Cloud Procurement
Discussion Paper
For Comment
AUGUST 2014
Acronyms
Acronym
Definition
AGIMO
Australian Government Information Management Office
ASD
Australian Signals Directorate
DCaaS MUL
Data Centre as a Service Multi Use List
IaaS
Infrastructure as a Service
NIST
National Institute for Standards and Technology
(Refer to Appendix A for details)
PaaS
Platform as a Service
RFT
Request for Tender
SaaS
Software as a Service
SCS
Specialist Cloud Services
Table of Contents
Acronyms
2
Introduction
4
Purpose
4
Proposed Procurement Model
4
Proposed Panel Structure
5
Agency and Industry Engagement
6
Initial Setup
6
Flexible arrangement to add Categories and/or Suppliers
7
Liability and Insurance
7
Considered Funding Models
8
Policy Environment and Impact
9
A Snapshot of the Marketplace
9
Conclusion
10
Discussion Points
10
Appendix A: General Definitions
11
Appendix B: Statement of Requirement (Separate document)
13
Appendix C: Service Evaluation Scenarios (Separate document)
13
Introduction
Finance established a Data Centre as a Service Multi Use List (DCaaS MUL) in
October 2012 to provide Agencies with a simple way to procure cloud and cloud-like
services under $80,000 (inc GST) for terms of less than 12 months. The DCaaS MUL has
been successful and well received by Agencies with over 35 contracts being signed
under the MUL at a total value in excess of $1.4 million (ex GST).
Feedback provided by Agencies indicated that take-up of cloud services could have been
higher, if the DCaaS MUL did not have the limitations on contract duration and value.
Finance has undertaken research to identify what is currently in the marketplace both
nationally and internationally including how governments have approached the
implementation of cloud services and the key factors that may affect Agencies and
suppliers.
In line with eGovernment and Digital Economy election commitments and following the
success of the DCaaS MUL, Finance has investigated a number of procurement methods
for cloud services with the intention of identifying an appropriate approach to market in
the 1st quarter 2014/2015 to form a Whole of Government arrangement for cloud
services.
Purpose
The objectives of establishing a whole of government cloud procurement are to:

provide simple access to cloud procurement for Agencies; and

support a flexible, agile and competitive marketplace for cloud services.
The purpose of this discussion paper is to promote feedback and suggestions from
government Agencies and industry, including on the model that will deliver the best
outcomes for government and encourage innovation in the use of cloud services.
The proposed model may change following consultation, for that reason interested
suppliers should not rely on the statements in this paper. The final procurement model
will be outlined in the approach to market documentation provided through AusTender
when the tender is released.
Proposed Procurement Model
The whole of government approach to cloud procurement needs to provide a flexible
mechanism for Agencies to procure cloud services.
Participation
Finance considers that a cooperative (voluntary) procurement approach is suitable for
this procurement due to the following reasons:

The maturity of the market is insufficient to treat cloud services as a commodity;

The Government has not directed this procurement to be undertaken as a
coordinated procurement; and
Discussion Paper – Cloud Procurement |
4

The primary objective of this Panel is not to generate savings but to encourage
and support Agencies in considering cloud options and in moving to the cloud.
Finance intends to establish a panel of cloud service providers through an open
approach to market and be made available to Agencies including:

All Corporate and Non-corporate Entities subject to the Public Governance
Performance and Accountability Act 2013 (Cth);

Any other body governed by the Governor-General or State Governor or by a
Minister of State of the Commonwealth or a State or Territory including
departments in State or Territory Governments; and

Any other body over which the Commonwealth or a State or Territory exercises
control.
Timing
Finance intends to approach the market in 1st quarter 2014/2015 with the Panel
expected to be established in December 2014.
Contract Term and Value
The term of the arrangement is to be two years, with four extension options of one year
each. The procurement approach is intended to be iterative with a separate approach to
market occurring every 12-18 months to encourage new vendors and new offerings to
be added to the Panel. The term of the agreement will alter with each iteration so that
all vendor agreements have the same end date. Agencies may enter into contracts with
a different term to the Panel, depending on Agencies individual requirements.
There is no intention to cap contract value under this arrangement in which will provide
Agencies with greater opportunities for procuring cloud services.
Proposed Panel Structure
Services in Scope of the Panel
The Panel of cloud services will potentially include services under specific Service
Models, as defined by the National Institute for Standards and Technology (NIST) and
outlined in Appendix A:

