1. society
2. sex

WHITE PAPER
COTS v. GOTS: Four Reasons Why “Buy” Trumps “Build”
Private Industry is Helping Agencies Better Manage the “New Realities”
of IT Acquisition Economics. So Why “Build” if it Already Exists?
When sequestration officially kicked in on March 1,
it set off a chain of budgetary adjustments intended
to save $1.1 trillion through the next decade.
Regardless of how this script eventually plays out, an
economic “new reality” was settling in well before
the first stage of major cuts took effect.
WHITE PAPER - COTS v. GOTS: Four Reasons Why “Buy” Trumps “Build”
Contents
1.
Introduction
3
2. GOTS is Not a Sustainable Model
3
3. GOTS is “Free” is a Myth
4
4. Critical Advantage Points of COTS Solutions
5.
Conclusion
4
6. About Raytheon Cyber Products
6
7. References
6
www.raytheon.com/cyberproducts
5
2
WHITE PAPER - COTS v. GOTS: Four Reasons Why “Buy” Trumps “Build”
Introduction
When sequestration officially kicked in on March 1, it set off
a chain of budgetary adjustments intended to save $1.1 trillion through the next decade. Regardless of how this script
eventually plays out, an economic “new reality” was settling in well before the first stage of major cuts took effect.
Leading up to the deadline, the cumulative value of the federal
Information Technology (IT) market was projected to reach
$518 billion from 2013 to 2018, according to a forecast from
Market Research Media. This translates to a compound annual
growth rate of 3 percent – or one-half of the increases seen in
the prior decade.1 Another firm, Deltek, projects an overall
decline, with the federal IT market shrinking to $113 billion by
2017, compared to $121 billion in 2012.2 In December 2010,
then US CIO Vivek Kundra issued his “25 Point Implementation
Plan to Reform Federal Information Technology Management,”
harshly criticizing agencies for spending some $600 billion
on IT for more than a decade while accomplishing “little of
the productivity improvements that private industry has realized from IT. Too often, federal IT projects run over budget,
behind schedule or fail to deliver promised functionality.”3
Of course, a push to implement a “less is more” IT approach
– coupled with “why can’t we perform more like private industry?” introspection – is nothing new. The Clinger–Cohen
Act (CCA) of 1996 mandated that government departments
reduce the financial burden of IT operations and maintenance
by 5 percent, and strive to operate like efficient, profitable
businesses. While the act is 17 years old and its impact never
really elevated performance to those lofty standards, interest has grown in the potential for increased private industry
involvement. Specifically, more federal IT purchasers are
considering Commercial-Off-The-Shelf (COTS) solutions
as a viable, cost-savings public-private partnership option.
Kundra’s successor, Steven VanRoekel, for example, has called
for streamlined, business-minded resourcefulness. A shift
to a customer-centric service model, he said, would generate enhanced partnerships with the private sector.4 In his May
2012 report, “Digital Government: Building a 21st Century
Platform to Better Serve the American People,” VanRoekel
described how new “disruptive” IT practices could leverage
“existing agency work and commercial options to the extent
practical” and otherwise “engage the public and America’s
entrepreneurs as partners in building a better government.”5
800.230.1307
In her September 2011 report, “Department of Defense (DoD)
Information Technology (IT) Enterprise Strategy and Roadmap,”
DoD CIO Teri M. Takai indicated that the military has an obligation to pursue IT in the most budget-conscious and efficient manner possible, voicing her admiration for commercial IT innovation.
“The private sector and state and local governments have demonstrated that leveraging shared services and consolidating IT and
telecommunications equipment, resources, and investments can
improve efficiency, cost-effectiveness and environmental sustainability in IT and telecommunications operations,” the report states.6
The report directly references the strengths of COTS-based
cross domain enterprise solutions for common applications
such as e-mail, machine-to-machine data transfer, portal synchronization, chat and Web services. “The goal is to make
an easy investment and risk decision for a DoD organization
to use the provided enterprise service rather than to engineer, staff and defend a local solution,” the report states.6
The National Cybersecurity Center of Excellence (NCCoE)
represents another example of government recognizing the
advantages of COTS solutions through public-private partnerships. Established in 2012 through a partnership initiated by the
National Institute for Standards and Technology (NIST), the state
of Maryland and Montgomery County, NCCoE makes available to organizations real-world cybersecurity solutions based on
commercially produced technologies. It orchestrates collaboration among industry, government and academic parties to ensure
these solutions are cost-effective, repeatable and scalable. It fosters
collaboration versus “siloed” development efforts, such as those
embraced by Government-Off-The-Shelf (GOTS) providers.
GOTS is Not a Sustainable Model
While progress remains incremental, an inevitable conclusion should take hold. It is simply no longer advisable – or even
feasible – to cling exclusively to a traditional GOTS procurement plan. With GOTS, agencies purchase technology which
is created by the government. In some cases, the agency itself
takes on the endeavor to build a solution for its own use. But,
in most cases, it buys an IT product that is created and made
available by another agency. A private contractor will often
step in to sell and integrate the product for multiple public sector customers. Yet, all of the research and development (R&D)
takes place within an originating US agency, at its expense.
