What It Takes to Build Best Practices for Cloud Procurement

Although state and local governments are eager to move to the cloud, traditional contract terms and conditions can throw up roadblocks along the journey. As agencies figure out how best to obtain cloud services, they may leave a trail of canceled procurements in their wake.

CIOs may complain about procurement complexities, but they generally understand how things work for big-ticket items and services. Cloud, however, is different. Suppliers usually show little appetite to negotiate a lot of terms and conditions for a contract of less than $100,000. In addition, cloud business models rely on cookie-cutter operational setup and automation, making some terms and conditions plain non-negotiable. People can get stuck trying to negotiate everything and the negotiation fails, or the business plows ahead with something that may not best serve its needs.

IT leaders and cloud providers can improve and simplify procurement of cloud services by forging consensus on common language. Embracing model contract terms and conditions, such as those outlined by a recent Center for Digital Government report, can set the stage for wider adoption of cloud computing in the public sector.

Coming Together

In late 2013, New Jersey CIO Steve Emanuel put out a call to state CIOs asking for cloud procurement best practices. White papers had been published, but in truth, no best practices had yet emerged. The Center for Digital Government agreed to facilitate further discussion, and Emanuel hosted a one-day meeting in Trenton, N.J., in January 2014. About 40 people participated, half of them government CIOs and half from the cloud supplier community.

Unhindered by any actual procurement, we could be more open and frank. Business people, not lawyers, led the discussion. Lawyers participated but didn’t dominate the conversation.

We learned two things. First, each side of the table sees things through a different lens. For suppliers, it’s all about financial risk, while state and local governments place priority on operational risk and data security and handling. Second, no single solution could be designed to provide both Software as a Service (SaaS) and Infrastructure as a Service (IaaS).

We decided to use as our starting point the model terms and conditions the state of Delaware had put together for SaaS contracts, but we broke them into three tracks: IaaS, Platform as a Service (PaaS) and SaaS. We left that day with action items and assignments for small groups to work through problematic terms. After follow-up phone calls and ultimately two more meetings, we eventually hashed out what became the Center for Digital Government’s “Best Practice Guide for Cloud and As-A-Service Procurements,” weighing in at 79 pages.

Rinse and Repeat

Based on the contributions of 55 people, the procurement guide offers a useful set of 23 model terms and conditions for IaaS, PaaS and SaaS.

Instead of trying to provide an exhaustive list of considerations, we aimed to give readers a jump on the usual starting gates. Special contract concerns such as regulatory data, intellectual property and escrow can be pursued separately as needed on a case-by-case basis.

The guide aims to serve cloud procurement newcomers and the more experienced alike. The process that participants established for the initiative may be of even greater value. Bringing together suppliers and government consumers of IT services made for constructive exchange that benefited both sides. What we learned can be shared to help others with similar needs, and that’s a process that bears repeating in government IT.