Dave McClure --“Examining the President’s Plan for Eliminating Wasteful Spending in Information Technology”, Testimony
McClure -- GSA Efforts on Feds IT Management Reform
Dr. David McClure
Office of Citizen Services and Innovative Technologies
General Services Administration
SENATE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
SUBCOMMITTEE ON FEDERAL FINANCIAL MANAGEMENT, GOVERNMENT INFORMATION, FEDERAL SERVICES, AND INTERNATIONAL SECURITY
APRIL 12, 2011
“Examining the President’s Plan for Eliminating Wasteful Spending in Information Technology”
Good morning Chairman Carper, Ranking Member Brown and Members of the Subcommittee. Thank you for the opportunity to appear before you today to discuss the General Service Administration’s (GSA) role in ongoing efforts to reform the Federal government’s IT management reform agenda. GSA plays a pivotal role in supporting this agenda by pursuing cost effective and innovative technology solutions often shared across federal agencies.
In the last six months, the Administration’s efforts to apply rigor to Information Technology Reform has resulted in several key guidance documents, policies, and efforts that inform the federal government’s progress in implementing effective IT management reforms – in particular with cloud computing. Key documents include the OMB 25 Point Implementation Plan to Reform Federal Information Technology Management and the Federal Cloud Computing Strategy issued by the federal CIO’s office. They frame the federal government’s efforts to reform the way IT is acquired and managed while meeting the Administration’s goals to make government more responsive, operationally effective, cost efficient, transparent, participatory, collaborative, and innovative for the citizens it serves.
At GSA, we think the adoption of safe and secure cloud computing by the federal government presents an opportunity to close the IT performance gap between the public and private sectors. We help agencies improve access to modern technology needs faster and with lower costs. The case for cloud computing is compelling. It allows agencies to pay only for the resources they use in response to high and low demand, avoid the expenses of building and maintaining an IT infrastructure, and control the appropriate level of security for data and applications. Also, cloud computing is a key technology for achieving cost effective data center consolidation. In fact, agencies have already started to realize savings as they begin to adopt cloud computing across their programs. There are lots of examples where agencies have implemented cloud solutions and found significant savings. Those are highlighted on our web page Info.Apps.gov.
GSA’s Contributions to Government-wide IT Reform Efforts
GSA plays a strong leadership role in supporting the adoption of cloud computing in the Federal government. We concentrate our efforts on facilitating easy access to cloud-based solutions from commercial providers that meet federal requirements, enhancing agencies’ capacity to analyze viable cloud computing options that meet their business and technology modernization needs, and addressing obstacles to safe and secure cloud computing. In particular, GSA has the lead in facilitating new innovative cloud computing procurement options, ensuring effective cloud security and standards are in place, and identifying potential multi-agency or government-wide uses of cloud computing solutions. GSA’s continued ability to support these important initiatives is dependent upon the availability of funding from the Electronic Government Fund or other sources.
GSA is the information “hub” for cloud use examples and case studies, decisional and implementation best practices, and for sharing exposed risks and lessons learned. We launched and maintained a web site (www.info.apps.gov) as an evolving knowledge repository for all government agencies to use and to contribute their expertise.
Further, the Federal Cloud Project Management Office (PMO), housed in my office, provides support to the Federal CIO Council’s Cloud Computing Executive Steering Committee and Working Groups. As we move more toward more high risk and impact system requirements, we’ll engage even further with our intelligence community partners.
Figure 1 - Details the primary activities within the Federal Cloud PMO.
Our Cloud PMO is very active and productive. To illustrate, the PMO is working on the design and implementation of security controls, processes and procedures tailored to cloud computing – commonly referred to as the Federal Risk and Authorization Management Program (FedRAMP). In addition, in conjunction with our Federal Acquisition Service, we have developed procurement vehicles for agencies to acquire cloud services and products – infrastructure as a service and cloud-based e-mail are our current projects. We have also established a “cloud storefront” (apps.gov) as a site for agencies to directly purchase cloud services. The PMO also functions as an information clearing house by promoting current and planned cloud projects across the government and sharing best practices & lessons learned for cloud adoption and implementation.
Additionally, the PMO supports OMB’s Federal Data Center Consolidation Initiative. One of our own best practices is the use of working groups that address specific targets requiring specialized in-depth expertise such as security, standards and cloud based e-mail services. These working groups allow us to leverage experience across the government that produces results with a small technical staff.
Let me provide some additional detail on some of these initiatives:
Federal Risk and Authorization Management Program (FedRAMP)
The Federal Risk and Authorization Management Program is being established to provide a standard approach to Assessing and Authorizing (A&A) cloud computing services and products. Currently, this is an expensive, time-consuming process exercised inconsistently across the government. Currently, an average A&A costs up to $180,000 and requires up to six months to complete. FedRAMP will allow joint authorizations and continuous security monitoring services for Government and Commercial cloud computing systems. Joint authorization of cloud providers results in a common security risk model that can be leveraged across the Federal Government. A common security risk model is also a consistent baseline for Cloud based technologies ensuring that the benefits of cloud-based technologies are effectively integrated across the various cloud computing solutions. The risk model enables the government to "approve once, and use often". As depicted in Figure 2, each government agency must currently conduct its own authorization process that is duplicative, expensive and inconsistent. With the implementation of FedRAMP, an agency can accept security authorizations performed by other agencies with confidence in its standardization and consistency.
