The FBI and the Defense Criminal Investigative Service’s search of Carahsoft Technology Corp.’s headquarters last week is sparking new questions and concerns about the long-term viability of vendors selling in the federal market and dependable access to specific technologies by agencies.
Former federal executives and industry experts said it may be time to rethink the IT value added reseller (ITVAR) approach as the FBI and DCIS raid shined a brighter light on supply chain risks that most vendors and agencies generally glossed over until now.
“I’m hearing a lot of client angst,” said one industry consultant, who like many others for this story requested anonymity for fear of hurting their relationship with Carahsoft. “A lot of them are asking questions about what is next and what does this mean. While I don’t think anyone knows yet because there isn’t a lot of information out there, it’s unclear what this means for my clients, for Carahsoft and for their government customers.”
One industry source, who works for a technology company, said almost all of their federal business goes through Carahsoft, causing them to ask more questions about how they sell to the federal market and whether they need to partner with other ITVARs.
“If they stop processing orders, even if for a day, we will lose money. So the question now that is coming up is should we allow that much business to go through one reseller?” said the source. “Even if this event didn’t happen at the end of the fiscal year, what do we do? I think the government and industry are asking that question now. I expect there to be fallout on the supply chain risk management side no matter what happens to Carahsoft. That is where everyone is freaking out.”
Single source of supply concerns
For several technology companies, Carahsoft is their main conduit to the federal agencies. In fiscal 2023, Carahsoft won $1.4 billion in federal contracts. The company had won more than $960 million so far in 2024, according to the USASpending.gov portal.
Additionally, Carahsoft says it works with more than 10,000 government contractors, value-added resellers, solution providers and system integrators. These include nearly every major technology supplier to the government from Adobe to AWS to Dell to Google to Microsoft to Splunk.
For many small and medium-sized businesses, Carahsoft is their best, and maybe only, route to the federal market.
“Having exclusive agreements and single sources of supply causes potential challenges to a lot of us and the government,” said an industry official, who is a former federal executive. “Agencies may not be able to access the best technology if something happens to one of these resellers. We all face a higher supply chain risk in events where certain companies or channels don’t become available.”
It’s unclear what actions, if any, the FBI or Justice Department will take next, but should the government decide to suspend or propose Carahsoft for debarment, the ripple effect would be immense.
As several industry sources said, the FBI and DCIS don’t raid companies if it’s just a civil matter. Without knowing any details of Carahsoft’s situation, sources said history has shown if the FBI shows up, there usually is something more serious and illegal going on.
Another industry source, who has been involved in civil False Claims Act cases in the past, said usually there are meetings with the Justice Department and the company, and eventually the company writes a check to settle the allegations.
FBI raids are “extreme”
But, the source said, when the FBI decides to arrive at your door unannounced, it’s usually an “extreme” situation.
“I’ve had clients who pushed back, delayed and then negotiated what the Justice Department really wanted. Then, you do a rolling release of documents, and even sometimes you will fall behind the schedule and the government isn’t happy, but I’ve never seen it get to the level of a raid,” the industry source said. “This had to be a massive non-compliance with a lot of missed deadlines and something criminal going on. It was our operating assumption that you try to narrow it to lessen your burden, but you couldn’t say ‘no’ to the [civil investigative demand].”
Other sources said the FBI and DCIS served Carahsoft on Sept. 24 with two criminal and one civil subpoenas.
Trey Hodgkins, a long-time federal procurement expert and now senior vice president at Phoenix Strategies, a government affairs firm, said he could see agencies looking for alternatives to Carahsoft until they know more about what’s going on.
“They will look at those contracts and see if they can this technology from somewhere else. If I was government employee and this was going on, part of my thinking would be how do I get what I need and not buy it here,” he said. “I would think companies also are examining whether they can partner with someone else, especially if an agency is not willing to use that company for now.”
The concerns expressed by several industry executives aren’t just about Carahsoft, but around the entire ITVAR approach.
Reseller model is worth revisiting
While many industry experts praised the role of value-added resellers, which also include companies like Red River, World Wide Technology and the Immix Group, they said the rise of these vendors as an easier path for how many companies go to the federal market is more a problem with government acquisition rules than with the companies themselves.
