Since the cloud went live midway through 2014, a host of intelligence agencies have turned to it for application hosting and a variety of commercially available computing, storage and data and analytic services, firmly establishing commercial cloud computing as a viable, disruptive technology in the national security space.
Yet, potentially the biggest disruption by the Amazon-CIA partnership is yet to come.
In the next few months, AWS will launch a separate version of its widely successful commercial cloud marketplace for the IC that aims to shake up the way spy agencies purchase software.
The IC Marketplace will allow its agencies to evaluate and buy common software infrastructure, developer tools and business software products that run on AWS. Many of these are available already in the commercial marketplace, which boasts more than 2,000 products and services from startups and established software giants alike.
The goal, as stated in November by CIA Chief Information Officer Doug Wolfe, is to “bring this disruptive kind of innovation to the classified side,” allowing the IC components unprecedented access to myriad cutting-edge software products for which they’ve been clamoring.
“Frequently, we have people come to us in terms of looking at the IT world and say, 'Why can't I do X?’ or 'I saw X in Marketplace, but when I come on the classified side, I'm unable to bring that innovation over,’" Wolfe told an audience at Amazon’s re:Invent conference in November.
“The goal is to bring that innovation over at a pace that is tremendously faster and much more responsive than we have in the past,” Wolfe said.
Try Before You Buy
Most of the government still buys technology the same way it buys warships, and its outdated procurement policies around technology are as ineffective as the topic is unsexy. This waterfall methodology contributed to the epic failure of the rollout of HealthCare.gov in 2013, which saw hundreds of millions of dollars paid out to contractors for a product that didn’t work.
Before that public debacle, the waterfall approach had been criticized by the Government Accountability Office repeatedly. Scores of the government’s IT investments experienced cost overruns, schedule slippages and in some cases didn’t perform at all, leading to an estimated $9.2 billion wasted over the past decade, according to one GAO report.
Under traditional processes, even relatively simple software platforms or services can take months or years to procure, acquire and develop, with the final product often outdated if functional.
Typically, large government customers enter into enterprise license agreements with vendors who can, for example, mandate the number of software licenses the customer must purchase over time. Licenses are paid for whether they are used, regardless of how well the solution performs. Procurements also cost money and manpower – a sort of baked-in cost of deciding to do business.
The real disruptive promise in the IC Marketplace lies in its ability to simplify the procurement process and pricing of software. Agencies in the IC will be able to browse through thousands of offerings in real-time and compare them based on pricing models and a product review system not unlike what customers see on Amazon’s retail website.
In AWS’ commercial marketplace, many vendors even offer free trials of their products, and that feature will carry over to the IC Marketplace, allowing various IC agencies the opportunity to try before they buy.
An agency could, therefore, spin up a solution in the cloud – on a trial basis – and test it out before deciding whether to buy it. If the agency does purchase the product, AWS handles the licensing and procurement and leverages the cost of the service through the C2S contract, the technical name for the AWS-CIA contract. The IC Marketplace will also act as an intermediary between component agencies using certain software tools their counterparts might want to make use of.
Furthermore, once the IC Marketplace launches, it will support the so-called bring-your-own-license. Agencies will be able to migrate their existing software licenses and applications to the cloud, often without the threat of financial penalty.
Just as the C2S cloud allows the IC to only pay for the compute, analytic and storage services it actually uses, the IC Marketplace brings on-demand pricing to software. Because the IC Marketplace is being positioned as the channel through which the IC will procure a large portion of its software, it could strike a fatal blow to traditional enterprise license agreements within the IC.
Keeping Up with the Commercial Cloud
As Teresa Carlson, vice president of worldwide public sector at AWS, explains it, the IC Marketplace will pipe innovation to the IC, benefiting “from AWS’ pace of innovation” and “keeping up with the commercial advances of the AWS cloud.”
“The AWS Marketplace for the IC is transformative in that it makes innovative, commercial-grade software products available to government agencies with significantly less overhead cost, process and contractual negotiations,” Carlson said. “The AWS Marketplace for the IC brings simplicity, convenience, transparency and speed to both vendors and buyers.”
CIA officials say they believe the IC Marketplace will get them closer to the innovation curve set by the private sector. The faster the IC can procure relevant IT tools, the faster it can respond to national security matters.
“We are posturing the IC for the best chance of success in terms of providing the most relevant IT solutions,” said one CIA official who spoke on condition of anonymity. “We have an enormous mission-driven demand for innovation and a bureaucratic superstructure that doesn’t allow it. C2S is about knocking down barriers with innovation and agility. It gives us choices.”
Should the IC Marketplace prove successful, IC officials believe some agencies could pull the plug on existing enterprise license agreements or let existing agreements expire. A more agile approach for the IC jibes well with the Obama administration’s fiscal 2016 budget proposal, which claims agile methodologies are “nearly twice as likely to deliver on time as those using waterfall” techniques.
It also falls in line with the administration’s National Security Strategy, which signals the importance of intelligence integration across IC agencies.
Repeated investigations show more agile software positively affects the government’s bottom line, according to Dave Powner, director of IT management issues for the Government Accountability Office.