Figure 2 - Federal Risk and Authorization Management Program (FedRAMP)
As FedRAMP allows agencies to reuse authorizations, participating agencies need only review security details and leverage the existing authorization in order to secure agency usage of the candidate system. This should greatly reduce cost, enable rapid acquisition, and reduce overall level of effort by both government and industry technology providers. FedRAMP’s processes, policy implications, governance, and technical security standards have all been arrived at via a consensus-based approach within government. The National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), the National Security Agency (NSA), numerous industry consortia, and many other federal and state and local government entities have all collaborated with GSA to arrive at the current state.
We expect that an initial version of FedRAMP will be stood up and ready to process the first certifications in the near future. We anticipate that this will be an iterative process subject to constant improvement as we evaluate how the risk model, processes, procedures, and controls are executed.
Infrastructure as a Service (IaaS)
Each year, the government spends tens of billions of dollars on IT products and services, with a heavy focus on maintaining current infrastructure needs and demands. GSA has established a Blanket Purchase Agreement (BPA) with 12 companies (many with multiple partners) who offer storage, computing power, and website hosting as commodities that streamlines the procurement and vetting process to allow agencies to implement solutions more quickly.
This BPA addresses Reform Initiative #4 in OMB’s 25 Point Implementation Plan to Reform Federal Information Technology Management that directs GSA to stand-up contract vehicles for secure IaaS solutions.
The IaaS BPA offers its federal customers a wealth of benefits, including:
• Commodity pricing – Web hosting, Virtual Machines, and Storage are priced as explicitly defined, standard services allowing customers to easily compare prices across vendors. Additional discounts may also be obtained at the task order level
• Standardized requirements – Companies are required to meet standard technical and security requirements for use across the Federal government
• Comprehensive services from a single task order – All services can be purchased using a single, performance-based task order
• Acquisition oversight – GSA has established reporting requirements and effective administrative oversight to ensure compliance and efficiency
As GSA continues its work to make cloud services more readily available to government customers, the agency chose to tackle one of the most ubiquitous business technologies in use by all federal agencies: email. Established in June 2010, the Email as a Service (EaaS) Working Group, comprised of email and collaboration experts from across government, took a collaborative approach to procurement by drafting requirements with input from its members. These IT professionals brought their own agencies' requirements to the table, leading to a cooperative procurement that will best address the needs of the federal enterprise as a whole.
Once this procurement is released and concluded, services will be offered to federal customers via a Blanket Purchase Agreement (BPA), which will drastically reduce the amount of time and resources needed to procure the cloud email solution that best fits their agency’s needs. Based on Forrester Research average cost savings for an agency that leverages the BPA will be $11/mailbox/month, $1 million in annual savings for every 7,500 users, or approximately 44% over existing on-premise email solutions. Furthermore, the BPA will accommodate a range of email services in public, private, and highly secured clouds, making robust, feature-rich, secure email and collaboration service options similar to those currently being implemented at GSA and USDA available to any interested federal or state and local agency. The EaaS BPA addresses IT Reform Initiative #5 in the President’s 25 Point Implementation Plan to Reform Federal Information Technology Management that pushes contract vehicles for cloud commodity services.
Interactive platform for pre-Request for Proposal agency-industry collaboration
Shortening the acquisition timeline and awarding successful IT contracts requires a multifaceted set of solutions. To “bust” prevailing myths, we will increase communication with industry and help establish a foundation of high functioning, “cross-trained” program teams. Improving the way we define requirements requires that we make inexpensive, efficient collaboration solutions available to all agencies, especially in the period prior to issuing a Request for Proposal (RFP). To this end, GSA is working to establish an interactive platform for pre-RFP agency-industry collaboration.
GSA is responsible for this action in OMB’s 25 Point Implementation Plan to Reform Federal Information Technology Management. To date, GSA has gathered input from stakeholders in government and industry as a basis for requirements for the collaboration. Based on those requirements, a host of alternatives for design and delivery of an online collaboration tool were examined and rated. Candidates for the tool included existing government systems and commercial collaboration tools.
Federal Data Center Consolidation Initiative
In addition to improving IT service levels, cloud computing will be a major factor in reducing the environmental footprint of technology and will help achieve important sustainability goals. Effective use of cloud computing is an integral part of the government’s strategy to reduce the need for multiple data centers and the energy they consume. Currently, GSA is supporting agencies to execute their data center consolidation plans, with activities planned through FY15. Adoption of cloud computing can help agencies buy improved services at a lower cost within acceptable risk levels. Furthermore, agencies can do so without having to maintain expensive, independent, and often needlessly redundant brick-and-mortar data centers.