Software as a Service;

Platform as a Service; and

Infrastructure as a Service.
In addition to the above service models, cloud specialist services (such as cloud
integration and optimisation, etc.) can be procured under the service model of Specialist
Cloud Services.
Services Out of Scope of the Panel
Services which do not meet the NIST definition of ‘cloud’ will not be included in the
proposed Panel arrangements, nor will any services or products provided by existing
whole of government coordinated procurement arrangements.
Discussion Paper – Cloud Procurement |
5
Agency and Industry Engagement
Finance has engaged with Commonwealth Agencies and industry to ensure the
Statement of Requirement reflects services that are both in demand and available from
industry. Finance invites feedback and comments on a draft Statement of Requirement
at Appendix B which includes proposed service specification templates and sample
service evaluation scenarios at Appendix C.
Agency Working Group meetings have been undertaken by Finance with a range of
Agencies, from micro to large. The Working Group gave Agencies the opportunity to
express their requirements, security issues and other factors. Key outcomes from these
forums were:


Feedback on the Statement of Requirement:
o
Definition of Cloud Computing;
o
Structure of the Panel; and
o
Scope of Service.
List of possible categories for inclusion in the initial set up of the Panel:
o
Specifications for individual Categories.
In addition to the Agency Working Group, Finance conducted an open survey in
May 2014, invitations were sent to all suppliers listed on the DCaaS MUL, members of
the Australian Information Industry Association and a general invite via the Finance Blog.
This survey was well received with 70 organisations completing the survey and providing
Finance with feedback from industry identifying key themes in relation to obstacles,
lessons learned from previous implementations and general advice:

A high level of support from industry for a centralised approach for various
reasons.

Promote Agency awareness of considerations in the adoption of cloud services
eg: the transition requirements for cloud services, the required skill sets within
Agencies; and the perceived issues around data sovereignty/policy/security.

Industry feedback indicates that Agencies need to ensure requirements are
clearly defined but need to be open to alternative solutions. For example, when
procuring SaaS, Agencies should not dictate the service stack.

Industry states that there is a need to ensure that the service catalogue is
sufficiently accurate to differentiate the scope of services being offered; and
accept multiple pricing models, as this will provide Agencies with flexibility in
their decision making process.
Initial Setup
Finance will approach the market for limited categories in the first instance to cater for
current products in demand based on feedback received through engagement with
Agency and industry. As demand changes over time, Finance will add more categories
Discussion Paper – Cloud Procurement |
6
through the iterative refreshes of the Panel. The initial approach to market will include
nine categories as per the following diagram.
Figure 1: Proposed Structure of the Cloud Panel Service Model
Proposed Structure of Cloud Panel
Cloud
Panel
SaaS
- CRM
- ERP
- IT Service
Management
PaaS
- Application
Deployment
IaaS
SCS
- Compute
- Cloud
Specialists
- Storage
- Web Hosting
- Productivity
Solutions
`
Flexible arrangement to add Categories and/or Suppliers
During the life of the Panel Arrangement, suppliers will have the opportunity to join the
Panel or add new service offerings, which will benefit both Agencies and industry. This
will provide flexibility to capture new services available in the market and also increase
competition. Providing multiple opportunities for suppliers to join the Panel will allow
new industry participants to access government business. Industry participants that are
accepted at the commencement of the Panel will enter into contracts for a term of
two years, with four one-year extension options.
Once a supplier has been appointed to the panel it is intended that they will be able to
update their services as required, with the approval of Finance.
Liability and Insurance
Finance aims to support a level playing field for small, medium, or newly established
companies by providing the same opportunities available to mature and large
companies. In doing so, Finance intends to offer industry participants the opportunity to
apply for insurance under a just-in-time arrangement. That is, for participants, once they
have secured a contract to then increase their insurance to the appropriate level.
Discussion Paper – Cloud Procurement |
7
Further, Finance proposes that liability be capped at whichever is the greatest: two
times the agreed contract value or the amount paid to the supplier under all contracts
under the Head Agreement in the previous 12 months. Finance is also open to have this
amount agreed with Agencies at the contract level.
Finance considers this approach would encourage a wide range of industry participants
from small start-ups to large mature companies to be represented on the Panel.
Considered Funding Models
It is proposed that an administrative charge to be applied to recover the cost of the
establishment and the on-going management of the cloud Panel. Finance runs many of
its Panels on a cost recovered basis, and it is intended that this Panel be managed in the
same manner. As this Panel will be voluntary, it is more difficult to recover funds as
purchases through the Panel are not guaranteed and Agencies may avoid using the
Panel to avoid paying fees.
Several possible funding models have been considered:
Funding Model 1
Cost recovery of administering the Panel will be
borne by Tenderers via an application fee. This
application fee may be scalable; if a business
applies for one model and one service, the fee
would be less than a business applying for
multiple models and/or services.
Funding Model 2
The Panel Usage Fee is to be borne by each
Agency on a per use basis. A fixed percentage is
applied each time the Agency uses the Panel
Arrangement.
Risks

