern the contract. • Successful cloud procurements recognize that Cloud Providers are not providing custom-built deliverables, and that the benefits of cloud stem from operating at a massive scale.
- 17. 17 10.Terms and Conditions Avoid recycling terms and conditions from traditional datacenter procurements - this may lead to decreased Cloud Provider competition and loss of cloud benefits • Physical Data Center Tours, Audits, and Access • Physical Separation of Data, Assets, and Infrastructure • Customization of Services to Interoperate with Legacy Systems • Mandatory Flow Down of Business Terms and Conditions not Required by Statute • Prescribed Data Center Personnel Background Checks • Prescribed Infrastructure and Machines • Fixed Service Terms and Pricing • Small Business Subcontracting Plan • Termination Assistance – Government can Terminate at any Time • Rights in Data – Government Owns and Controls all Their Data
- 18. 18 A Menu of Cloud Capabilities
- 19. 19 Single Line Item Structure Example from a U.S. Government Agency Task Order MINIMUM GUARANTEE AND MAXIMUM SPEND: Because it will be impossible for the [Govt customer] to determine exactly how much labor to be delivered by the reseller, and what volume of a specific Cloud Service Provider’s resources will be consumed over a period of time, for the purposes of this delivery order, orders will be specified as fixed price unit quantities of a single ordering CLIN for “Cloud Services and Ancillary Labor”. Each unit of the CLIN ordered will equate to $50,000.00 worth of Cloud Services and Ancillary Labor. Orders will be placed periodically for various quantities of $50,000.00 CLIN units based on the [Govt customer’s] estimated usage of cloud services and associated labor. This arrangement will provide [Govt customer] with the flexibility to pre-order “$50,000.00” units of “Cloud Services and Ancillary Labor” as necessary to support operations and to remain consistent with cloud computing “pay as you go” commercial practices.
- 20. 20 Next Steps Committing to a cloud-first strategy sends an important message that cloud is indeed the new normal in the public sector, and here for the long-term • Understand and Evangelize the Benefits of Cloud within your Organization. Work backwards from these benefits to envision your ‘ideal cloud end state’, so that customer and end user needs drive the effort. • Engage with Partners. Having consulting and technology partner support in place makes it much easier to deploy, adopt and/or shift workloads to the cloud. • Engage with Industry. Facilitating discussions with Cloud Providers, Solution Architects, and Business Development teams ensures that government and industry are on the same page in respect to how cloud technology and procurement is evolving.
- 21. 21 Finally: Do a Pilot Conduct iterations of small acquisitions through desired vehicles, mechanisms and processes • Find out quickly what works and doesn’t work, fix it in the next iteration, and try again. • The benefit of cloud is that the cost of failure is close to zero. It may take several attempts to perfect pilot acquisition, technical integration, business processes, and security approaches in tandem. • Establish a contract mechanism that is task performance-based/oriented, with a single line item structure that provides for a range of services; with Not-To-Exceed controls, and language associated with inclusion of governance processes. • Incorporate regulatory guidelines to enable expansive on-boarding; with consideration of various funding types and applicable delegated authorities.
- 22. Contract Pathways to Procure AWS https://aws.amazon.com/contract-center/
- 23. AWS Public Sector Contracts Page http://aws.amazon.com/contract-center/
- 24. • IDIQ (License to Hunt) available to federal, state, local, and tribal entities • On April 29, 2015, GSA added Cloud Special Item Number (SIN) 132-40 • 132-40 Cloud Computing Services • 132-52 Electronic Commerce and Subscription Services • Available through these AWS Government Authorized Resellers: • Accenture Federal Services • A&T Systems - 8(a) - Minority Owned (holds Cloud SIN) • Apptis, Inc • Aquilent • Cloudnexa • DLT Solutions (holds Cloud SIN) • Four Points - SDVOSB - Service Disabled Veteran Owned • InfoReliance Corporation (holds Cloud SIN) • JHC Technology - SDVOSB - Service Disabled Veteran Owned GSA Schedule 70
- 25. • GWAC (end to end IT solution contract); available to all federal agencies • Scope: IT products and product-related services, including Cloud Computing • Available through these AWS Government Authorized Resellers: • Accelera (small business) • DLT Solutions (small business) • Four Points Technology (SDVOSB) • Insight Public Sector • Strategic Communications (small business) • Unisys Corporation NASA Solutions for Enterprise-Wide Procurement V (SEWP V)
- 26. NASPO ValuePoint (formerly WSCA-NASPO) Public Cloud Hosting Services • IDIQ (License to Hunt) - public cooperative contract • GIS Cloud Hosting Services • General Cloud Hosting Services • Consulting and Design Services • Available through these AWS Government Authorized Resellers: • Day1 Solutions • Unisys • ESRI
- 27. State of Texas DIR Contract • IDIQ (License to Hunt) • Assessment, Cloud Broker, IaaS, PaaS • Out of State Customers eligible to use DIR contracts via the Interlocal Cooperation Contract • Available through these AWS Government Authorized Resellers: • DLT Solutions • Avosys • Vintage IT • DoubleHorn • General Dynamics
- 28. Questions?