3
WHITE PAPER - COTS v. GOTS: Four Reasons Why “Buy” Trumps “Build”
GOTS is “Free” is a Myth
There is an impression within certain ranks of government
that a GOTS public-private partnership solution is “free.”
If an agency has built a solution internally, other agencies can
use it without additional costs. However, this hardly means
it is “free.” Solutions have to be customized, upgraded and
maintained. With COTS, agencies benefit from constant
developmental efforts, product upgrades and maintenance
cycles from the vendor. This is not the case with GOTS.
There are members of the government community who will
argue that this advantage of COTS presents problematic
issues, because agencies cannot control or plan around these
cycles. However, this contention is outdated. Tech companies
are now proactively forthright in publicly discussing their
product/services roadmap with customers. Larger vendors
often communicate these updates during annual user conferences held over several days, to clarify product direction,
enhancements and future intentions. Other vendors may communicate this information in smaller forums or directly to
individual customers. All of which means that agencies are
no longer “in the dark” about product development cycles.
Critical Advantage Points of COTS Solutions
Other arguments within the ongoing “buy versus build” debate
lend support for the GOTS (or “build”) model. Mainly, these
contend that GOTS is the only way to guarantee that public
sector customers receive exactly what they are seeking for
their unique purposes. Private industry produces for a mass
market, GOTS proponents reason. Commercial offerings do
not come “out of the box” customized with the sort of highly
specialized features and functionalities that agencies look for.
Yet, while such considerations were valid in decades
past, they no longer hold up. Not when COTS solutions can essentially overcome these reservations while
delivering the following critical advantage points:
Cost. The government can save considerable money and
resources by purchasing COTS solutions, or working with
private industry on specifications for solutions versus building them. A major issue with GOTS is that it often involves the
employment of personnel to make something that somebody
else has already made. This epitomizes the very same waste-
www.raytheon.com/cyberproducts
ful “reinvent the wheel” process which leaders have criticized
in recent years. True, the acquirer may not directly bear the
financial burden, in the circumstance that another agency
undertakes the “build” part. But funding such a project within
that originating agency when another, very similar commercial solution is up and running makes no economic sense
and amounts to an unnecessary drain on taxpayers’ dollars.
Quality. Unfortunately, after a government team invests
a great deal of time on IT design, production and deployment, the long-awaited end result stands a very good chance
of being outdated by the time it is in the hands of users. This
will never be the case with COTS, because businesses are
continuously pursuing product improvements, responding
to “always on” pressure to demonstrate distinct value from
competitors. Simply stated, it is what tech companies do. They
hire specialized staffs to do nothing but add enhancements
and updates to the product whereas the GOTS provider must
fund their own “development” organization. In an uncertain economy, such funding is always subject to elimination without notice. Where does this leave the end user?
Because the customer base of COTS providers is so broad,
quality standards rapidly advance as the huge pool of users
request enhancements that the companies are quick to incorporate. Also, “build” is not a core IT competency of government.
Its human assets are better directed toward mission-focused
objectives, especially when there are COTS alternatives.
In the DoD Roadmap report, Takai stresses that movement
toward a consolidation and enterprise approach will result in
minimal duplications and redundancies. “Every new capability
brought onboard will be easier to acquire because it will operate within a set of consistent and well-understood enterprise
standards and will interface with fewer functionally overlapping services and applications,”6. The commercial sector is
constantly developing new technology tools designed with an
enterprise perspective in mind. Technology companies are on
the forefront of making advancements in consolidation, interoperability, information-sharing and other priorities addressed in
the roadmap report, as well as the wealth of specific protocol
needs of government, such as Simple Mail Transfer Protocol
(SMTP) e-mail and Secret Internet Protocol Router (SIPR).
4
WHITE PAPER - COTS v. GOTS: Four Reasons Why “Buy” Trumps “Build”
Speed. As previously stated, COTS offerings get to users
quicker because they are already available, serving millions of users. Takai’s DoD Roadmap called for the simplification of IT as an “integrated and interoperable resource
that quickly delivers the right information at the right time
to the right place anywhere in the world.”6 This speaks
directly to the deployment of existing COTS software solutions. Are there customizations associated with COTS? Of
course there are. But a COTS customization will be implemented far, far more swiftly than a GOTS implementation.
Here’s another key point: Government managers should not
precisely fit every single technology product to the preferences of users. Agile organizations are not doing this. They
recognize there is a core set of capabilities to pursue, and that
excessive customization is not necessary. “Buy the COTS packages that best meet your needs and budget, and adapt yourself
to that software,” advises Bruce F. Webster, a consultant who
specializes in reviewing and rescuing large-scale IT projects.7
Flexibility. GOTS discourages agility, while COTS
feeds off of it. With COTS, you buy into regular maintenance services which always include upgrades to
ensure your solutions adapt to shifting user requirements. Again, the commercial side is continuously working on enhancements. Remember: “It’s what they do ...”.
