White House to Rewrite Cloud Vendor Contracts for Security Liability

White House | May 21, 2020

  • The Office of Management and Budget plans to standardize language in all government contracts with cloud vendors.

  • Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

  • Technology vendors precluding liability in government contracts has long been an issue, and it could be one reason some in government agencies have been timid about moving to the cloud in the past.

The Office of Management and Budget plans to standardize language in all government contracts with cloud vendors that would update liability terms regarding security, according to the official in charge of leading federal agencies’ move to the shared-responsibility ecosystems.

“I think there is a need to update our [service level agreements] with the cloud providers and we're actively working on that within [the General Services Administration],” Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, said.

Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

Read More: Trump Government Moves to Cut off Huawei from Global Chip Suppliers

“OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract,” Santucci said when asked about the liability issue and whether cloud service providers or government customers should be held responsible for security.

Security was one of the topics mentioned in establishing the new contract templates, he said.

Technology vendors precluding liability in government contracts has long been an issue, and it could be one reason some in government agencies have been timid about moving to the cloud in the past, according to a program manager speaking from the “frontlines” of the cloud migration effort during the DGI conference.

“The common themes that I heard were ‘I don’t understand security, I don’t want to have to deal with security by myself, and I’m also not a cloud expert,’” Joe Foster, cloud computing program manager at NASA’s Goddard Space Flight Center, said regarding his early days of trying to get agency components to move to the cloud.

In some ways, the pandemic is taking the issue out of officials’ hands.


Could anyone plan for what’s going on now? Probably not, but who could imagine let alone fund it? Referring to the pandemic. The situation does exactly that. Your users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story,

Thomas Santucci, the director of the Data Center at GSA.

Outside of no longer needing to run energy-intensive data centers, there are other, security-based reasons for moving to the cloud. Enabling security and development professionals to work in the same space has allowed for changes to applications to be pushed out faster, as Susie Adams, chief technology officer for Microsoft Federal, noted, for example.

But as officials at the National Institute of Standards and Technology have stressed, moving to the cloud does not make security a “set it and forget it” feature. There are a lot of configurations and other considerations that customers may be responsible for under contracts.

During an event hosted Tuesday by the Information Technology Industry Council, Rep. Doris Matsui, D-Calif., also observed the pandemic causing a rush to the cloud but expressed more trepidation than exuberance.

“This comes with an increased use of personal devices and cloud services, which may not be secure,” Matsui, co-chair of the House of Representatives’ High Tech Caucus, said.

Matsui on Tuesday sent a letter to NIST Director Walter Copan asking that the agency work to establish metrics to accompany its landmark Cybersecurity Framework. The framework allows entities to select and implement security controls based on their individual subjective needs and risks. Matsui’s letter calls for a way to evaluate the security implications of those decisions.

“As companies, nonprofits, and state and local governments work to quickly assess their cybersecurity strategies and evaluate measures to improve security during the pandemic, additional guidance from NIST could help speed the decision-making process and funnel resources to effective, proven methods,” she wrote. “With quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.”

Read More: How to secure the U.S. government’s technology supply chain


The United States has had the world’s biggest economy for 140 years, but the International Monetary Fund now ranks China as the world’s largest economy. We examine the differences between the two economies.

