The Pentagon struggles to manage the lifecycle—including security and costs—of those assets.
IT asset management (ITAM) presents one of the biggest challenges to the federal government, and the Defense Department is no exception. The lack of visibility into the technology deployed combined with a dearth of actionable data is costing the government money that could be spent on modernization and security.
The DOD itself spends hundreds of millions of dollars each year on software in an effort to keep pace with the rate of innovation and deliver mission success. But the Pentagon struggles to manage the lifecycle—including security and costs—of those assets.
As the DOD works towards deploying edge technologies, a good ITAM solution will be imperative to building a future force.
Assessing the Challenges
The DOD must tackle two key challenges:
- First, many DOD agencies lack visibility into the technology that is deployed. Without this visibility, they will not be able to identify cybersecurity vulnerabilities or eliminate duplicate, underutilized and obsolete software applications.
- The second challenge is giving IT decision-makers the data they need in a useable format. Even though DOD agencies have data and security discovery tools in place, the views and volume of data from those tools are often bloated with duplications and unnecessary data.
Calculating the Cost of Doing Nothing
Those challenges translate to a DOD that spends more on software, but with a degraded security posture, poor patch management and unverifiable compliance with software licenses. While that’s a huge problem, perhaps the bigger issue is that by doing nothing the DOD is leaving hundreds of millions of dollars on the table.
It is estimated that each of the DOD forces—Army, Navy, Marine Corps and Air Force—could save between $200 million and $400 million over the next five years using ITAM automated solutions. Combined, that means the DOD could net between $600 million and $1.2 billion in savings, according to calculations made from a vetted third-party app and existing Flexera ITAM customer input.
Finding the Right ITAM Solution
By utilizing an ITAM platform that delivers up-to-date, actionable data in an automated, repeatable way, the DOD can effectively address cost and cyber risk throughout their entire IT asset lifecycle.
A good ITAM solution should be able to do many things, including:
- Provide complete visibility across the entire enterprise software landscape.
- Map software procurement, license, vendor SKUs, license terms, deployment and usage per organization and user.
- Automate data collection and reporting which will reduce manual resources and improve data needed for yearly budgeting efforts and better prepare agencies against vendor audits.
- Visibility into usage that can help reduce yearly software license maintenance.
- Ability to use existing discovery tools and have its own agents to capture any data gaps.
Beyond that, software management can play a huge role in shoring up cyber defenses. President Joe Biden’s recent executive order highlighted the need for a zero-trust approach to cybersecurity that employs a five-step model.
A good ITAM platform is critical to the first and last steps, both defining and shrinking the attack surface and monitoring and maintaining the network. This is done by alerting managers to hardware and software near the end of its lifecycle as well as correlating known security risks for those assets.
With this information, DOD IT professionals can quickly identify and mitigate vulnerability hot spots within their hardware and software inventories. Aggregating IT asset lifecycle information from across many bureaucratic and technical silos into a central place makes it available, useful and actionable for DOD leaders.
Modernizing for the Future
It’s crucial the DOD knows what technology is deployed, whether it needs to fill security gaps or replace solutions at the end of their effective lifespan.
The actions outlined above will not only save the DOD money, but will also position the agency for a better, smarter and more efficient future. But if the DOD chooses to do nothing it will be leaving up to $1.2 billion on the table over the next five years, threatening to slow modernization of the world’s most advanced and important fighting force.
Gary Winkler president of American Cyber and former program executive officer for the Army's Enterprise Information Systems.