- 29. Thank you!
Editor's Notes
- Why talk about cloud procurement in the public sector? – Well, it’s essential for people in public sector who want cloud, to be able to buy cloud – and we are moving from a discussion as to whether you should move to the cloud, to the question of how you can move to the cloud. AWS has over 2000 government agencies, 5000 educational customers, and over 17,5000 non profits using the AWS cloud - and a decade of experience in helping them build successful cloud procurement models – cloud procurement can be done. Existing cloud acquisition approaches were built with traditional IT still very much in mind. However, as cloud has become the new normal in public sector IT planning, it makes sense that agencies reevaluate how IT services are procured, budgeted for, and used, in order to build a cloud procurement strategy that is intentionally different from traditional IT - designed to harness the benefits of the cloud delivery model. THIS IS WHY WE NEED TO TALK ABOUT CLOUD PROCUREMENT – RECYCLING DATACENTER PROCUREMENT MODELS WILL NOT WORK AND WILL REDUCE THE BENEFITS OF THE CLOUD.
- The fundamental difference between cloud computing and traditional IT is that in a cloud model customers are not buying physical assets. Customers can use cloud services like building blocks, customizing for themselves an infrastructure on which to build their applications. Understanding that cloud computing offers a different delivery model helps set expectations regarding CSP and customer responsibilities. As customers do not own physical assets, it follows that they should not approach cloud procurement as if buying physical assets. There are different cloud service models available, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), and there are different approaches to procuring, managing, pricing, and securing each XaaS model. It is imperative that organizations understand each cloud model and create acquisition approaches for each.
- Understand the benefits of cloud. Successful cloud migrations start with a clear understanding of why cloud is different from on-premises IT, and the benefits that cloud offers. To many people, cloud computing is new in concept as well as in practice, and starting conversations with assumed knowledge can lead to confusion. Conveying what cloud is, and basic cloud benefits, will ensure that all stakeholders are on the same page. Plus, if you don’t know why you’re doing something, you won’t buy-in to doing it. Envision and document your ideal ‘end state’ in the cloud - so you have procurement ‘guiding principles’. Communicating the benefits of moving this end-state will ultimately lead to greater buy-in, and will help drive cloud adoption. Build your cloud procurement model. (working backwards from your ideal ‘end state’, so that your needs, and the needs of end users, guide your priorities) Continuous Education. Every day I learn that I know a little less that I thought I did about cloud computing – it’s a fast moving technology and requires constant re-education.
- What are the current barriers end users face when trying to buy cloud services they need – THINK DIFFERENTLY when procuring cloud - THINK BEYOND existing constraints such as: Long procurement delays “Old world” security requirements Restrictions/consent requirements on the ability to change and improve services and features that are available during the term of the contract Budget cycles creating an artificial constraint to agency users Overly prescriptive requirements limit the ability to conduct “tech refresh” in a realistic evolutionary cycle
- Involving key stakeholders from an early stage ensures that there is a clear understanding of how cloud adoption will influence existing practices. It also provides an opportunity to reset expectations about how to procure IT, schedule, risk management, security controls, and compliance. Create a culture of innovation. Educate staff so those with institutional knowledge can learn how to use cloud technology. This will accelerate buy-in during the cloud adoption journey, and foster a culture of innovation. Commit to a cloud-first policy: A cloud-first strategy sends an important message throughout government agencies that cloud is indeed the new normal.
- Cloud allows you to focus on application-level and performance-based requirements – not dictating specific methods, infrastructure or hardware. Cloud is a fresh start – and recycling on-premises RFP questions will inevitably lead to on-premises IT answers. You are not buying physical assets, therefore you do not need to ask for many things you are used to asking for in a traditional IT RFP.
- Third party analyst reports such as Gartner are excellent barometers of Cloud Provider capabilities and scale
- Understand the ecosystem of players in the cloud arena – a cloud provider is not an SI or Managed Service Provider, and does not offer all needed capabilities need to implement and manage a cloud environment. Public sector customers will require a cloud provider for their infrastructure, then determine how big of a role they want to assume in delivering cloud services and how much they intend to outsource to a Reseller/SI/Managed Services Provider.
