Agencies are cautious of software accessed online

The federal government is cautious about embracing an increasingly popular model of software that is now being sold by many of its information technology providers, agency officials acknowledged Wednesday at a conference on "software as a service."

Referred to interchangeably as "hosted software," "on-demand software," or "subscription-based software," the product is an application or suite of applications for back-office functions like payroll and customer communications that are accessed online. Google and Microsoft recently entered the on-demand market after the success of smaller companies like

But Kevin Carroll, a former Army program executive officer for enterprise information systems, said federal officials are skeptical of shared software's security and pricing. "Where are those servers located?" Carroll said. "Are the People's Liberation Army seeing this stuff?"

Another complication is predictable funding, said Fred Schobert, chief technology officer at the General Services Administration, the government's purchasing arm. "From a funding standpoint, I think it would be a little difficult to convince an agency to go along with a kind of pay-as-you-go funding profile," he said. IT decisions are typically based on annual budget cycles.

Yet the Bush administration is now endorsing hosted software for agency use. A July White House Office of Management and Budget memorandum on information security issued to all department heads states: "We encourage agencies to seek out and utilize private sector, market-driven solutions resulting in cost savings and performance improvements -- provided agency information is protected to the degree required by [federal information security standards]."

Carroll acknowledged that the federal sector eventually will adjust. "I do think that it will come," he said. "It will be watching what the states do."

A case in point: the commonwealth of Virginia, where Technology Secretary Aneesh Chopra said he views the concept "as a lynchpin of our strategy to move forward."

He argued that the investment will save a lot of time and money by allowing Virginia to piggyback off other states' software applications for functions like managing foster-care forms.

"I actually don't sweat much about license fees," Chopra said, adding, "I sweat about the 90 percent of a project that sits in the development" stage.

A Salesforce platform allows the state to innovate in weeks and months, instead of relying on annual budget proposals that may or may not go through, he added.

In an interview, David Thomas, an executive director at the Software and Information Industry Association, said federal agencies will be forced to come around because many of the business functions they outsource either are or will be done on hosted software.

The conference organizers Input, the Information Technology Association of America and the SIIA convened software vendors and government IT buyers in part to help devise a better purchasing mechanism for federal agencies.

As for security, Thomas said many prime contractors on large projects, who already are trusted within the federal market, are starting to use the software. "It's just too efficient of a way of delivery."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.