Other News

Mobile Mentor Awarded GSA Contract by the US Government

Mobile Mentor | November 25, 2022

Mobile Mentor, a rapidly growing technology services company and Microsoft partner, is pleased to announce their contract award with the GSA. GSA (General Services Administration) is the procurement and contracting vehicle for the United States Federal Government. The award allows the Mobile Mentor team to provide federal, state and local government agencies with services to modernize IT operations and improve cyber security using the latest in Microsoft security technologies. Mobile Mentor was officially granted vendor status to the GSA as a small business in late October. In 2022, the federal contracting goal for small business reached 27.2 percent of total federal contracting funds. “Partnering with the GSA to provide services to the federal government is a huge privilege, It opens the door for our team of industry-leading experts to make a real impact and allows us to do our part in ensuring the security of crucial federal agencies. By embracing modern security practices like Zero Trust and Passwordless Authentication, we help government agencies to achieve the optimum balance between security and user experience, We believe security and user experience are equally important in today’s world where security threats are everywhere, and employees are increasingly working remotely, relying on their technology every minute of the day. This intersection of security and employee experience defines the workplace of the future, and we are proud to be leading the way with our government clients and strategic partners such as Microsoft.” -Denis O’Shea, CEO and Founder of Mobile Mentor. Since the founding of the company in 2004, Mobile Mentor has partnered with a variety of government agencies internationally to modernize IT operations and improve security for the mobile workforce. In 2021, Mobile Mentor won Microsoft’s international partner of the year award for modern endpoint management, positioning the company as a global leader in securing the modern hybrid workforce. About Mobile Mentor: Mobile Mentor empowers people to achieve more by unlocking the full potential of their technology. With operations in the USA, Australia and New Zealand, Mobile Mentor is the remote partner for the remote workforce. Founded in 2004, Mobile Mentor has enabled millions of people to increase security and productivity with their laptops, tablets, smartphones, and apps.

Read More


Bernhard Capital Partners Forms Department of Energy-Focused Services Platform With Acquisitions of Boston Government Services and SE&C

Boston Government Services | December 07, 2022

Bernhard Capital Partners ("Bernhard Capital"), a services- and infrastructure-focused private equity management firm, today announced the establishment of a dedicated Department of Energy ("DOE") services platform through the recent acquisitions of Boston Government Services, LLC ("BGS"), an engineering, technology and security firm for government programs, national laboratories, national security facilities, nuclear operations and complex projects, and Sterling Engineering & Consulting Group, LLC ("SE&C"), a provider of executive, project management, business development and technical consulting services focused on the DOE complex. Financial terms of the transactions were not disclosed. The platform will establish a leading national network of engineering and consulting firms with shared capabilities and an expanded client base, primarily consisting of organizations operating within the Department of Energy ("DOE") complex. Established in 2007 by Harry L. Boston, Ph.D., BGS is a nuclear engineering, safety, program management, technology and cyber security firm providing mission-driven solutions for a broad array of challenging and important programs for government and commercial clients. Bernhard Capital has an extensive track record building leading national platforms across numerous services- and infrastructure-related categories. Through these acquisitions, the firm intends to utilize its proprietary Blueprint investment approach to establish a vertically integrated offering, capable of executing critical projects in complex environments – from strategic planning and program management to the execution of engineering and technical activities. "The acquisitions of BGS and SE&C provide unique and valuable capabilities for our platform and will meaningfully expand our premier consulting and field service offerings around the DOE complex, As the DOE and broader commercial industries continue to invest ambitiously in clean energy, energy security, modernization and transitioning our energy grid and national infrastructure, the expertise of the BGS and SE&C teams will be invaluable to driving the long-term success of these essential national, regional and local projects. We look forward to working closely with Harry, Duane and their talented teams as we build an exceptional platform and execute on a shared vision to better support a diverse base of mission-critical government and commercial clients." -Chris Dillon, Managing Director at Bernhard Capital Partners. BGS and SE&C will continue to be led by their respective management teams, while benefiting from the advantages of the shared platform and Bernhard Capital's strategic partnership. Harry Boston will continue as President of BGS, and Duane Schmoker will continue as President of SE&C. The opportunity to join Bernhard Capital's DOE services platform and partner with the SE&C team provides additional resources and capacities for the BGS team to continue delivering the best engineering, technology, cybersecurity and program management solutions for our clients, from strategy and conception to implementation and execution, said Dr. Boston. The Bernhard Capital team's operational expertise and deep familiarity with the complexities of our business make them the right partner to position BGS for long-term growth, and we are well positioned to continue providing high-quality, efficient and committed services to our clients as part of this platform. Founded in 2014 by Duane Schmoker and headquartered in Richland, Washington, SE&C provides executive management and technical consulting services to organizations in the federal and commercial markets focused primarily on energy, environmental remediation and national security. Offering strategic planning, business development, proposal development, project management and technology-based solutions for some of the world's most challenging government and commercial environmental cleanup projects, SE&C focuses on providing innovative technical and business solutions for clients with a focus on the DOE and commercial markets. "We are excited to join BGS as part of Bernhard Capital's dedicated DOE services platform and are confident this partnership will benefit all SE&C stakeholders, Bernhard Capital's perspective and experienced team, alongside BGS's deep relationships and premier technical team, will allow us to enhance our technical and management capabilities and expand our presence around the DOE complex and other government-adjacent markets." -Mr. Schmoker, SE&C President. About Bernhard Capital Partners: Bernhard Capital Partners is a services and infrastructure-focused private equity management firm established in 2013. Bernhard Capital Partners has deployed capital in three funds across several strategies, has approximately $2.5 billion of gross assets under management and is ranked as one of Private Equity International's 300 largest private equity firms worldwide. Bernhard Capital Partners seeks to create sustainable value by leveraging its experience in acquiring, operating and growing services and infrastructure businesses. About BGS: Boston Government Services, LLC is an engineering, technology, and cybersecurity firm advancing our national security and competitiveness, and promoting a sustainable and healthy environmental future. BGS delivers mission-focused solutions by leveraging capabilities in engineering, operations, technology and cybersecurity to provide clients with solutions that enable efficient, secure, safe, robust, and sustainable mission performance. BGS is headquartered in Oak Ridge, Tennessee and has offices in multiple states. About SE&C: SE&C is a Richland, Washington-based provider of executive management and technical consulting services to organizations in the federal and commercial markets focused on energy, environmental remediation, national security and mining. The company has satellite offices in Idaho Falls, Idaho, and Albuquerque, New Mexico. With more than 65 senior professionals providing clients with expertise ranging from strategic planning, business development, proposal development, project management and technology-based solutions, SE&C supports some of the world's most challenging government and commercial environmental cleanup projects.

