Several times a year, I take Constitution Avenue in Washington, D.C. on my way to visit government agencies. It is a beautiful city with many beautiful buildings and museums. Prior to my first visit, I imagined government buildings in Washington, D.C. were bland and boring, much like my old high school. To my surprise, I found each government building mesmerizing with beautiful architecture that is designed by some of the greatest architects in the world.
I also experienced the enormity of the U.S. federal government as I visited various agencies. I learned that the U.S. federal government is the largest IT consumer in the world, employing over 4.3 million people. However, unlike commercial enterprises, government agencies have a unique challenge with regard to how IT assets are purchased and managed.
Government Acquisition Requirements
Government agencies around the world typically have acquisition requirements that must be followed when making an IT purchase. In the United States, it is called the Federal Acquisition Regulation (FAR) which has an underlying objective of conducting business with integrity, fairness, and openness. These requirements help government agencies avoid corruption that can possibly occur when commercial companies lobby politicians.
Government agencies usually have a budget for IT expenditures; however, unlike commercial companies, if government agencies do not spend the entire budget during the government’s fiscal year (Oct. 1 – Sept. 30), they are at risk of their budget being reduced. For this reason, government agencies are at risk of purchasing IT assets that have redundant features, or assets that might not be necessary because they have an objective to spend their budget. This is unlike commercial enterprises who typically scrutinize every purchase with the objective of spending less.
For a government agency, IT Asset Management (ITAM) practices and processes can help control and manage IT asset costs. For agencies looking to meet budget, instead of saving money, ITAM is a good way to re-allocate funds to other projects that can help the agency be more productive and efficient.
Below are three areas where ITAM will help government agencies:
- Control Spending
Many years ago, I hosted a party and provided food and drinks for everyone attending. I was expecting quite a few people; however, I failed to ask the invitees to confirm whether or not they would attend. As a result, I was not sure how much food to purchase. To be safe, I bought a ton of food and drinks so that I would not run out of anything. I had leftovers for two weeks and still had to throw a lot of food in the garbage.
ITAM lets you see what IT assets you have which allows you to make accurate decisions about what assets are needed. It’s simple, if you are not using ITAM, it is like trying to provide food for a party of friends without knowing how many will attend. I have found that government organizations that lose track of IT assets usually purchase too many software licenses and they tend to purchase technologies with features that overlap each other.
In a report posted in 2015 by the International Association of Information Technology Asset Managers, Inc. (IAITAM) titled “Understanding the Federal Government’s ‘IT Insecurity’ Crisis,” they noted that in an audit of eight locations maintained by the U.S. Department of Energy (DOE), the Inspector General (IG) found that in 2012 DOE spent nearly $2 million more than necessary on IT equipment acquisitions. Another audit in September 2014 by IG found that over a three-year period, DOE paid approximately $600,000 more than necessary on software licenses.
2. Eliminate IT Assets that are Underutilized
When purchasing IT assets for a large government organization, it is important to understand the requirements so that products purchased can be mapped to the specified requirements. Unless an agency is using ITAM, they will quickly lose track of recent IT acquisitions along with the requirements that had been used to justify the purchase.
For software assets, when features overlap, the result will be that applications or features within applications will not be utilized. Even when applications are not used, they are costing the organization money with ongoing maintenance and support costs. With ITAM, not only will organizations be able to see all the assets, they will be able to see if assets are utilized. On the website of the U.S. National Institute of Standards and Technology (NIST), they claim:
3. Security
It is hard to imagine a good IT security system without proper ITAM practices. For example, think of how a physical security system is installed in order to protect a building. Before it can be installed, a security specialist evaluates the building by taking an inventory of all doors and windows, along with any other security risks. It would not be realistic to install a security system on most windows and doors. Security would need to be installed on ALL windows and doors.
It is no different when trying to secure IT assets. An inventory needs to be kept of all hardware and software assets before any security measures can be effective. If you don’t know what hardware assets you have, then you won’t know if something is lost or stolen. If you don’t know what software assets you have, then you can’t be sure that all software is patched and up-to-date.
The IAITAM published a report that states, “Spending greater and greater sums without proper ITAM controls in place is a prescription for more breaches, risks posed by unauthorized devices, increases in lost and stolen hard drives, and major vulnerabilities created by outdated and/or ‘unpatched’ software.”
Summary
IT asset management can help identify risks in your IT environment and cutcosts by up to 50 percent. So why don’t more government organizations invest in asset management? For many, the reason could be they don’t know where to start and they don’t know how to sell the value of asset management to the rest of their organization.
Government agencies need to understand the importance of ITAM practices. They need to understand that it is not only required to keep costs down, it is also needed to ensure that every device is accounted for and secure.
-follow me on Twitter @marcelshaw