Can you provide some specifics? I am not refuting your claim.
GCP is my favorite cloud platform to develop on, but obviously the needs of the US government are different from the needs of an individual software consultant.
I would imagine it's more a matter of contracts and relationships than strictly features. Doing business with the government generally requires a dedicated business unit - not because their requirements are markedly different (although they can definitely be more strict on security requirements) but more because there's just a mountain of paperwork to be a qualified vendor. Google or not.
Google/Alphabet employee here, but not affiliated with GCP.
One quick way to get a grasp of this is to take a look at the FedRamp page for various Cloud services providers with IaaS and other offerings to see how many authorizations exist, and at what level:
"The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant Agency security assessments."
Not all DoD work is classified, but classified data storage, transmission, and processing has strict standards defined by the National Security Agency. There are many levels of information classification, and generally these information levels are not allowed to comingle or information systems are run at a system-high level (i.e. everything in and about a system is handled at the highest level of classification for information the system may contain).
Generally, information systems used by the Department of Defense must be certified and accredited for use by the information owner / equivalent of a CIO-level role (G6/A6/N6/etc).
Not all cloud service providers have facilities and systems designed and certified for classified information storage and processing.
AWS and Azure have a ton of services up and down the value chain but I kinda doubt the DoD is interested in more than compute and storage. Everything past that is security and price.
Disclosure: I work on Google Cloud (but I wasn't involved at all with anything regarding JEDI).
I think it's more accurate to say that we did not have (and do not have) the Impact Level 6 (IL-6) authorization that JEDI strongly suggested. As a commenter below says, that doesn't actually mean "vastly behind" any more than "Oh, you don't have < French Law thing >" would mean vastly behind.
The Defense Department now has a writeup actually [1] about some of this (search for "Impact Level"):
> In an October 22, 2018 letter to the OIG, Representatives Womack and Cole raised concerns about the RFP’s “gating or restricting provisions” that seemed to be tailored to one specific contractor that the Representatives did not identify. On September 6, 2018, Oracle made a similar allegation in its
supplemental complaint to the GAO. For example, the Representatives referred to “the requirement that the Cloud Service Provider meets the Defense Information Systems Agency Impact Level 6. Currently, this unnecessary requirement, along with many others, can only be met by one specific contractor."
> [...] As of December 2018, Amazon Web Services was the only contractor granted an IL-6 authorization."
> [...] We reviewed the JEDI Cloud RFP and found that it did not include a gate criteria that required a contractor to meet the IL-6 security requirements; rather, the RFP Statement of Objectives required a contractor to have infrastructure capable of meeting security requirements associated with hosting information classified at the Secret level within 180 days of contract award. The contractor’s infrastructure also had to meet security requirements associated with hosting information classified at the Top Secret level, within 270 days of contract award. Additionally, on December 12, 2019, DISA granted Microsoft IL-6 authorizations, demonstrating that more than one contractor was capable of meeting the security requirements.
I wouldn't really say that sales team, track record, market recognition and experience with government contracting == "GCP's offering". Yes those things are important if you want to succeed and grow, but your first post implied that their tech and featureset was behind.
Given the dod budget is bigger than the revenue of google, amzn, and msft combined and with a million employees why can't they just build their own data centers?
If I had to guess, it is because the working culture of public organizations (often a lack of motivation/incentive due to lack of competition), combined with tenure-based job security, and artificial constraints (pay structures/levels that don't align with the competitive market) mean that someone like the DoD can't really get something like this done. They wouldn't be able to hire the right talent. If they did hire talent, that talent would need to work in the shadow of existing hierarchies/authorities that aren't suited for the role. Not to mention that bidding processes like LPTA (Lowest Price Technically Acceptable) would hinder procurement with a lot of red tape and poor decision making.
TLDR, because they aren't set up for success like private organizations.
I would guess it's less likely to be this, and more likely to be purchasing rules in place that ask them to by default place bids for private organizations to carry out work to meet specifications, and only bring it in-house under exceptional cases or where the bids are very uncompetitive.
These rules often exist as a means of ensuring fairness, as an anti-corruption measure, or to provide enough business to maintain a robust network of private contractors.
Or, you know, it's pretty expensive to run the aircraft carriers and army that ensure the safety of the worlds richest nation using the worlds strongest army in history.
Because bribes won't give themselves. Obvious sarcasm, but there's a reason why the government really sucks at accomplishing anything technically elaborate: they simply don't care if it's any good, nor do they care how much it costs or how long it takes. It's not their money or their property. If it does well, nobody will see an extra dime. If it sucks, nobody will get fired. That's how you get $5K screwdrivers and $30K toilet seats, and half a million dollar aircraft carrier toilet flushes.
The point isn't the data centers. The DoD has data centers, and could build more.
The point is taking advantage of cloud-native technology to gain an edge. You can throw all the servers in the universe together, and it won't give you out-of-the-box AI or ML toolkits, or hosted Kubernetes solutions.
The point is leveraging the expertise that GCP/AWS/Azure have already poured into the cloud. There are a lot of people who reasonably complain about the cost of AWS, but there are no (reasonable) people that argue that that cost (of one of the big 3 cloud providers, whichever) doesn't equate to the highest-leverage solution on the market. And if the DoD is anything... it is not price-sensitive.
According to Chomsky, the pentagon system is a way for the state to coordinate a privately owned economy. The purpose of the system is to coordinate technological development while handing money to private interests.
Because those companies already hired too many of the best engineers?