Read More


Public sector drives strong demand for conversational AI, with 222K+ users served on the Yellow.ai platform

Yellow.ai | November 23, 2022

With countries in the Middle East working to enable broad-scaled digital transformation, government agencies are increasingly gravitating towards the adoption of Conversational AI solutions to redefine the citizen experience. According to data released by Yellow.ai, a leading enterprise-grade Conversational AI platform, the company has served over 222K unique users for its government sector clientele in the region. Recently mentioned in the Gartner Hype Cycle for Digital Government Services, 2022, under the chatbot category, the company works with key government departments across the Middle East. The Yellow.ai platform has recorded an exchange of over 13M messages focused on citizen delivery services in the last two quarters, exchanged between its Dynamic AI agents and end-users during over 233K sessions. "Public sector organizations need to address numerous queries daily, and doing so manually is a time-consuming task. At the same time, citizens have a growing expectation of being able to conveniently avail government services. That's where Conversational AI can step in to improve efficiency and human productivity, streamlining the process of delivering citizen services digitally while keeping humans in the loop. We have seen a huge surge in traction from Middle Eastern government agencies , and our deployments are helping address some very unique use cases by bringing power to citizens' fingertips on channels that they actively use. With continued emphasis on digitization, we expect Conversational AI to soon become an integral pillar in delivering stellar services to citizens." -Raghu Ravinutala, CEO & Co-founder, Yellow.ai. For instance, Yellow.ai works with one of the largest government entities in the UAE, where over 4000 users interact with its Dynamic AI agent in a single day. The AI agent has a 99.7 percent accuracy rate, delivering a CSAT score of 4.56 out of 5. While text-based messaging channels are the preferred medium for citizen delivery services, the company is also seeing voice-based Conversational AI solutions gain momentum. The major use-cases, as observed, are for automating customer support, filing documentation related to government entities, booking services, raising complaints, making payments, and locating branches and offices, where the most traction is being witnessed on WhatsApp. About Yellow.ai: Yellow.ai is a leading enterprise-grade Conversational AI platform, enabling enterprises to unlock business potential at scale. The platform is trusted across 85+ countries by 1000+ enterprises, including Domino's, Sephora, Hyundai, Carrefour, Kuwait Food Company (Americana), Choithrams, Amouage Oman, Arabian Radio Network and MG Motors. Powered by Dynamic AI agents for enterprises, the company aims to deliver human-like interactions that boost customer satisfaction and increase employee engagement at scale, through its no-code platform. Recognised by Frost & Sullivan, Gartner, Forrester, IDC, and G2 as a leader, the company has raised more than $102M from blue-chip investors and has offices across six countries.

