• Successful cloud procurement Approaches • RFPs, frameworks and partners in the procurement Process • AWS capture and proposal resources

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

2. David DeBrandt – AWS Capture and Proposal
debrandt@amazon.com
©2017, Amazon Web Services, Inc. or its affiliates. All rights reserved

3. 3
Agenda
1. Why talk about cloud procurement?
2. Important early conversations about cloud
3. Key public sector procurement considerations
4. How AWS can help you
5. Q&A

4. 4
What is the Cloud?

5. Security and Compliance
Procurement
Culture
Business Uses/Definition
Policy
Broad Adoption
Cloud Adoption Has Several Steps
3

6. Government Agencies and Educational
Institutions Worldwide Use the AWS Cloud
6

7. 7
Who does what in the Cloud?
Networking
Storage
Servers
Virtualization
Operating System
Middleware
Runtime
Data
Applications
Infrastructure
(as a Service)
Networking
Storage
Servers
Virtualization
Data
Applications
Platform
(as a Service)
Operating System
Middleware
Runtime
Networking
Storage
Servers
Virtualization
Software
(as a Service)
Operating System
Middleware
Runtime
Data
Applications
Provider Responsible Consumer Responsible

8. 8
How AWS Can Be Bought
• Direct
• Online;
• RFP (for cloud);
• Framework Contracts;
• Indirect;
• Resell by Partners (online access);
• RFP (SI projects, or just cloud);
• Framework Contracts;
There are multiple paths for the public sector to buy AWS cloud.

9. 9
Canadian Cloud Procurement Frameworks
• Shared Services Canada (SSC) – in evaluation;
• British Columbia CloudBC – in evaluation;
• Ontario OECM – buying framework in place with AWS Partners;
Canadian Public Sector Has Started the Journey

10. Historic Cloud Contracting Challenges
Contract to cover all Cloud Deployment
Models (e.g. public, private, hybrid, etc.)
• Confusion when selecting a product,
service or Cloud Deployment Model
• Vendor assumes terms that do not apply
• e.g. Liability for a Public CSP Supplier may be
different from a Private CSP Subcontractor
• Increased complexity in determining
applicable terms
• Complimentary products & services often
excluded
• e.g. Support, Professional Services, Training, etc.
Frame
work
Public Cloud
Terms
Hybrid
Cloud Terms
Private
Cloud Terms

11. Successful cloud procurement strategies focus on
application-level, performance-based requirements
that prioritize workloads and outcomes, rather than
dictating the underlying methods, infrastructure, or
hardware used to achieve performance requirements.

12. displayed in Figure 5.
Cloud Service Provider vs
Managed Service Provider
A cloud service provider is not a systems integrator or managed service provider.
Many public sector customers will require a cloud service provider for their infrastructure, and outsource “hands on keyboard”
planning, migration, and management work to a systems integrator or managed services provider.

13. 13
Build a Cloud-Centric Procurement
• Successful cloud adoption start from well-built procurement strategies and cloud-
centric contract vehicles.
• Getting procurement ‘right’, will lead to a portfolio of cloud technology and services that
truly realizes the benefits cloud computing offers government agencies.
• Central to the success of cloud procurement is making sure end users have access to
the cloud services they need, when they need them.
• Focus on how cloud computing can benefit agencies and end users, and work
backwards from these benefits – avoiding needless obstacles that could hinder rapid
access to the services users need.
Cloud procurement should be purposively different from existing procurement

14. 14
Involve Key Stakeholders Early
A successful cloud strategy involves all key stakeholders at an early stage
• Senior executive of organization
• Chief Information Officers (CIOs)
• Program managers
• Acquisition/procurement specialists
• Directors of IT and mission-critical systems
• IT professionals
• Security professionals
• Legal and policy experts
• Finance and budget staff
• Human Resources (HR) and staff development
• Industry partners
• Academia partners

15. 15
Ask the Right Questions
You’ll only get what you ask for
• You are not buying physical assets; therefore, you do not need to ask for many things
you are used to asking for in a traditional data center RFP.
• Recycling data center RFP questions will inevitably lead to data center answers, and
may leave cloud vendors unable to bid.
• Make sure you ask the right question to get the best cloud solution.
• Cloud allows you to focus on application-level and performance-based requirements –
there is no need to dictate specific methods, infrastructure or hardware.

16. 16
Procurement Example: SLAs
• CSPs provide standardized commercial SLAs to millions of customers. They are not
customizable as is the case in an on-premises datacenter model.
• Partners can help customers architect their cloud usage to satisfy additional,
customer-specific requirements and unique SLAs, that go beyond a CSP’s commercial
SLAs.
“CUSTOMER will maintain awareness of CSP SLAs and deploy important
workloads and applications in such a way that they continue to operate in
the event an SLA is not met. CUSTOMER will be responsible for
maintaining appropriate SLA’s associated with any CUSTOMER owned
equipment or CUSTOMER operated services used with the CSP.”

17. Security Is a Shared Responsibility
17
Security expertise is a scarce resource; Cloud Providers oversee the big picture, letting
your security team focus on a subset of overall security needs
You
AWS

18. 18
Procurement Example: Encryption
• Customers/Partners should not expect a CSP to do things that aren’t within their remit
under the clouds’ shared responsibility model.
• For example:
o CSPs should provide encryption capabilities.
o Partner/end customer use CSP-provided encryption capabilities in order to meet
their security and compliance requirements.
“The Contractor shall provide the following services:
Provide encryption capability for object level data store service.
Provide encryption capability for object level data store service with customer based
and managed keys.”