I don’t mean that to be flippant. I’m under the impression that these orgs hire to some extent with the intention to make a scarce resource less available to others. Seems like a tough bidding war for the DOD to enter.
Because the data center operation isn’t the big problem for enterprises like DoD anymore, it’s the completely fragmented software environment they’ve struggled for decades to manage. VMware decades ago won a massive deal with DoD not for consolidating datacenters like most private sector was trying to do but to simply standardize machines to deploy.
>> However, today the company announced a new seven-figure contract with DoD’s Defense Innovation Unit (DIU), a big win for the cloud unit and CEO Thomas Kurian.
So a single digit Million contract? How is that news at Google scale?
I think it was Maven they backed out of due to employee ethical concerns. I don't know that they were ever a serious contender for JEDI, and they didn't submit a bid.
I would assume the loudest voices have already been driven out, given several of the protesters from last year claim they were retaliated against by management.
Employees that create problems for a company usually find themselves outside the company one way or another.
I had assumed that there were many hundreds if not thousands of employees that would object. Maybe not--perhaps there were just a relatively small number making a lot of noise in the press.
People might be unhappy about it, but without people willing to actually speak up and start a walkout or something, most aren't gonna risk it. The people who Google drove off were the catalysts who would start a walkout over this stuff, instead of just expressing discontent on Memegen.
38 comments
[ 2.6 ms ] story [ 111 ms ] threadNote that that does not necessary contradict the original decision to withdraw based on conflicting AI principle.
Edit:
A few things GCP is behind at the time:
* Very weak support team
* Very weak sales team
* Very weak past track record
* Very poor market recognition
* Very limited experience in government contracting
Offering is not just technical features. A product is a combination of a lot of things, and technical items are usually the less critical ones.
GCP is my favorite cloud platform to develop on, but obviously the needs of the US government are different from the needs of an individual software consultant.
One quick way to get a grasp of this is to take a look at the FedRamp page for various Cloud services providers with IaaS and other offerings to see how many authorizations exist, and at what level:
https://marketplace.fedramp.gov/#/products?sort=productName&...
What is FedRamp?
"The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant Agency security assessments."
Not all DoD work is classified, but classified data storage, transmission, and processing has strict standards defined by the National Security Agency. There are many levels of information classification, and generally these information levels are not allowed to comingle or information systems are run at a system-high level (i.e. everything in and about a system is handled at the highest level of classification for information the system may contain).
Generally, information systems used by the Department of Defense must be certified and accredited for use by the information owner / equivalent of a CIO-level role (G6/A6/N6/etc).
Not all cloud service providers have facilities and systems designed and certified for classified information storage and processing.
https://fcw.com/articles/2017/11/20/aws-secret-region.aspx
https://www.nextgov.com/it-modernization/2018/03/defense-age...
https://www.nextgov.com/it-modernization/2020/03/microsoft-u...
I think it's more accurate to say that we did not have (and do not have) the Impact Level 6 (IL-6) authorization that JEDI strongly suggested. As a commenter below says, that doesn't actually mean "vastly behind" any more than "Oh, you don't have < French Law thing >" would mean vastly behind.
The Defense Department now has a writeup actually [1] about some of this (search for "Impact Level"):
> In an October 22, 2018 letter to the OIG, Representatives Womack and Cole raised concerns about the RFP’s “gating or restricting provisions” that seemed to be tailored to one specific contractor that the Representatives did not identify. On September 6, 2018, Oracle made a similar allegation in its supplemental complaint to the GAO. For example, the Representatives referred to “the requirement that the Cloud Service Provider meets the Defense Information Systems Agency Impact Level 6. Currently, this unnecessary requirement, along with many others, can only be met by one specific contractor."
> [...] As of December 2018, Amazon Web Services was the only contractor granted an IL-6 authorization."
> [...] We reviewed the JEDI Cloud RFP and found that it did not include a gate criteria that required a contractor to meet the IL-6 security requirements; rather, the RFP Statement of Objectives required a contractor to have infrastructure capable of meeting security requirements associated with hosting information classified at the Secret level within 180 days of contract award. The contractor’s infrastructure also had to meet security requirements associated with hosting information classified at the Top Secret level, within 270 days of contract award. Additionally, on December 12, 2019, DISA granted Microsoft IL-6 authorizations, demonstrating that more than one contractor was capable of meeting the security requirements.
[1] https://media.defense.gov/2020/Apr/15/2002281438/-1/-1/1/REP...
TLDR, because they aren't set up for success like private organizations.
These rules often exist as a means of ensuring fairness, as an anti-corruption measure, or to provide enough business to maintain a robust network of private contractors.
A bit off topic: what are these? Mind providing more details or sources?
The point is taking advantage of cloud-native technology to gain an edge. You can throw all the servers in the universe together, and it won't give you out-of-the-box AI or ML toolkits, or hosted Kubernetes solutions.
The point is leveraging the expertise that GCP/AWS/Azure have already poured into the cloud. There are a lot of people who reasonably complain about the cost of AWS, but there are no (reasonable) people that argue that that cost (of one of the big 3 cloud providers, whichever) doesn't equate to the highest-leverage solution on the market. And if the DoD is anything... it is not price-sensitive.
Google won the contract, not Amazon.
http://thirdworldtraveler.com/Chomsky/PentagonSystem_Chom.ht...
I don’t mean that to be flippant. I’m under the impression that these orgs hire to some extent with the intention to make a scarce resource less available to others. Seems like a tough bidding war for the DOD to enter.
So a single digit Million contract? How is that news at Google scale?
Employees that create problems for a company usually find themselves outside the company one way or another.