Read More


BIO-key International and TD SYNNEX Public Sector Partner to Deliver Identity-Bound Biometric MFA Solutions to the U.S. Public Sector

BIO-key International | December 14, 2022

BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of workforce and customer identity and access management (IAM) solutions featuring Identity-Bound Biometrics (IBB), today announced a new partnership with TD SYNNEX Public Sector, part of TD SYNNEX (NYSE: SNX), the premier government solutions aggregator. The partnership will enable BIO-key to introduce its award-winning PortalGuard IAM solution and IBB to government agencies at the federal, state and local levels. With the distribution support provided by TD SYNNEX Public Sector, BIO-key is offering the industry's most secure identity and access management solutions to U.S. public sector organizations, government agencies and contractors. TD SYNNEX Public Sector sells through an extensive group of government resellers and system integrators. They also enable purchases with a vast array of critical government purchasing vehicles and contracts at the federal, state and local government levels. Its expansive government reseller network and contract vehicles will enhance access to BIO-Key's secure IBB solutions and improve the buying experience for federal civilian and Department of Defense agencies, federal government contractors and county government departments. The need for convenient, secure IAM solutions has never been higher, with an increasing amount of critical work done online or remotely. Trust in who has access to what is paramount to building trust inside the government. In particular, government organizations at all levels are targets for threat actors to attempt to gain access to protected data. The ability to safeguard these systems needs to be matched by the ability of a diverse range of government employees, contractors, and the public to access information and systems securely. These new requirements have driven an unprecedented need for cybersecurity solutions like those offered by BIO-Key, especially in the government. "The partnership between BIO-key and TD SYNNEX Public Sector will be beneficial in leveraging the channel to reach additional government organizations searching for cost-effective and extremely secure IAM solutions, This ability to target and grow additional government customers through resellers and system integrators is instrumental in proliferating BIO-key's innovative solutions across the government, solving some of the most critical needs they are confronting today. We are excited to be working with TD SYNNEX Public Sector and even more excited about providing the U.S. public sector the best IAM solution in the market today." -Fred Corsentino, Chief Revenue Officer at BIO-key. About TD SYNNEX Public Sector: TD SYNNEX Public Sector is a business unit of TD SYNNEX. It is the premier government solutions aggregator that specializes in understanding the IT needs and solving the challenges of the U.S. federal, state, local and education markets. TD SYNNEX Public Sector helps simplify the process and removes barriers for independent infrastructure and software vendors, federal systems integrators and value-added resellers doing business in the U.S. public sector. About TD SYNNEX: TD SYNNEX (NYSE: SNX) is a leading global distributor and solutions aggregator for the IT ecosystem. We're an innovative partner helping more than 150,000 customers in 100+ countries to maximize the value of technology investments, demonstrate business outcomes and unlock growth opportunities. Headquartered in Clearwater, Florida, and Fremont, California, TD SYNNEX' 22,000 co-workers are dedicated to uniting compelling IT products, services and solutions from 1,500+ best-in-class technology vendors. Our edge-to-cloud portfolio is anchored in some of the highest-growth technology segments including cloud, cybersecurity, big data/analytics, IoT, mobility and everything as a service. TD SYNNEX is committed to serving customers and communities, and we believe we can have a positive impact on our people and our planet, intentionally acting as a respected corporate citizen. We aspire to be a diverse and inclusive employer of choice for talent across the IT ecosystem. About BIO-key International, Inc: BIO-key has over two decades of expertise in providing authentication technology for thousands of organizations and millions of users and is revolutionizing authentication with biometric-centric, multi-factor identity and access management (IAM) solutions, including its PortalGuard IAM solution that provides convenient and secure access to devices, information, applications, and high-value transactions. BIO-key's patented software and hardware solutions, with industry-leading biometric capabilities, enable large-scale on-premises and cloud-based Identity-as-a-Service (IDaaS) solutions, as well as customized enterprise solutions.

Read More


The United States has had the world’s biggest economy for 140 years, but the International Monetary Fund now ranks China as the world’s largest economy. We examine the differences between the two economies.