While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The Army is soliciting pitches from vendors on cloud solutions as the service branch looks to move to a new cloud contract vehicle that will handle most of its cloud purchases over the next few years.
Late last month the Army issued a request for information for its new contract vehicle, the Army Cloud Computing Enterprise Transformation, dubbed ACCENT. The Army plans to move applications, systems and data from government data centers to commercial ones.
According to the November draft RFP, cloud providers would secure spots on ACCENT via basic ordering agreements, or BOAs, but would not be guaranteed future work with the Army, Federal News Radio reports. In the second step of the acquisition process, the vendors would compete for individual projects.
Doug Haskin, the project director for enterprise services at the Army’s Program Executive Office for Enterprise Information Systems, told Federal News Radio that the BOAs will operate like blanket purchase agreements, which federal agencies typically use to purchase a variety of goods and services.
“But we think the BOA is better for the high-dollar contract actions that are associated with hosting services,” Haskin told Federal News Radio. “It also gives us more flexibility to adapt to uncertain requirements when you don’t know all the requirements up front, which is the position we’re in now. Keeping that flexibility is important for us because we know that the guidance and policies for commercial cloud in DOD have been changing and will continue to change. I think it’s also going to benefit industry, because if they’re going to commit the resources to get onto this agreement they need to know it’s going to be viable and not obsolete in a year or two.”
The BOAs will be "valid for a three-year period using a multi-step procurement process," according to the draft RFP.
The Army plans to purchase infrastructure-as-a-service, platform-as-a-service and software-as-a-service cloud offerings, Federal News Radio notes.
The outlet reports: “Vendors would need to meet the governmentwide FedRAMP standards for cloud security and have DOD-specific provisional authorizations to sell their wares to the government, but the additional DOD security controls they would need to comply with would be set out task order-by task order.”
According to the December Request for Information, the Army wants to migrate 34 legacy applications to commercial data centers, including active directory, antivirus, network synchronization, proxy/firewall configurations, public key infrastructure certificate validation/authentication, virtual load balancer and virtual private network.
“While the Army still isn't formally soliciting for contracts, it will use the feedback from industry for the ACCENT request for proposal,” FierceGovernmentIT reports. “There is no set date for the RFP's release, but the Army is soliciting feedback until Jan. 15.”
The move to a commercial cloud environment is just one part of the Army’s larger plan to consolidate its data center operations, which, as Federal News Radio notes, has been ongoing since 2011. The Army wants to use the Defense Information Systems Agency’s MilCloud service for applications too sensitive to be housed in nonmilitary data centers. Additionally, officials at the Army post Redstone Arsenal in Alabama are testing the use of secure, commercially operated data centers on military bases.