Complaints from tenderers who
do not obtain business through
the Panel.

May be cost prohibitive for
start-up or small businesses
applying for the Panel.
Risks
 Agencies use the Panel for short
listing only, therefore, bypassing
the requirement of payment.

Cost to smaller Agencies may be
prohibitive to participation.
Funding Model 3
Risks
The Panel Usage Fee is to be borne by Agencies
 Insufficient data available
on a tiered approach. This tiered approach was
through AusTender on contract
considered, however, has not been modelled
values for cloud computing in
due to the insufficient availability of data.
excess of $80,000.
This model will be reviewed after the first
iteration of the Panel.
Funding Model 4
Risks
Panel Usage Fee is borne by Agencies on a
 The make-up of Agencies will
subscription basis. Agencies pay a one off fee at
change over time which may
the Agency level, scalable (depending on size of
reduce the cost recovered.
the Agency), regardless of whether they use the
Panel; this will encourage Agencies to actively
participate on the Panel as they have paid the
cost upfront ‘I have paid for this, so therefore I
might as well use it’.
Discussion Paper – Cloud Procurement |
8
The preferred model is a scaled-down version of Model 1, which is an application fee of
$250 per Service for tenderers. This model should not financially disadvantage niche
businesses that may only have one service to offer. A supplementary fee from Agency
participation may be introduced, however, details of which have yet to be determined.
It is proposed that the funding model used for this Panel is reviewed after 12 months to
ensure that the funding model remains fair and relevant in consideration of Panel usage.
Policy Environment and Impact
As part of the Commonwealth policy environment, Agencies are required to comply with
relevant policies as released by the sponsoring portfolios. This discussion paper does not
seek comments on the implementation of these policies however they need to be
considered in the discussion points that may be raised.
As with all policy documents, regular reviews will be undertaken and any arrangement
that Finance puts in place for cloud procurement will need to be compliant. The relevant
cloud policies are listed below with links to the documents for further reading:

Australian Signals Directorate (ASD) – 2014: Information Security Manual

Department of Finance (AGIMIO) – July 2013: Australian Government Cloud
Computing Policy V2.1

Attorney-General’s Department (Protective Security) – July 2013: Australian
Government Policy and Risk management guidelines for the storage and
processing of Australian Government information in outsourced or offshore ICT
arrangements V1

Department of Communications – May 2013: National Cloud Computing
Strategy

Australian Government Data Centre Strategy 2010 - 2025
A Snapshot of the Marketplace
International Governments’ Cloud Arrangements
Cloud Procurement initiatives are being introduced globally by government
organisations and are at different levels of maturity. The challenge for the Australian
Government is to look at what has worked well at a State and Territory level and what
trends are emerging in international markets. The United Kingdom (UK), United States of
America (USA), New Zealand, Singapore, Europe and Canada are each at a different level
of maturity and have different approaches to how they implement their cloud solutions.
For example, parts of the USA have adopted a Government Cloud. The Australian
Government has considered this option, however, initial thoughts are that Finance may
not be able to leverage the full flexibility of a single government cloud service offering.
A list of some of the global cloud arrangements are included below with links to the
documents for further reading:

United Kingdom (Cloud Store UK Gov)

United States of America
Discussion Paper – Cloud Procurement |
9

New Zealand

Singapore
Domestic Cloud arrangements
Cloud computing is in its relative early stages of implementation across the majority of
the Australian states and territories. There are several states that have policies or
strategies in place, these are listed below with links to the documents for further
reading:

