EPA Contract Reflects US Cloud-Based IT Ambitions

U.S. government agencies are trying to meet fast-track goals to improve the acquisition and management of information technology resources. In a government setting that inherently involves myriad checkpoints, protocols, policies, and an exasperating budget process, change does not come easily or quickly.

One exception could be the Environmental Protection Agency. The agency’s Office of Environmental Information (OEI) has just committed US$15 million for developing cloud resources. The agency awarded a three-year contract to CGI Federal for assistance in building an agency-wide hybrid cloud for EPA’s National Computing Center.

The contract was awarded under a General Services Administration blanket purchase agreement, through which CGI is accredited to deliver certified, secure government cloud services. The BPA covers Infrastructure as a Service deployments. CGI will serve as the external enterprise cloud provider, delivering a range of services, including hosting and virtualization, in its secure cloud. CGI will also provide technical architecture and transition support for moving agency applications to the cloud.

To encourage cloud computing, the U.S. government has developed tools designed to make the procurement process more efficient and less time consuming. One of those tools was GSA’s BPA mechanism.

Contract Tool Helps Cloud Adoption

“Using a readily available contract vehicle like GSA’s IaaS BPA simplified the contracting process and ensured a faster response to the RFP,” Toni Townes-Whitley, senior vice president at CGI Federal, told the E-Commerce Times.

“All of the existing contract line item numbers, terms and conditions, and service level agreements in the BPA were used for the EPA contract so that significantly reduced time and effort for both industry and the government,” she said.

“The EPA task order is another great example of how federal agencies are leveraging GSA’s cloud solutions to meet their mission-critical requirements and goals. By partnering with GSA on cloud migration, agencies can get help reducing costs, increase efficiencies, and meeting critical OMB mandates,” Mary Davie, assistant commissioner of the Office of Integrated Technology Services at GSA’s Federal Acquisition Service, told the E-Commerce Times.

In addition to developing improved contracting vehicles to promote cloud adoption, the federal government has developed the Federal Risk and Authorization Management Program, or FedRAMP, an IT security program with universal application.

The idea is to provide a security platform that all agencies can use, saving each agency the time and money ordinarily consumed in contracting for IT services to meet requirements of the Federal Information Security Management Act (FISMA). FedRAMP also provides a consistent security standard for federal agencies. However, the FedRAMP program was not final during the period of EPA’s cloud procurement.

“CGI’s work for the EPA meets all of the security and FISMA requirements outlined in EPA’s request for proposals. Under the GSA blanket purchase agreement, CGI was awarded a permanent authority to operate, which means we meet technical and management requirements, including all of the necessary federal security requirements such as FISMA,” Townes-Whitley said.

“Our solution provides FISMA compliance for low- and moderate-impact systems, and we perform continuous monitoring, reporting and annual auditing. CGI has been an active participant in FedRAMP discussions, including as chair of TechAmerica’s public sector task group providing industry input into FedRAMP. As a BPA holder, we are one of the first companies to start working through the FedRAMP certification,” she added.

“FedRamp streamlines the cloud acquisition process, and it gives vendors a clear path for getting federal approval for their cloud offerings. But, just as with other types of procurement, GSA isn’t meant to be the only game in town,” Shawn McCarthy, research director at IDC Government Insights, told the E-Commerce Times.

“EPA incorporated the GSA authority to operate (ATO) within an EPA-specific framework for security plans and ATOs. Now that FedRAMP has been released, EPA’s cloud provider for applications hosting is working with GSA to establish a FedRAMP certification.

The GSA procurement tool helped to facilitate the process by employing a “pre-competed” mechanism.

EPA Reaching for the Cloud

The contract was awarded as part of EPA’s program to shift 80 percent of the agency’s computing environment to the cloud by 2015, according to CGI.

“With this modernization initiative, EPA is accelerating the benefits of cloud computing across the enterprise,” Townes-Whitley said.

“With the agency’s vision of moving up to 20 percent of its environment to the cloud in the first year — and then 30 percent in years two and three — EPA is setting an impressive pace for cloud adoption. The plan will reduce the in-house maintenance burden while ensuring that EPA can seamlessly meet program requirements with fast, flexible, affordable and secure solutions,” she added.

“That’s a very ambitious goal, compared to other agencies. It hopefully indicates that EPA has done a detailed return on investment analysis and decided that cloud solutions offer a greater bang for the buck,” IDC’s McCarthy said.

In a recent management plan, EPA said it was aggressively moving toward cloud services, although the target noted by CGI is somewhat flexible.

The goal of reaching 80 percent cloud operations by 2015 is an estimate, according to the EPA. The actual number of applications that migrate to the cloud will depend upon a variety of factors such as suitability, the agency’s experience with the solution, its cost-efficiency, and its alignment with agency requirements.

The agency is moving to adopt cloud solutions to maximize IT efficiencies through five major initiatives:

• Internet Security and Network Services: In 2010-2011, EPA successfully migrated its wide area network infrastructure and perimeter security services (Managed Trusted Internet Protocol Services) to an external cloud platform provided by AT&T.
• Enterprise Service Desk: In 2011-2012, EPA began consolidating its local help desk call-center services by establishing a common IT ticketing platform and framework for enterprise service desk and problem management through an external cloud.
• EPA Private Cloud: The agency has established an internal private cloud solution for data center consolidation and server virtualization efforts. Initially, the private cloud will serve the agency’s program and regional customers.
• Applications Hosting — External Cloud: The infrastructure and applications hosting services contract just awarded to CGI Federal.
• Email and Collaboration Suite: EPA expects to award a 24,000-user email collaboration services cloud this summer.

In fiscal 2013, all of EPA will be able to place orders for external cloud services via GSA for low-sensitivity applications, or through the agency’s OEI-managed private cloud computing services for medium sensitivity applications that require high availability and internal data integration.

“We are looking holistically at our agency IT systems as investments,” said Malcolm Jackson, EPA’s chief information officer. In the past year, EPA’s IT review process has “brought to light opportunities to move technologies to the cloud, eliminate duplication of efforts, and reduce IT costs.”