In March, representatives from 10 states and localities sat down in Dallas with some of the industry’s biggest service providers to start bringing government purchasing practices in line with an increasingly cloud-based world.
The meeting, hosted by e.Republic’s Center for Digital Government, marked the halfway point for the group, which also met in New Jersey in January. Its goal is to clear up confusion between government and vendors by creating a standard set of terms and conditions for “as a service” contracts.
Government participants included Colorado, Delaware, Georgia, New Jersey, Pennsylvania, Texas and Washington, along with Austin, Texas; Oakland County, Mich.; and Fairfax County, Va. Companies involved are Amazon, AirWatch, Dell, Deloitte, EMC, General Dynamics, McAfee, NIC, Salesforce, Symantec, Unisys, Verizon Terremark and Workday.
Group members admit they won’t eliminate all of the uncertainty around contracting for rapidly evolving cloud services, but they intend to reach substantial agreement on key issues — and that’s a great start. In many cases, government customers and cloud vendors aren’t even speaking the same language. And all too often, that means agencies can’t attract bidders they want, or they pay more than they should for the services they buy.
Much of the discussion in Dallas revolved around security — an important topic as agencies contemplate moving more data onto systems they don’t own. One issue, for instance, was how quickly service providers must alert government customers of security incidents. Another crucial question is a vendor’s level of liability in the case of an actual data loss. As a result of these talks, group members now are drafting notification standards and creating a formula for determining the potential cost of a data breach.
In addition, the group intends to develop practical data encryption standards for service providers, create guidelines for auditing government systems running in private data centers and come up with reasonable rules for how long vendors must retain government data after a contract is canceled.
Given the rapid rise of cloud providers and the public sector’s pent-up demand for system modernization, it’s vital to put government and industry on the same page when it comes to procuring cloud-based services. This sort of public-private collaboration is a big step toward faster, easier and more effective cloud procurements.