New South Wales

Victoria

Queensland
Conclusion
This discussion paper has been provided to assist with commentary from Agencies,
industry and relevant third parties on Cloud Procurement. Finance welcomes feedback
on the issues identified in the Discussion Points box below. Feedback should be provided
via email to CloudProcurement@finance.gov.au. Finance looks forward to engaging in
robust and relevant discussion in relation to the Discussion Points listed within this
paper, cloud services and the proposed procurement model.
Discussion Points
Finance would like your feedback and comments on the following:

the proposed contract term

the proposed iterative approach of refreshing the panel

the proposed flexibility in adding categories and suppliers to the panel

the liability cap set for each individual contract and agreed with the customer
on a contract by contract basis

the proposed approach for suppliers to have just-in-time insurance based on
contracts secured

the proposed funding model

the proposed Statement of Requirement(Appendix B)

the specification templates of individual categories (Appendix B)

the sample evaluation scenario (Appendix C)

Are there any key issues relevant to cloud procurement you would like to
comment on?
Discussion Paper – Cloud Procurement |
10
Appendix A: General Definitions
National Institute for Standards and Technology (NIST)
The NIST Special Publication 800-145 has the following definitions:
Essential characteristics of Cloud Computing: on-demand self-service, broad network
access, resource pooling, rapid elasticity and measured service.
Service Models
Software as a Service (SaaS): The capability provided to the consumer is to use the
provider’s applications running on a cloud infrastructure. The applications are accessible
from various client devices through either a thin client interface, such as a web browser
(e.g. web-based email), or a program interface. The consumer does not manage or
control the underlying cloud infrastructure including network, servers, operating
systems, storage, or even individual application capabilities, with the possible exception
of limited user-specific application configuration settings.
Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto
the cloud infrastructure consumer-created or acquired applications created using
programming languages, libraries, services, and tools supported by the provider. The
consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, or storage, but has control over the deployed
applications and possibly configuration settings for the application-hosting environment.
Infrastructure as a Service (IaaS): The capability provided to the consumer is to
provision processing, storage, networks, and other fundamental computing resources
where the consumer is able to deploy and run arbitrary software, which can include
operating systems and applications. The capability provided to the consumer is to
provision processing, storage, networks, and other fundamental computing resources
where the consumer is able to deploy and run arbitrary software, which can include
operating systems and applications. The consumer does not manage or control the
underlying cloud infrastructure but has control over operating systems, storage, and
deployed applications; and possibly limited control of select networking components
(e.g. firewalls)
UK G-Cloud defines:
Specialist Cloud Services (SCS): Support services associated with the different service
models above. These may include services to transfer data/configuration between GCloud providers, management and support of applications (workloads) operating on GCloud services, multi-supplier service integration services and cloud strategy and
implementation services.
The Attorney-General’s Department defines:
Domestically hosted public cloud: Information is stored or processed in equipment
which is located in Australia, offers services to the public, and is not under the direct
control of the Commonwealth Government. It involves an organisation using a
tenderer’s cloud infrastructure which is shared via the internet with many other
organisations and members of the public.
Domestically hosted private cloud: Information is stored or processed in equipment
which is located in Australia and is restricted to a single or small class of tenants. The
Discussion Paper – Cloud Procurement |
11
facility can be under the direct control of the Commonwealth Government. It involves
an organisation’s exclusive use of cloud infrastructure and services located at the
organisation’s premises or offsite, and managed by the organisation or a tenderer.
Community Cloud: Involves a private cloud that is shared by several organisations with
similar security requirements and a need to store or process data of similar sensitivity.
Finance defines:
Agency:
i)
All Corporate and Non-corporate Entities subject to the Public Governance
Performance and Accountability Act 2013 (Cth);
ii)
Any other body governed by the Governor-General or State Governor or by
a Minister of State of the Commonwealth or a State or Territory including
departments in State or Territory Governments; and
iii)
Any other body over which the Commonwealth or a State or Territory
exercises control.
Discussion Paper – Cloud Procurement |
12
July 2014
Appendix B: Statement of Requirement (Separate document)
Appendix C: Service Evaluation Scenarios (Separate document)
Discussion Paper – Cloud Procurement |
13