“Other equipment manufacturers are incentivized to go through one VAR and not many. There are things like deal registration and exclusive agreements that give them reason to work with only one or a limited number of companies,” said the former federal official, who is now in industry. “There are downstream risks from that are biproducts of the market and do not lead to healthy outcomes for the government.”
Aileen Black, a former executive with Google, VMWare and other federal contractors, said ITVARs provide a much needed service for many contractors and the government alike.
“Carahsoft, for example, provides infrastructure at reasonable cost to have all contract vehicles that allows the government to buy things especially from innovative companies,” she said. “Carahsoft does this at an extremely low margin compared to going through a big systems integrator. They do a great service and provide innovation.”
Additionally, industry officials say, ITVARs also reduce the risk and administrative burdens for companies to work with the government.
For example, one company looked at what it would cost to work directly with the government and their estimate is it would take 5-to-10 full-time employees to manage and oversee the entire effort. These employees would have to do everything from managing contracts to keeping up with pricing changes to keeping on top of all the legal and cybersecurity compliance requirements and much more.
For a small or medium-sized business, having to hire as many as 10 people is a huge cost that they either can’t afford or would rather use the money for business development or technical skills.
“This is an indication of the barriers that the government poses. I’m not faulting the government, but they have to understand why these barriers exist and why many companies can’t afford to overcome them,” said the former federal official. “Many large companies also support the ITVAR model. It’s not a mission critical effort for them to hire a team to manage contract vehicle access. Outsourcing this work to a VAR means they don’t have to worry about it. But it also means taxpayers are paying more than they have to for these technology services.”
Procurement rules are too burdensome
The challenge, Black and other industry executives say, is the ever-growing complexity of the federal acquisition system.
Alan Thomas, a former commissioner of the Federal Acquisition Service in the General Services Administration, said while there are good reasons for some of the complexities in the federal acquisition sector, this situation may be a catalyst for agencies and industry alike to revisit the question of whether the processes need to be so challenging.
“Carahsoft is a billion dollar company because the government requires companies to meet so many conditions,” said Thomas, who is now founder of AlphaTango Strategies. “The government must look at the root causes that require the use of these VARs. What are the requirements laid on vendors that causes folks to look for ways to reduce their risks? We need to look at those requirements and consider some pruning.”
The former federal executive added whatever the issue is with Carahsoft and the third party they have done business with, it’s a symptom of the larger issue around the increased risks of the supply chain.
If companies are unwilling or unable to work with the government, they will find alternative and less risky ways, in this case intermediaries like ITVARs.
“Why don’t companies want to work with the government directly? Why take the risk? Whether it’s the price reduction clause on the GSA schedules or the hassle of getting on and maintaining contracts, using an intermediary reduces their risk. They also see some legal and administrative benefits too,” the source said. “But there needs to be some accountability on the procurement ecosystem side too. If there is a limited number of suppliers that have captive market because it’s too hard to do business with the government, the government has to consider whether it can lower policy barriers, figure out ways to ensure flexible pricing and other common obstacles.”
There are some signs that the trend is starting to reverse. Microsoft recently reversed course and started selling directly to the federal market instead of going through resellers.
Sources credited GSA for trying to lower the risk to vendors by implementing new programs like the Transactional Data Reporting (TDR) initiative to replace the Price Reduction Clause.
Congress paying attention
Additionally, Congress is starting to pay more attention to this issue. Sens. Brian Schatz (D-Hawaii) and Pete Welch (D-Vermont) recently wrote to GSA Administrator Robin Carnahan wanting to know how the agency is mitigating the risks of relying on too few contractors to operate such a large share of the federal government’s IT systems.
“This is particularly true for software that has kernel access and high-level privileges to critical government systems,” Schatz and Welch wrote.
Lawmakers haven’t shown any public interest in the Carahsoft situation, spokespeople for both the Homeland Security and Governmental Affairs Committee and Rep. Gerry Connolly (D-Va.) said they had no comment on the current situation.
A former Hill staff member said they wouldn’t be surprised if certain lawmakers are watching this situation closely and starting to ask some questions, specifically of GSA to try to understand what the DOJ is going after.
“It definitely would’ve piqued my interest when I was on the Hill,” the former staff member said. “I don’t think the reseller issue is widely understood on the Hill so I wouldn’t be surprised to see some questions about how it works and how can GSA or any agency ensure access to technology they need.”
The post Carahsoft raid may be a wake up call for the reseller market first appeared on Federal News Network.