Yes, you pay for the maintenance, but it is usually 15 to 20 percent of the licensing fee. That’s not much to spend to maximize
technical flexibility. On the other hand, with GOTS “build it”
solutions, modifications require onsite services which can get
expensive and take considerable time to implement and test.
Another realistic scenario to consider with GOTS solutions: An ongoing GOTS project can get its funding eliminated due to budget cuts at any given moment. With COTS
projects, you will not run the risk of a product not being
supported due to cuts and/or discontinued programs.
Besides, a GOTS team will have to constantly undergo training to keep up with all the advancements that are going
on in the commercial sector. Why support a model which
involves spending time and money on accumulating private industry-level knowledge – regardless of whether the
GOTS team works within your agency or another one
– when you can buy directly from private industry?
800.230.1307
Conclusion
For a very “real” example of why a COTS public-private partnership works, look no further than the NGEN and CANES
projects. NGEN, or the Next Generation Enterprise Network,
is consolidating the wealth of shore-based Navy networks
into one. CANES, or the Consolidated Afloat Networks
and Enterprise Service, is doing the same for ships.
These projects will update and replace the current NavyMarine Corps Intranet and 11 other networks, according to
published reports. It is driven by COTS acquisitions, and commercial technologies are expected to significantly reduce spending associated with service-wide network overhauls. Captain
Shawn Hendricks, the NGEN program manager, put it best
when he said, “This is one of the most commercial-off-theshelf programs in the Navy’s history. It’s all about keeping cost
down by leveraging what’s out there and readily available”.8
Which drives home the key point here: Why opt for an approach
requiring the considerable investment of government personnel
and resources – again, just because those resources were not spent
within your agency’s budget doesn’t mean it is “free” – as opposed
to buying products which are proven performers in the commercial
space? Especially when a wealth of users has weighed in on desired
corrections and improvements of these commercial offerings.
Why wait for an IT deployment that could potentially be
outdated by the time it is in the hands of your users?
It is clear that our leaders are urging for “better, cheaper, faster”
technology. And where did this tenet originate? Within private
industry, the commercial software license model enables companies to reinvest new product revenue and recurring maintenance
in IT solution development. Not only does this allow them to
deliver the best state-of-the art technology more rapidly to the
market at a lower cost, it also paves the way for them to provide customers with a developmental roadmap which they can,
in turn, use to guide their own internal mission planning.
Ultimately, it makes no sense to stick with a model that aspires
to do what the commercial side has been doing all along. This
is why – in determining a path that best serves your agency
users – there really is not a viable alternative to COTS.
5
WHITE PAPER - COTS v. GOTS: Four Reasons Why “Buy” Trumps “Build”
About Raytheon Cyber Products
Raytheon Cyber Products, a leading provider of commercial-offthe-shelf cyber security solutions for government and industry, is
a wholly owned subsidiary of Raytheon Company. Founded on
deep knowledge of cyber security stemming from the U.S. Department of Defense and the Intelligence Community, Raytheon
Cyber Products has evolved into a company that both commercial and government enterprises rely on to ensure the security of
their most critical cyber assets. The company’s broad portfolio
of products addresses a variety of cyber challenges that organizations face today including insider threat, secure information
sharing, data loss prevention, and data analysis. With over 20
years of collective experience in delivering the highest caliber
security solutions, customers trust Raytheon Cyber Products to
deliver solutions that are innovative, flexible, and scalable, meeting their security needs today and in the future. The company
has over 300 employees with headquarters in Herndon, Virginia.
References
1 http://1http://www.marketresearchmedia.com/?p=193
2 http://iq.govwin.com/corp/library/detail.cfm?ItemID=17421
3 http://www.dhs.gov/sites/default/files/publications/
digital-strategy/25-point-implementation-plan-to-reformfederal-it.pdf
4 http://www.nextgov.com/cio-briefing/2012/09/nowstime-federal-innovation-cio-says/57925/
5 http://www.whitehouse.gov/blog/2012/05/23/roadmapdigital-government and http://www.whitehouse.gov/sites/
default/files/omb/egov/digital-government/digitalgovernment.html
6 http://dodcio.defense.gov/Portals/0/Documents/
Announcement/Signed_ITESR_6SEP11.pdf
7 http://www.baselinemag.com/c/a/ApplicationDevelopment/Buy-vs-Build-Software-ApplicationsThe-Eternal-Dilemma/1/
8 http://www.nationaldefensemagazine.org/archive/2012/
August/Pages/NavyLeansonCommercialTechnologyfor
ComputingUpgrades.aspx
For further information contact:
Intelligence, Information
and Services
Cyber Products
12950 Worldgate Drive, Suite 600
Herndon, Virginia
20170 USA
866.230.1307
www.raytheon.com/cyberproducts
All other trademarks and registered trademarks are property of their respective owners.
Customer Success Is Our Mission is a registered trademark of Raytheon Company.
Cleared for Public Release. Internal Reference #IIS2013-086
Copyright © 2014 Raytheon Company. All rights reserved. 300119.0413