The Federal Data Center Consolidation Initiative was launched in February 2010 to (a) reduce the cost of data center hardware, software and operations; (b) increase the overall IT security posture of the government; (c) shift IT investments to more efficient computing platforms and technologies; and (d) promote the use of Green IT by reducing the overall energy and real estate footprint of government data centers. GSA assists agencies in identifying their existing data center assets and formulating consolidation plans that include technical roadmaps and consolidation targets. We are also supporting the Data Center Consolidation Task Force that functions as a consensus-based group to tackle the many challenges the government will face as it reduces the number of data centers.
The FDDCI addresses Reform Agenda Initiatives #1 and #2 in OMB’s 25 Point Implementation Plan to Reform Federal Information Technology Management that requires agencies to complete detailed implementation plans to consolidate at least 800 data centers by 2015 and create a government-wide marketplace for data center availability.
GSA Cloud Initiatives Focused on Improving Internal Efficiencies
In addition to supporting cloud computing initiative across the government, GSA has also moved aggressively to adopt practical and secure cloud-based solutions. GSA is at the forefront of adopting cloud computing from web hosting to e-mail.
• Cloud E-mail Implementation – GSA is the first federal agency to award and begin implementing a cloud-based email solution agency-wide. GSA will save 50 percent, over the next five years when compared to current staff, infrastructure, and contract support costs. Implementation will be complete in 2012.
• Data Center Consolidation – GSA expects to reduce its government owned data centers from 15 to 3 by FY2015. This is one of the most aggressive reductions in the federal government. We are inventorying our data center assets to find opportunities to decommission and move to virtualized servers, consolidate or retire business applications, and migrate to cloud computing solutions. As noted before, we expect a significant savings once we complete the consolidation efforts.
• USA.gov – GSA moved this site – the federal government’s primary public-facing information portal to a cloud-based hosting arrangement with a commercial vendor. This enables the site to deliver a consistent level of access to information as new databases are added, as peak usage periods are encountered, and as the site evolves to encompass more services. By moving to a cloud, GSA was able to reduce site upgrade time from nine months to one day; monthly downtime improved from two hours to 99.9% availability; and GSA realized significant savings in hosting services.
• Data.gov - Data.gov, one of the first public facing Government websites to successfully deploy cloud computing, is the central portal for the public to find, download, and analyze data generated by the Federal government. Today, there are more than 380,000 data sets covering topics ranging from geospatial to commerce to education. Data.gov also hosts communities, such as health.data.gov, that serve as platforms for participants from across academia, business, government and the general public to share ideas and take action around specific topic areas. Public participation and collaboration have been essential to the success of Data.gov, as citizens can contribute to the site through forums, feedback tools, and the development of innovative applications. Citizens are also empowered to create mash-ups of information that pull together data sources to solve problems and build awareness of the Government’s role in daily activities, such as food safety and weather prediction. Data.gov promotes the efficiency and effectiveness of our government by enabling the public to become active participants in strengthening our Nation's democracy.
• Challenge.gov – This government-wide challenge platform is hosted in a cloud computing infrastructure service to facilitate government innovation through challenges and prizes. This tool provides forums for seekers (the federal agency challenger looking for solutions) and solvers (those with potential solutions) to suggest, collaborate on, and deliver solutions. It allows the public to easily find and interact with federal government challenges. The platform responds to requirements defined in a March 8, 2010 OMB Memo, “Guidance on the Use of Challenges and Prizes to Promote Open Government” which included a requirement to provide a web-based challenge platform within 120 days. GSA is also exploring acquisition options to make it easier for agencies to procure products and services related to challenges.
• Citizen Engagement Platform (CEP) – CEP is a cloud-based platform that makes it easier for agencies to use social media tools that are compatible with federal laws and policies, including tools that are accessible to persons with disabilities. The platform is built off of our experience in providing a cloud-based ideation tool to help all departments and agencies collect public feedback and advice on their open government plans and actions. GSA’s Center for New Media and Citizen Engagement is building a fully-functioning software as a service storefront in a secure government space. The software allows government agencies to easily deploy tools such as blogs, wikis, and forums, and a URL shortener to help engage with the public in a simple, cost-effective way. All tools for the Citizen Engagement Platform are based on open source code, making them widely shareable across government.
Mr. Chairman, the General Services Administration is leading the Administration’s charge to make government more open, transparent, and effective for the citizens it serves. In our increasingly data-centric and network-based world and workplace, effective and efficient procurement and implementation of information technology will be paramount in making sure that the federal government closes the IT performance gap between it and the private sector. Cloud computing, data center consolidation, and open government are key initiatives that can and should be pursued with all possible impetus on the part of the federal enterprise to ensure that wasteful, duplicative IT spending is brought to a halt and ultimately eliminated. Information technology is not a core competency for any federal agency, but rather, is a support mechanism to enable day-to-day operations.
Thank you for the opportunity to appear today. I look forward to answering questions from you and members of the Subcommittee.