- As in the previous slide, successful cloud acquisitions separate the purchase of cloud infrastructure from the purchase of related services and labor for planning, developing, executing, and maintaining cloud migrations and workloads. Engage with Partners: Partnerships come in many shapes and sizes: staff augmentation, solutions delivery, managed services, Software as a Service (SaaS) solutions, etc. Having consulting and technology partner support in place makes it much easier to deploy, adopt and/or shift workloads to the cloud. Having the support of world-class services makes it much easier to adopt and shift existing business processes to the cloud. Therefore, the strength and breadth of a cloud provider’s partner ecosystem is crucial to a successful cloud migration.
- As cloud computing customers are building systems on top of cloud infrastructure, the security and compliance responsibilities are shared between service providers and cloud consumers. In an IaaS model, customers control how they architect and secure their applications and data put on the infrastructure, while CSPs are responsible for providing services on a highly secure and controlled platform and for providing a wide array of additional security features. Again, this highlights how the strength and breadth of a cloud provider’s partner ecosystem is crucial to a successful cloud migration, as SIs and Managed Services Providers can architect and secure customer applications. Additionally, it is vital to have a marketplace that enables customers to find, buy, and immediately start using familiar security software to deploy a comprehensive security architecture on the cloud. Use cloud provider tools to create standardized, reusable environments that support certifications, accreditations, and compliance processes, that can be reused across the organization. For example, AWS provides customers with a standardized environment that helps support NIST 800-53/RMF certifications, accreditations, and compliance processes. Important points to remember: 1) Customers own their data. 2) Customers choose the geographic location(s) in which to store their data—it does not move unless the customer decides to move it. 3) Customers can download or delete their data whenever they like. 4) Customers should consider the sensitivity of their data and decide if and how to encrypt the data while it is in transit and at rest.
- If you look at the amount of certifications that AWS has achieved and secured for its customers over the last several years, influenced by what they told us matters most, it’s been a real enabler for public sector customers to move to the cloud. We understand that you have to achieve security and compliance hurdles. We’ve seen governments around the world take this on and everywhere where we’ve seen a standard, we’ve been able to meet it. Leveraging industry best practices regarding security, privacy, and auditing provides assurance that effective physical and logical security controls are in place, preventing overly burdensome processes or approval workflows that are not justified by real risk and compliance needs. There are many security frameworks, best practices, audit standards, and standardized controls that cloud solicitations can cite, such as shown in the slide. There are a great number of standardized controls and requirements that comprise cloud accreditation schemes, as bundling hundreds of controls into one cloud provider accreditation streamlines cloud procurement. For example, NIST 800-53 Architecture on AWS.
- Think beyond the commonly accepted approach of fixed-price contracting, and building an acquisition model for the on-demand, utility-style, pay-as-you-go nature of cloud computing. To contract for the cloud in a manner that accounts for fluctuating demand, customers need a contract that lets them pay for services as they are consumed. CSP pricing should be: Offered via a pay-as-you-go utility model, where at the end of each month customers simply pay for their usage. Allowed the flexibility to fluctuate based on market pricing so that customers can take advantage of the dynamic and competitive nature of cloud pricing. Allowing CSPs to offer different pricing models enables customers to evaluate each pricing model against the requirements of their solicitations, as opposed to an “apples to apples” pricing comparison through arbitrary compute or storage units. CSPs should provide transparent, publicly available, up-to-date pricing, and tools that allow customers to evaluate their pricing, such as AWS’s Simple Monthly Calculator CSPs should provide customers with the tools to generate detailed and customizable billing reports to meet customer business and compliance – also tools to budget for cloud and predict spend.
- Cloud customers should allow for evolving terms and conditions in order to benefit from new services and dynamic service enhancements. Static service terms that are found in traditional IT procurements (i.e., terms of use for a particular piece of procured hardware) remain constant because the hardware no longer belongs to the vendor. With cloud computing, the infrastructure evolves with cloud services as they are developed. Continual innovation ensures that customers maintain “state of the art” IT infrastructure without having to make recapitalization investments. AWS has launched more than 2200 new features and/or services since inception in 2006, and our growing pace of innovation is highlighted in the slide.
- Create Centers of Excellence or PMO’s: Cloud Centers of Excellence or Project Management Offices (PMO’s) can institutionalize governance, compliance, and automation across government agencies. They make it easier to incorporate best practices and/or industry standards for cloud-computing, while ensuring that mandated regulatory requirements are captured. Utilize Cloud provider tools and features for billing, monitoring, access control, and best practices. Automation is central to cloud governance. Build in automation so you can create and manage a collection of related resources - provisioning and updating them in an orderly and predictable fashion. Again - create standardized, reusable environments that support certifications, accreditations, and compliance processes, that can be reused across the organization.
