In a new report to Congress, the Defense Department has offered its most precise explanation to date for why it is insisting on selecting only one winner for its potentially-enormous contract for commercial cloud computing.
The newly-described rationale revolves, in part, around the speed at which DoD believes it will need to deploy new capabilities through the Joint Enterprise Defense Infrastructure (JEDI) contract.
Insight by the Anomali: Justice Department, DODIN, DHS and IT-ISAC explore cyber threat intelligence in this free webinar.
Officials argued that if they were to award the indefinite-delivery/indefinite-quantity (ID/IQ) contract to multiple companies — an approach widely favored by industry — the process of rolling out cloud services would be delayed by the need to conduct new competitions for each task order.
“That pace could prevent DoD from rapidly delivering new capabilities and improved effectiveness to the warfighter that enterprise-level cloud computing can enable,” according to the report, developed by DoD’s chief management officer. “The department anticipates working with Congress on additional contracts, industry growth plans, and broader whole of government deployment.”
And the Pentagon argued that although it wants to take advantage of the technical advances commercial cloud companies have already made, none of them have yet made the investments necessary to extend the cloud to the military’s “tactical edge,” something that would be required under the JEDI contract.
Officials said requiring multiple companies to make those investments under a multiple award contract would “impose additional costs” and “require investment from each vendor to scale up their capabilities, adding expense without commensurate increase in capabilities. While security of data within clouds is largely standard and automatic, managing security and data accessibility between clouds currently requires manual configuration and therefore introduces potential security vulnerabilities, reduces accessibility, and adds cost.”
The single award justifications were delivered as part of a broader May 7 report to Congress on JEDI. DoD had initially marked the document as “For Official Use Only,” but later relented; some of its contents were first described Monday by Bloomberg News.
Federal acquisition laws generally give preference to multiple-award, rather than single-award ID/IQ contracts, and the government is required to publish a formal, detailed justification if it chooses the latter approach.
So far, DoD has refused to explain its rationale to vendors, but in the report, it said it would do so before it releases the final JEDI solicitation. Officials have previously said they intend to release the final RFP in mid-May.
In an apparent effort to assuage lawmakers’ concerns about the JEDI contract’s potential scale and duration, the department emphasized that it won’t be obligated to spend any more than what it specified as the minimum amount for the ID/IQ contract’s initial task orders. The latest draft version of the RFP pegged those first orders at less than $5 million.
“Additionally, the initial base ordering period is limited to 2 years, which will allow for sufficient time to validate the operational capabilities of JEDI Cloud and the enterprise-wide approach,” officials wrote. “Option periods under the JEDI Cloud contract will only be exercised if doing so is the most advantageous method for fulfilling the DoD’s requirements when considering the market conditions at the time of option exercise.”
Nonetheless, the department also stressed that the end goal is to adopt an enterprise-wide approach to cloud services, saying that doing so was vital to its objective of making its vast data warehouses interoperable and exploiting that data through emerging commercial technologies, such as machine learning and artificial intelligence.
Officials acknowledged that the military services and Defense agencies have already had multiple cloud projects underway for several years, but suggested that those efforts are too fragmented to meet the department’s goals.
“This decentralized activity has resulted in more than 500 individual cloud efforts, ranging from implemented cloud operations to those in the planning stage,” the report argued. “While many of these separate initiatives help move individual user groups towards modernized software applications, they are reminiscent of DoD’s current legacy information technology environment, which is not optimized for the 21st century. The hundreds of cloud initiatives have created numerous seams, incongruent baselines and additional layers of complexity for managing data and services at an enterprise level. Scattering DoD’s data across a multitude of clouds further inhibits the ability to access and analyze critical data.”
Once DoD picks a vendor for JEDI and works its way through any potential bid protests, the department plans to test its new enterprise cloud vehicle with a series of “proof-point validations.”
The department said the first customers would be the Navy, Marine Corps, U.S. Transporation Command and the Defense Media Activity, each of which would use a new online ordering tool to issue new task orders against the JEDI contract and automatically provision the cloud services they need.
Officials said the early validations would help DoD get a sense of how it could use the contract to “operationalize” its data.
“For example, by moving Marine Corps logistics information and applications to JEDI Cloud, Marine Corps logistics will be able to incorporate modern technologies to optimize maintenance and distribution operations, generate analytics using multiple data sources to improve readiness and inform budget decisions, reduce the vulnerability of systems and applications, and set the conditions to allow for modern software development and delivery of new capabilities. To state this more simply, the Marine Corps will have better insight into all maintenance and logistics information and will be able to improve the readiness to fight.”
The Pentagon also said that even if JEDI turns out to be its primary enterprise-wide commercial solution for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) capabilities, that doesn’t mean it will be the department’s only large-scale cloud project.
In particular, the report called out two ongoing projects managed by the Defense Information Systems Agency: milCloud 2.0 and Defense Enterprise Office Solutions (DEOS).
milCloud 2.0, the commercially-managed cloud offering that’s currently being constructed within DISA’s data centers, will continue to operate as planned, serving as an option for DoD customers whose applications are already cloud-ready and are best-suited for an on-premises cloud environment.
And DEOS, forthcoming DISA contract that will serve as a follow-on to DISA’s existing Defense Enterprise Email service, will deliver some of the Platform-as-a-Service (PaaS) offerings that the JEDI contract isn’t attempting.
“[DEOS] will unify and modernize enterprise email, portal services, and enterprise collaboration tools,” officials wrote. “As a SaaS offering, DEOS will be complementary to the laaS and PaaS services in the JEDI Cloud.”
The report also offered figures on the Pentagon’s spending plans for cloud computing, some of which have not been previously disclosed.
In 2019, the department intends to spend a total of $393 million on cloud — up from $230 million this year — including $107 million for commercial cloud offerings.
Officials did not specify how much of the total would be spent on JEDI, but said the department’s overall budget plans for cloud in 2019 and 2020 included $160 million and $260 million, respectively, to help migrate existing applications to new cloud environments.
After those initial investments, the department expects its spending to drop between 2021 and 2023, but overall, it plans to pay just over $1.6 billion for cloud services over the next five years.