Pentagon cloud bid targeted by Congress amid Amazon concerns
(Bloomberg) -- Lawmakers charged with funding the Pentagon have asked the Defense Department to justify why the agency is planning to give a single company a multi-year contract for cloud services worth billions of dollars.
The $1.3 trillion spending bill passed by the House of Representatives last week directs the Defense Department to offer a "framework" for how it will acquire cloud computing services for all of its entities within 60 days of the bill’s enactment.
"There are concerns about the proposed duration of a single contract, questions about the best value for the taxpayer, and how to ensure the highest security is maintained," according to the directive, which is attached to the spending measure.
Asked about the rationale behind that language, House Appropriations Committee spokeswoman Jennifer Hing said, “the Committee has concerns about any contract that limits commercial competition by locking the Department into 10-year contracts with no exit strategy.”
Navy Commander Patrick Evans, a Pentagon spokesman, had no immediate comment on the language about the cloud award.
The Pentagon announced earlier this month that it would choose one vendor for the contract, prompting criticism from Microsoft Corp., International Business Machines Corp. and industry groups representing rivals such as Oracle Corp., which are worried that the move will favor Amazon.com Inc.’s dominant position in the market.
The directive is considered to be partially binding guidance for how the spending plan should be carried out. The Pentagon would receive $654.7 billion for fiscal year 2018 as part of the government spending bill. The guidance emerged the same day as bidders competing for the project were due to submit comments on the cloud proposal, which the Pentagon intends to award by Sept. 30.
Tech companies jockeying for a piece of the multi-billion dollar cloud contract are urging the Pentagon to choose multiple providers, arguing that a single-source approach will stifle innovation and increase security risks, according to Roger Waldron, the president of the Coalition for Government Procurement, which represents Oracle, Microsoft and IBM, among other firms.
"There’s a reason why the government engages with multiple sources for acquiring fighter jets or launching satellites: national security," Sam Gordy, general manager of IBM U.S. Federal said in a statement. "It doesn’t make sense for DoD to opt for a less secure approach for purchasing cloud computing than it would for any other weapon system."
Amazon Web Services LLC, which is the market leader by revenue, is widely seen as the frontrunner because it already won a $600 million cloud contract from the Central Intelligence Agency in 2013, showing the company can secure and manage sensitive government data. The company has a head start in obtaining higher levels of federal security accreditations than some of its competitors, enabling the company to handle sensitive and top-secret government data.
The Seattle-based company leads the cloud infrastructure market with 44.2 percent, followed by Microsoft’s Azure with 7.1 percent, China’s Alibaba Group Holding Ltd. with 3 percent and Alphabet Inc.’s Google Cloud Platform at 2.3 percent, based on total cloud industry 2016 revenue, according to research firm Gartner Inc.
Now that the House has passed the compromise spending measure, it goes to the Senate, which is expected to act Friday before government funding is slated to run out at the end of the day.
Representatives from Amazon Web Services and Oracle didn’t immediately respond to requests for comment. Microsoft declined to comment.
The clash over the Pentagon’s contract comes as the federal cloud market is expanding as government agencies look to modernize their technology infrastructure.
"There is so much cloud adoption ahead," said Katell Thielemann, research vice president at Gartner Inc. "The future will be a lot more work for a lot more people."
The Defense Department has said it’s making the shift to the cloud to give it a tactical edge in the battlefield and strengthen its use of emerging technologies such as artificial intelligence, machine learning and the internet of things. The Pentagon’s request for proposals called for a two-year base contract with options for renewal over eight more years. A final request is scheduled to be released in early May, with a contract award as soon as September.
“This is going to make a difference like few things have to get data to our war-fighters when and where he or she needs it,” Air Force Brigadier General David Krumm said at an industry briefing earlier this month.
Cloud services -- in which computing power and storage are hosted in remote data centers run by a third-party company rather than on-site in locally owned machines -- can make it easier for large organizations to move and integrate data across different platforms, quickly expand the data storage it needs based on usage and make system-wide security upgrades to software.
Industry Debates Cybersecurity
Some large companies and institutions are increasingly adopting a multi-vendor cloud strategy, both to keep from being too dependent on market-leader Amazon and to match specific needs to firms’ expertise. Companies including Walt Disney Co. and Toyota Motor Corp. use more than one provider for cloud services.
Industry experts are split about whether the Defense Department’s reliance on a single cloud vendor would make it more or less secure. Amazon’s competitors argue that having multiple providers isolates risk, ensuring that a problem in one company’s cloud services wouldn’t compromise the entire department.
“Having multiple cloud providers also insulates you against risk," said the Coalition for Government Procurement’s Waldron. "If you are dependent on one cloud provider for ten years, if something goes wrong, what are going to do?” Waldron said in an interview on Wednesday.
At least two companies questioned the Pentagon’s single-source approach in comments submitted to the government, according to two sources familiar with the submissions. The people asked not to be named because the comments aren’t public.
Other cybersecurity experts said it’s safer to focus on ensuring the security of one cloud vendor, because having multiple firms handling sensitive military data could increase the risk of a breach. Top cloud providers already have the capability to install internal safeguards to prevent unauthorized access to data from within and outside the agency, the experts said. With such a big contract at stake, the Pentagon will be able to demand from any vendor the security precautions it considers necessary.
"The more firms you have, the more third-party suppliers often are involved," said Darrell West, director of the Center for Technology Innovation at the Brookings Institution. "Security may actually go down with multiple providers as opposed to choosing one and making sure you have a really good security approach."
In explaining the Defense Department’s decision to award the contract to a single company, Tim Van Name, deputy director of the Defense Digital Service, said earlier this month it already has difficulty moving information across the agency, particularly into the battlefield and using multiple clouds would “exponentially increase the complexity" of that task.
If Amazon does win the Defense Department’s cloud contract, the deal could threaten the growth of legacy software and database providers such as Oracle and IBM that were later entrants into the cloud market.
"This is a transformational opportunity for the department," said Pamela Walker, vice president of federal public sector for the Information Technology Industry Council trade group. Companies are concerned about being locked out, she said.
--With assistance from Dina Bass