- For example, the U.S. federal government has a published acquisition policy that favors the purchase of commercial items as opposed to items developed exclusively for government. This policy is designed to take full advantage of available and evolving technological innovations in the commercial sector, allowing commercial terms to be accepted by the government without extraneous provisions and contractual constraints. Refer to the U.S. federal government Federal Acquisition Regulation (FAR) Subpart 12.3—Solicitation Provisions and Contract Clauses for the Acquisition of Commercial Items and the Federal Acquisition Streamlining Act (FASA) at the following link: http://www.acquisition.gov/far/html/FARTOCP12.html
- Recognizing that cloud is procured as a commercial item, acquisitions should leverage a Cloud Providers established commercial best practices for data center operations. By stating requirements in commercial cloud industry-standard terminology and by permitting the use of commercial practices, customers will have access to the most innovative and cost-effective solution options. Terms or conditions that overlap or are duplicative of existing, overarching industry standards (for example, the U.S. federal government’s cloud-focused FedRAMP accreditation) should be removed. Leverage Cloud Providers commercial SLAs, i.e. uptime, durability, reliability etc. Public Sector entities can terminate at any time – limiting vendor lock-in.
- Here is a high-level overview of AWS’s services – if cloud procurement is done right, users will have access to all of the services they need in a transparent, efficient, and auditable manner. Let’s analogize with a Starbucks gift card – you have a not-to-exceed amount to spend at the vendor, and can choose anything you like on the menu – with the vendor providing a bill detailing your exact spend. Should your anticipated usage add-up to more than your not-to-exceed amount, you can top-up the card based on your projected usage over a defined period of time.
- If we consider the cornerstones of a cloud environment/migration as (1) Cloud Services (compute, storage, networking, etc.); (2) Professional/Managed Services; (3) Cloud Marketplace; (4) Cloud Support; and (5) Cloud Training, we can then think about how to effectively structure an acquisition. Simple and effective service categories include: Cloud Services: In essence, the provisioning of a CSP account for a certain amount tied to a full menu or catalog of commercially-available CSP services. This provides customers with a wide array of services in addition to providing the proper level of fiscal constraints tied to budgetary mandates. For example: Amazon EC2 – Computing; Range: X-Small to XX-Larger Services (with a Not-To-Exceed (NTE) amount, and language that outlines the process to implement NTE billing controls). Professional/Managed Services: Services to help customers design, architect, build, migrate, and manage their workloads and applications in the cloud. Cloud Support: Access to technical support engineers and experienced customer service professionals who help customers get the most from the products and features provided by a cloud provider. Cloud Training: To enable customers to gain the skills, knowledge, and expertise to design, deploy, and manage applications on a cloud platform. Cloud Marketplace: A forum for cloud customers seeking products from third party vendors to supplement their workloads and cloud requirements (for example, AWS Marketplace https://aws.amazon.com/marketplace). Such a Marketplace enables cloud customers to streamline the software procurement, licensing and configuration process, allowing software to be procured in minutes. The table above displays an example of a single line Item structure approach. In this example, each unit of the line item ‘1001 Cloud Services’, equates to $1.00 of cloud services ordered at a not-to-exceed amount. Each month, ordering increments are funded based on current and forecasted usage projections. As an example of how to demonstrate delivery and use of each Cloud Service unit in this sample structure, AWS enables its customers to generate detailed billing reports that break down costs by the hour, day, or month; by each account in an organization; by product or product resource; or by customer-defined tags.
- From discussions between government and industry, it is clear that there is a need for on-demand ordering capabilities for cloud services. An optimal cloud contract vehicle enables agencies to purchase the specific cloud services they want, when and how they need them. Establish a contract that supports “non-specific ordering” and includes the entire range of services that exist today (with the ability to scale to meet a rapidly expanding range of services). Any unnecessary restrictions, such as change consent requirements, will limit a CSP’s ability to scale and limit a customer’s ability to take advantage of frequent innovative service changes. Include the flexibility to allow cloud prices to fluctuate based on market pricing. This approach takes advantage of the dynamic and competitive nature of cloud pricing and supports innovation and price reductions. Ensure that resellers pass through all Cloud Provder price reductions. Consider cloud governance, such as tracking usage/consumption, and associated process like instance tagging policies, monitoring, and building in automation.
- Largest most widely-used acquisition vehicle in the federal government.