To: Board of Supervisors
From: Marc Shorr, Information Technology Director
Report Title: Contract with SSP Data for Managed Security Services
☒Recommendation of the County Administrator ☐ Recommendation of Board Committee
RECOMMENDATIONS:
APPROVE and AUTHORIZE the Chief Information Officer, or designee, to execute:
1) a contract with SSP Data, in an amount not to exceed $3,200,000 for the deployment of Google managed cybersecurity services for a Countywide enterprise security operations program for the period of December 10, 2025, through December 9, 2028, and
2) a Cloud Master Agreement with Google LLC for a managed security services platform for the period of December 10, 2025, through December 9, 2028.
FISCAL IMPACT:
The cost of this purchase is included in the Department’s FY 25-26 budget. 100% User Departments.
BACKGROUND:
The Department of Information Technology (DoIT) is implementing a modernized, enterprise-level security operations program to strengthen the County’s cybersecurity posture and improve threat detection and response. Under this contract, SSP Data will serve as the County’s program integrator, coordinating delivery through its sub-contractors Citreno LLC, Google Security Operations (SecOps), Mandiant, and CrowdStrike. The three-year solution provides deployment and configuration of the Google SecOps SIEM/SOAR platform, integration of County security telemetry, enablement and optimization support, and 24/7 managed detection and response services. This unified model improves operational efficiency, and provides the County with a scalable, cloud-native security operations capability aligned with industry best practices.
SSP Data was selected through the County’s formal RFP process based on its technical expertise and comprehensive cybersecurity delivery model.
The Google Cloud Master Agreement includes a limitation of Google’s liability arising out of the agreement equal to three times the fees paid by County under the contract during the 12-month period before the event giving rise to the claim. Three times the annual fees to be paid for the Google services under the agreement are estimated to be: Year 1-$2,094,000, Year 2-$2,902,509, and Year 3-$3,031,869.
The contract obligates the County to defend Google from third party claims arising out of (a) County’s data in the Google system that infringes a third party’s right, or (b) County’s use of the Services in breach of the acceptable use provisions of the contract.
CONSEQUENCE OF NEGATIVE ACTION:
The County would be unable to implement integrated SIEM/SOAR capabilities, consolidated incident response services, or a unified managed detection and response program.