Four Reasons Government Agencies Need IT Asset Management
I remember spending an entire day at the department of motor vehicles, or spending hours on the phone waiting to talk with a government tax representative. However, in recent years government agencies have made big steps in their digital transformation initiatives by investing in technology that eliminates long wait times while improving the customer experience.
Because government agencies have improved and expanded self-service offerings, people can now resolve issues, renew licenses and permits, or find answers to their questions online without any human intervention from a government representative.
While investing in technology solutions to improve government efficiency, government agencies have been inundated with hardware and software IT assets. For many agencies, managing the influx of IT assets has been attempted by using spreadsheets or inadequate inventory tracking solutions.
As a result, agencies have done a poor job, overall, tracking and managing the IT assets and software licenses that support their technology solutions. Government agencies need to implement proper IT asset management solutions along with ITAM best practices for the following reasons:
1. Security Compliance
To ensure IT assets are secured, cyber security teams implement various security controls to prevent unauthorized access. This includes identifying vulnerabilities and ensuring patches are applied to applications and operating systems.
However, the most sophisticated security software on the market is of no use when IT assets on the network go undetected.
In recent years, poor IT asset management practices have been blamed entirely, or in part, for many security breaches in government agencies. On December 19, 2018, NASA, a US federal government agency that spends approximately 1.4 billion USD per year on IT, revealed that employee data had been compromised in an internal memo.
An investigation revealed that “the Security Operations Center (SOC) has fallen short of its original intent to serve as NASA’s cybersecurity nerve center. Due in part to the Agency’s failure to develop an effective IT governance structure…”
The report specifically refers to poor asset management stating that:
“With no knowledge of specific applications, operating systems, or other device information, the SOC is severely limited in its ability to assist the Missions or to correlate event data across institutional and Mission network boundaries when an information security incident occurs.
Security breaches like this have not gone unnoticed by government law makers. In September 2011, the National Institute of Standards and Technology (NIST) released a special publication, 800-137, titled Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.
In the executive summary NIST claims that “Information security is a dynamic process that must be effectively and proactively managed for an organization to identify and respond to new vulnerabilities, evolving threats, and an organization’s constantly changing enterprise architecture and operational environment.”
The NIST 800-137 policies and standards were recently referenced by the Department of Defense (DoD) Enterprise Software Initiative (ESI) during a presentation. DoD ESI claimed “the implementation and effective use of asset management technologies can assist organizations in automating the implementation, assessment, and continuous monitoring of several NIST SP security controls”
In the future, we will see IT asset management become a critical component to all government cyber security strategies.
2. Inventory Control
Budget allocations assigned to government agencies each year limit how much an agency can spend on IT projects. Towards the end of the government fiscal year, we often see government decision makers scramble to fund projects and acquisitions in order to maintain their budget allocation for the upcoming year.
When inventory is not controlled and managed, the integrity of the data is at risk.
With accurate inventory reports, IT decision makers can see what IT assets are in place and what IT assets are being used, allowing them to make better IT acquisition decisions. With accurate inventory data, decision makers will be equipped to make better financial decisions, such as re-allocating funds from underutilized software licenses, to unfunded IT projects.
3. Software License Control
Inaccurate software license information often leads to over purchasing or under purchasing software licenses. Without enough software licenses, agencies can incur unexpected fines and costs due to software license violations. If too many software licenses are purchased, federal IT administrators are at risk for being accused of mismanaging federal funds.
The U.S. federal government processes more than 42,000 transactions each year for software costing more than 6 billion USD. On June 2, 2016, the US President issued a memorandum titled: “Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing”
The memorandum claims: “A recent report by the Government Accountability Office (GAO) indicates that agencies buy and manage software licenses in a decentralized manner, struggle to create accurate inventories, often purchase unneeded capabilities, and generally do not facilitate better purchasing by sharing pricing or terms and conditions across the Government.”
As a result, the memorandum introduced a new policy stating that: “Agencies shall develop automated, repeatable processes to aggregate software license and maintenance requirements and associated funding, as appropriate, for commercial and COTS software acquisitions. Agency CIOs, in coordination with CAOs and CFOs, must use their authority under FITARA to align all components with a centralized acquisition strategy that defines common software license and maintenance requirements across the agency.”
In July 2016, the MEGABYTE Act was signed into law. It requires executive agency CIOs to establish software license inventories by using automated discovery tools that can track and maintain licenses, in addition to reporting the usage of those licenses.
Without proper license management, government agencies either expose themselves to software audits resulting in unnecessary costs, or they purchase too many software licenses, depriving other vital projects of much needed funds. Ultimately, mismanaging funds delays the Federal Agency’s digital transformation initiatives while wasting the taxpayer’s money.
4. Digital Transformation Initiatives
Technology solutions in government agencies have typically existed in silos; however, digital transformation initiatives require services and information to be available or delivered any time to any platform or any device.
In May 2012, the U.S. federal government launched their “Digital Government Strategy” to ensure government agencies are in line with current technology, to improve the quality of government services, and to improve their customer service.
Agencies that provide significant services to the public or to external organizations are required to identify key customer services, then they are to survey their customers about those services. Using the data collected from surveys, agencies are to establish service standards and measurable benchmarks. To improve customer services, agencies are urged to expand and streamline their self-service offerings.
Without IT asset management, digital transformation objectives will not be possible because digital transformation initiatives require resources and processes to procure and manage devices, applications, and data.