In 2018, the federal government budgeted a staggering $95.7 billion dollars on IT, much of which to be spent maintaining unused or out-of-date software.
Such waste is always more keenly decried when the cost is covered by the tax payer. To limit and regulate the sometimes-dizzying levels of software waste within government agencies, Congress passed the Federal Information Technology Acquisition Reform Act (FITARA) in 2015 And the MEGABYTE Act in 2016.
Both have led to big improvements in software asset management (SAM). Previously, when an agency embarked on a new project, software was often sourced for that project alone, without considering whether it might already be accessible from another part of the agency or any thought on how it could be accessed and recycled. Now, however, we can see major IT success stories across government. The Department of Veterans Affairs, for example, manages one of the world’s largest and most complicated IT environments, including over 550,000 unique computing resources. It improved its FITARA score from an F to an A after working to better manage its software, saving $69 million on one enterprise agreement renewal and $70.7 million on another.
Here are some steps agency CIOs can implement to reach comparable savings.
1. Track and reclaim unused, existing licenses
The first area CIOs should focus on concerns how software is being used across the agency, and whether people are in fact using the software on their machines. If people aren’t utilizing licenses, or a particular product, agencies can reclaim that software and apply it somewhere else (instead of purchasing more licenses).
Simple rule-based automation can quickly improve agency software spend by millions. As a cybersecurity benefit, organizations can also utilize this process to remove black-listed software as well.
2. Harness real-time to address SaaS spend
Further complicating today’s software landscape is the increasing prevalence of software-as-a-service options. It’s difficult enough to ascertain licensing requirements of traditional software, and SaaS can be even more disempowering because agencies rely on the vendor to tell them what’s being utilized. If organizations don’t collect the appropriate metrics or have effective reporting, they’re simply putting out subscription dollars without any way to reconcile the value they receive. Unfortunately, most organizations do not have the discovery and inventory tools necessary to collect metrics on SaaS products.
This is where the recent development of real-time IT technology can and should be brought into play. These tools can dynamically assess exactly what’s being used on any device, whatever the software component — even when the utilization is only identified through network utilization. If CIOs combine that kind of information with the persistent tracking of usage, they can cancel or reallocate unnecessary subscriptions resulting in substantial savings for SaaS alone.
3. Consolidate server virtualization into fewer data centers
Consolidating server virtualization into fewer data centers can deliver significant savings, but this effort entails both risk and reward. It all comes down to implementing it properly: knowing what is installed and what licenses are required, allows agencies to minimize the costs of new software licenses and the risk of audits.
Consolidating into fewer data centers also results in lower real estate and energy costs, lower costs of administration and, when done properly, can increase the resiliency of the systems.
Numerous case studies show that organizations can increase utilization of server hardware while decreasing the server footprint, administrative overhead and time required to deploy new IT services. Savings have been shown to reach $3,004 annually for each server virtualized.
Agencies can also design in redundancy such as passive clusters and the ability to move server resources as capacity requirements change.
4. Limit audit risk and consequences
Software audits and their concurrent costs are a big issue for government organizations. When agencies don’t know what’s installed and what’s being used, it’s all too easy for a vendor to come in and declare them out of compliance. Agencies are frequently at the mercy of the vendor and often have no choice but to pay the fine. The issue is then solved — albeit expensively — at least until next year’s audit.
The software visibility and automation measures already detailed will make a difference here too. However, an even more meaningful, collective measure that could change things for everyone would be for CIOs to require vendors to adhere to International Standards Organization’s SAM standards around their products. This will deliver better data: a transparent shared objective measure accessible to everyone.
The Pentagon’s Defense Standardization Program mandates ISO/IEC 19770-2 software ID tags in commercially purchased software. Additionally, the National Institute of Standards and Technology encourages software vendors to include SWID tags in their commercially available software.
These efforts benefit all software consumers by providing accurate and consistent identification of discovered software, which in turn enables SAM programs, IT interoperability processes as well as cybersecurity efforts.
5. Implement “known state” on all clients and monitor in real-time
One way of ensuring software sprawl never gets out of control is by imposing a known state for all clients. This ensures that all employees can work effectively, that devices are secure and that downtime and organizational disruption is minimized. However, for too many organizations, the implementation quickly deteriorates into a box-ticking exercise — gathering the data for corroboration maintenance is just too laborious — and consequently becomes episodic to make any meaningfully enduring difference.
Real-time technology, once again, can change the rules of engagement here. With a live picture of all endpoints and what’s on them, agencies have have the power to automate corrections in real-time and gain an even greater level of visibility and control, through which software costs and risks are both radically reduced. These real-time efforts include validating that specified patches are installed as required, that software such as firewalls are configured as required and that software services such as remote desktop protocol can be disabled and securely re-enabled only when required by IT.
Ultimately, reaping the major savings requires commitment. But many of these measures are surprisingly straightforward as well as rewarding. What precedes them all is a change of mindset. The good news is that, across the sector, this shift has largely been accomplished. Agencies such as the VA show us how far we can all hope to go.