19. Architected for Government Requirements
Cloud Providers should have certifications and accreditations for workloads that matter to
public sector customers
19

20. 20
Procurement Example: Audits
• Use independent auditor reports
• Customized audit requirements diminish CSPs capacity to deliver at scale
• Datacenter audits would compromise security (millions of visitors?)
Example 2: “The cloud provider can provide reports showing that independent third
parties thoroughly respects the safety procedures and operational SOC2 such as type 2
ISO 27001, ISO 27002, PCI DSS 2.0, etc.”
Example 1: “We expect to be able to visit and tour your data centre facilities with suitable
advanced notice”

21. 21
Utility Pricing Model
Build an acquisition model for the on-demand, pay-as-you-go nature of cloud computing
• Traditional IT pricing approaches can reduce or eliminate benefits of cloud.
• Accept different vendor pricing models – do not create single pricing model.
• Embrace on-demand, utility-like, OpEx model cloud pricing.
• Understand cloud provider tiered pricing, and reserved pricing (such as AWS's
reserved & spot instances), to budget for estimated usage and reduce
expenses.

22. Cloud Pricing Considerations
1. Transparency
CSP pricing should be publicly available and
transparent. Pricing in this format demonstrates the
cloud’s true commercial nature. AWS pricing information
is publicly available and found at
http://aws.amazon.com/pricing/.
2. Variable Prices
Given the massive scale of cloud computing, and the
utility-like model of offering standardized services to
millions of customers, it is not possible for a CSP to
provide unique pricing that is “locked-in” at a certain
price. Instead, a cloud procurement model should
include the flexibility to allow cloud prices to fluctuate
based on market pricing. This approach takes
advantage of the dynamic and competitive nature of
cloud pricing, and supports innovation and price
reductions (AWS has lowered prices 59 times since
2006).
3. Multiple Pricing Models
Allowing CSPs to offer different pricing models enables
organizations to evaluate each CSP pricing model
against their own unique IT requirements, as opposed to
an arbitrary “apples to apples” pricing comparison of
compute or storage “units.”
Cloud solicitations should allow CSPs to offer their own
pricing models, enabling customers to select a model
that best meets their unique requirements. Solution
Procurement solicitations (as described in Table 1
above) should challenge SI/consulting firm bidders to
leverage a CSP’s pricing model in an optimal way as
they present pricing in their solicitation responses.
4. Pay-Per Use Utility Model
Incorporating a pay-as-you-go utility model, where at
the end of each month you simply pay for your usage,
is optimal for utilization and resource metrics.
Public sector organizations should also consider how
to optimize their cloud spend via leveraging optional
CSP minimum commitments, such as multi-year
enterprise discount programs and discounted
reserved resources such as Reserved Instances (see
page 9 for information on AWS Reserved Instances).

23. * As of 1 January 2017
2010
61
516
1,017
159
2012 2014 2016
Tech Refresh & AWS Pace of Innovation
“Contractor may from time to time: change add or delete the functions, features, performance, or
other characteristics of the As a Service”

24. 24
Cloud Governance

25. 25
Acquisition Regulations
Cloud computing should be purchased as a commercial item and/or services
• Broadly speaking, a commercial item is recognized as an item that is of a type that has
been sold, leased, licensed, or otherwise offered for sale to the general public.
• In order to maximize the benefits of cloud computing, commercial terms should govern
the contract.
• Successful cloud procurements recognize that Cloud Providers are not providing
custom-built deliverables, and that the benefits of cloud stem from operating at a
massive scale.

26. 26
Terms and Conditions
Avoid recycling terms and conditions from traditional datacenter procurements - this may
lead to decreased Cloud Provider competition and loss of cloud benefits
• Physical Data Center Tours, Audits, and Access
• Physical Separation of Data, Assets, and Infrastructure
• Customization of Services to Interoperate with Legacy Systems
• Mandatory Flow Down of Business Terms and Conditions not Required by Statute
• Prescribed Data Center Personnel Background Checks
• Prescribed Infrastructure and Machines
• Fixed Service Terms and Pricing
• Small Business Subcontracting Plan
• Termination Assistance – Government can Terminate at any Time
• Rights in Data – Government Owns and Controls all Their Data

27. Don't Know Where to Start?
https://aws.amazon.com/how-to-buy/

28. AWS Guidance – Government & Partners
• Standard, boilerplate content
• Whitepapers, website material
• Security support and reviews
Content
• “Early days” advice and education
• Access to AWS Resources
• Connecting governments
Guidance
Early engagement is critical to success
• Advising on relevant publicly available case studies
• Directing you to specific use cases for AWS technologyCase Studies
25

29. Resources
AWS Cloud Procurement Best Practices for Public Sector
Customers
• This whitepaper provides guidance to business, technology, and acquisition
leaders in the public sector on building a successful cloud procurement
strategy for acquiring IaaS and PaaS services..
AWS 10 Considerations for a Cloud Procurement
• A condensed version of the above, this whitepaper focuses on the 10 key
components that can form the basis of a broader public sector cloud
procurement strategy.
AWS Information Packages
• These standardized high-level documents cover core AWS content.
Other Resources
• Third Party Documents (e.g.; Gartner - Procurement Manager’s Guidance
G00317249)

30. AWS Capture & Proposal Team
David DeBrandt – debrandt@amazon.com
Thank you!