“We’ve issued a lot of reports on successful IT acquisitions, and they’re all ones that take an agile approach,” Powner said. “That’s clearly the way to go.”
Leveling the Playing Field
CIA officials envision the IC Marketplace will foster a new era of innovation and competition among providers, new and old.
The public marketplace puts innovative Silicon Valley startups and independent software vendors on the same footing as the current crop of software giants. All offerings on the commercial marketplace have had their security vetted by AWS, and their position in there exposes them to thousands of potential global customers.
The commercial marketplace, then, will serve as the barrier to entry for offerings being considered for the IC Marketplace.
In short, for a vendor to sell to the IC, it must first partner with AWS and meet the commercial marketplace’ security requirements. The IC will then vet offerings before they can enter the IC Marketplace and be used across its agencies.
The IC already has its eyes on several hundred offerings in the public marketplace, according to CIA officials. Sources within AWS contend that “more than half” of the 2,000 vendors in the commercial Marketplace want access to the IC.
“On our own, we wouldn’t even attempt to go after the government market,” said Rick Braddy, CEO of SoftNAS LLC., a Houston, Texas-based software storage company that protects mission-critical data in the cloud. “But AWS is out there spearheading these initiatives with customers and communities, and it paves the way for companies like us. We’re chomping at the bit, wondering when the [IC Marketplace] is available.”
SoftNAS, a small company founded in 2012 with 15 employees, joined the AWS commercial Marketplace in September 2013. It has since gone from having just 15 customers to more than 400, including big-timers like Boeing, Siemens and Coca-Cola. The company managed such significant growth without brand name recognition in part by offering free trials and letting its product do the talking, resulting in an astounding 87 percent conversion rate from free trials.
“For a small company like us that doesn’t really have brand equity, it would have been difficult to get exposure – we wouldn’t have had that who’s-who brand sheet,” said Braddy, who now presides over the top storage and backup seller on AWS’ commercial Marketplace.
Braddy added that the marketplace further bolsters competition by virtue of making competitors’ products easy to compare. Vendors can spin up instances of competitors’ products and test them out themselves in much the same way potential customers would.
“We keep tabs on what competitors are doing, and they’re doing the same thing,” Braddy said. “It increases competition and provides a lot more choice for the customer.”
That’s exactly what CIA officials want in the IC Marketplace.
“There’s a leveling of the playing field,” a CIA official told Nextgov. “It’s all about spurring innovation.”
A Work in Progress – But Large Implications for Cloud Market
The CIA first bid out its commercial cloud computing contract in mid-2012, around the same time AWS launched its commercial marketplace. As an ecosystem, the marketplace was not mature when AWS first bid on the CIA’s request for proposal. However, it matured significantly over the course of the next year, which saw a legal battle ensue between AWS and IBM for the CIA’s contract.
By the time the U.S. Court of Federal Claims gave the legal go-ahead to AWS to build a public cloud computing infrastructure behind the IC’s firewall in October 2013, the instantiation of an IC Marketplace became a distinct feature available through the C2S contract not previously considered.
But as Wolfe, the CIA CIO, alluded to in November, the IC Marketplace is not yet up and running.
“It’s going to take a few months to actually get this implemented,” he said. “We have to take what is running in the commercial sector and then be able to re-host that, so we’ll have to look at all the code, rewrite a few things, and make sure it can work seamlessly in the IC, just like in the commercial side.”
A target date for the IC Marketplace’s launch of late 2015 or early 2016 is realistic, according to multiple sources with knowledge of its workings.
When it is launched, any software purchased via the IC Marketplace will be leveraged against the value of the existing $600 million C2S contract. Because the contract is based on cost recovery, a successful IC Marketplace that provides proven value to the IC could eventually push the renewed value of the C2S contract above $600 million.
AWS finished 2014 with a 28 percent market share in the $16 billion worldwide cloud infrastructure market, according to a recent report by Synergy Research Group. For comparative purposes, its next closest challenger, according to Synergy, was Microsoft at 10 percent. AWS’ success carries over to the federal market, where researchers at IDC Government Insights estimate that at least 5 percent of administration’s proposed $86 billion IT budget will be spent on cloud. Not surprisingly, AWS is the most popular infrastructure-as-a-service platform in government, too.
Yet, the IC Marketplace may have an equally large impact on how the government buys software at large.
If the IC Marketplace works as billed, a great many large software companies – those like Oracle and Microsoft – are going to lose enterprise license agreements via traditional contracting. Grudgingly, in some cases, those companies may opt to partner with AWS to sell their products through the IC Marketplace than forego that revenue.
One certainty is that the CIA – tasked under the IC Information Technology Enterprise strategy – has been up to the challenge of promoting shared services and cloud computing across the IC. Together with the National Security Agency, which has built its own private cloud, the CIA has the IC set firmly down an innovative path.
“We’re confident we’ll be able to access innovation almost no matter where it is,” Wolfe said in November. “It’s going to be a tremendous advantage for us, and we’re very excited about being able to do that.”