Cloud Spending at the Department of Homeland Security: A Study in Frustration

Analyzing government spending data can be frustrating. The reporting of the data is inconsistent, the terminology lacks uniformity, and the various websites for downloading spending data deliver it in different formats. This has become even more of a problem since the overhaul of USASpending.gov, but that’s a topic for another day. This post compares verifiable cloud contract spending at the Department of Homeland Security to cloud spending that the department reports to the Office of Management and Budget. The exercise will shed light on where cloud spending is at the agency and it will illustrate the vexing difficulties that exist when trying to glean insight from government data.

Beginning with spending by fiscal year, the chart below depicts two sets of data – contract spending on cloud computing that I’ve been able to verify (the blue bars) and spending on cloud that DHS has reported to OMB (the orange bars).

As we can see, there is a huge difference between spending that can be verified versus spending that has been reported. Only for FY 2013 was I able to account for more than 50% of DHS’ cloud spending in actual, addressable contract dollars. This is key, right? The dollars need to be addressable to be relevant to the contracting community. Incidentally, there are no reported totals for FY 2011 and FY 2012 because reporting data on cloud spending wasn’t required until FY 2013.

Why the discrepancy in the spending data from FY 2013 to FY 2015 exists is easy to explain. First, the DHS spends a majority of its cloud computing dollars on private, internal cloud efforts. These efforts are often rolled into large IT support contracts like those held by HP Enterprise Services and Computer Sciences Corporation for the operation and maintenance of the department’s two data centers. In other words, vendors can be “cloud providers” without specifically competing for cloud work. Using existing support contracts in this way is a common practice at all agencies, by the way.

The second reason for the discrepancies is that the reporting of spending on cloud-related work may not be clear. For example, a line item for “IT Support Services” could easily be cloud-related, but how would anyone know? This also holds true for cloud-specific efforts not related to larger IT support efforts. This spending is often reported by the name of the program or the title of the investment. Take for example this tidbit from the DHS contract spending data reported on 2/19/2015 – “Joint Analysis Center Collaborative Information System 2.0 – change location of cloud.” If I read this correctly, the JACCIS is hosted in a cloud environment. This should be easy enough to verify using the Exhibit 53 report to OMB, right? Wrong. The FY 2016 Exhibit 53 report shows cloud spending on the JACCIS as $0 for all years – FY 2014 through FY 2016.

This kind of reporting problem is the reason why multiple Inspectors General have blasted their agencies for inaccurate record-keeping when it comes to identifying and auditing investments in cloud computing. It is often argued that agencies are adopting cloud too slowly. Well, the old axiom in business management is if you can’t measure it, you can’t manage it. Agencies have proven repeatedly that they cannot measure their cloud investments ergo they cannot manage them. It is for this reason that I’ve argued agencies are adopting cloud too rapidly, not too slowly.

But back to DHS. To hammer home my point about spending discrepancies, I’ll close this week’s post with a chart comparing verified cloud contract spending with reported spending over the last four fiscal years. Again, the blue bars are verified spending, the orange are spending reported to OMB.

DHS HQ includes a number of sub-elements, including the National Protection and Programs Directorate. It also includes the lion’s share of spending on internal cloud efforts in Data Centers 1 and 2. But what’s going with the FEMA numbers? The blue bar includes spending from FY 2011 to FY 2015 while the orange bar shows spending in FY 2014 and FY 2015 only. Most of FEMA’s spending on cloud did take place from FY 2011 to 2013. Of the $44 million shown in FY 2014 and FY 2015, however, FEMA spent $8.6 million on cloud contracts, a number that is still greater than the spending it reported to OMB.

My apologies to FEMA. None of this is to suggest that they alone are guilty of sloppy reporting. My intent is simply to provide another example of the confusion we’re dealing with when it comes to accurately determining the state of the federal cloud market. Until these discrepancies are cleared up, we may never have a clear understanding what the adoption status, pace, or addressable contract value of cloud computing by federal agencies actually is.