The congressional watchdog noted in its release that the VA has implemented six of its 29 open priority recommendations, including the deployment of an automated data tool used to improve acquisition workforce records and taking steps to modernize the agency’s performance management system across the Veterans Health Administration. 

Assessing software licenses, however, is something that the VA needs to address, per the watchdog. In January, the GAO issued a report on software licenses throughout the federal government,  noting that the VA had neglected to regularly compare software license inventories that are currently used with purchase records. 

In the new priority recommendations, GAO noted that the federal government spends more than $100 billion yearly on cyber and IT-related investments. 

“Until VA implements this priority recommendation and consistently tracks and compares its inventories of software licenses to with known purchases, it is likely to miss opportunities to reduce costs on duplicative or unnecessary licenses,” the report states. 

Other high-risk governmentwide areas that could impact the VA, according to the GAO, are “improving the management of IT acquisitions and operations” and “ensuring the cybersecurity of the nation.”

Charles Worthington, the VA’s chief AI and technology officer, said in a recent interview with FedScoop that he believes the VA’s technical infrastructure “is actually on pretty good footing,” pointing to the agency’s migration to the cloud and using commercial products in the software-as-a-service model, “where it makes sense.”

Other priority recommendations from the GAO cover the VA’s electronic health records (EHR) modernization program, including one that directs the agency to implement “leading practices for change management.” The other nine involve evaluating whether the system is “operationally suitable and effective” to ensure that the system satisfies customer needs, establishing “user satisfaction targets” to protect patients’ health and safety from unnecessary risks, and validating that future systems are not deployed too early. 

“Implementing these … recommendations would also help solve existing problems with the system,” the GAO stated.

The post VA software license assessments called out in GAO recommendations appeared first on FedScoop.

With an annual spend of more than $100 billion on IT products, the federal government is falling short on the consistent tracking of its software licenses, leading to missed opportunities for cost reductions, the GAO found. And though there are federal initiatives in place to “better position agencies to maximize cost savings when purchasing software licenses,” the GAO noted that “selected agencies have not fully determined over- or under-purchasing of their five most widely used software licenses.”

The GAO’s study looked at software licenses purchased by the 24 Chief Financial Officers Act agencies, finding that 10 vendors made up the majority of the most widely used licenses. For fiscal year 2021, Microsoft held by far the largest share of vendors organized by the highest amounts paid (31.3%), followed by Adobe (10.43%) and Salesforce (8.7%).

While the GAO was able to identify and analyze vendors based on government spend, it was “unclear which products under those licenses are most widely used because of agencies’ inconsistent and incomplete data,” the report noted. “For example, multiple software products may be bundled into a single license with a vendor, and agencies may not have usage data for each product individually.”

“Without better data, agencies also don’t know whether they have the right number of licenses for their needs,” the report continued.

For their recommendations, the GAO focused on nine agencies based on the size of their IT budgets and then zeroed in on the five most widely used licenses within those agencies. The selected agencies were the Departments of Agriculture, Energy, Housing and Urban Development, Justice, State and Veterans Affairs, as well as the Office of Personnel Management, Social Security Administration and USAID.

The recommendations centered most on better and more consistent inventory tracking to ensure that agencies didn’t double-dip on software license purchases and were in a better position to take advantage of cost-saving opportunities. There should be more concerted efforts to compare prices, the GAO stated.

HUD did not say whether it agreed or disagreed with the GAO’s recommendations, while the other eight agencies said in responses that they did.

Congress in 2023 attempted to rein in duplicative software across the government with the Strengthening Agency Management and Oversight of Software Assets Act, which aimed to consolidate federal software purchasing and give agencies greater ability to push back on restrictive software licensing. However, after passing the House in July, the bill never moved in the Senate.

The post Software license purchases need better agency tracking, GAO says appeared first on FedScoop.

Microsoft and Oracle, the world’s two largest software companies, received at least 25% to 30% of government sales over the last 10 years through less than fully competitive procurement processes, according to a report commissioned by technology trade group NetChoice.

The study was compiled from thousands of government contracting documents and drafted by independent procurement expert Michael Garland. It is called “Vendor-lock and lack of competition in the government’s software estate.”

Given that the government is spending between $10 billion and $15 billion each year on commercial-off-the shelf software and cloud, a reduction of only five percent, driven through competition, could produce an annual savings to taxpayers of up to $750 million, the study said.

“Vendor-lock has also allowed software vendors to leverage their power to impose a number of harmful practices on the government,” the study said. “Because of vendor-lock, the U.S. government sometimes reverse-engineers software procurement processes to avoid genuine competition.”

One example of vendor-lock the study cites is a procurement process in which the Department of Agriculture in 2021 spent $112 million more to buy Microsoft Office than Google Workspace to avoid switching costs that it perceived to be even higher.

According to the study, monopolistic behaviors that major IT government vendors have engaged in include: imposing license restrictions that require the government to repurchase software in order to use it in cloud environments run by competing tech companies; fixed, inflexible annual support fees, that cannot be reduced; and predatory software audits.

The study highlights a particular example of unfair software licensing restrictions currently used by Microsoft where it allows a government client to move all their Microsoft software into Azure for essentially no additional charge but the client would have to repurchase, or start over, with new Microsoft licenses to move into the AWS or Google cloud. 

“The VA capitulated to Microsoft’s dominance, allowing Microsoft to charge whatever it wanted,” the study states. “$1.6 billion is a significant amount of taxpayer money to spend without meaningful competition.”

Oracle also makes it more expensive to use their software in alternative cloud platforms with the study citing a recent lawsuit which accuses Oracle of using predatory audits to drive 90% of its cloud revenue between 2017-2018.

The study puts forward several suggestions for how the federal government could limit vendor-lock and save taxpayer dollars. Chief among these suggestions is the bipartisan Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA), which FedScoop exclusively reported on last year. 

The legislation would mandate the consolidation of federal agency software licenses and force greater transparency and accountability of software purchasing through independent reviews, if it passes into law.

“The SAMOSA Act will provide valuable data to help the U.S. government identify and diversify out of vendor-lock,” the study states. “The government has an imperative to eliminate licensing clauses that are opaque, restrict mobility, and enforce unfair penalties.”

NetChoice is a technology industry group that counts Big Tech companies including Amazon and Google among its membership.

The post Major government tech contractors use monopolistic vendor-lock to drive revenue, study says appeared first on FedScoop.

The executive branch also issued a foundational document intended to guide the use and regulation of artificial intelligence technology, and federal government agencies launched initiatives to acquire IT and cybersecurity talent.

Some of the most consequential policymaking this year included: the SAMOSA Act software transparency bill, the AI Bill of Rights, the $280 billion CHIPS and Science Act, the FedRAMP reform bill, and Biden administration’s cyber job creation sprints.

FedRAMP cybersecurity certification reform

New legislation that will significantly reform the FedRAMP cybersecurity authorization program for cloud vendors by allowing FedRAMP-authorized tools to be used in any federal agency without additional oversight or verification became law earlier this month.

FedRAMP is a crucial cybersecurity certification that cloud service providers must obtain prior to working with U.S. government data.

One of the most consequential aspects of the FedRamp reform language is a “presumption of adequacy” clause, which would allow FedRAMP-authorized tools to be used by any federal agency without further checks.

The latest iteration of the Federal Risk and Authorization Management Program (FedRAMP) bill became law in late December as part of the NDAA after an uphill battle for almost six years led by Rep. Gerry Connolly, D-Va and Sen. Gary Peters, D-Mich.

SAMOSA Act

Congress introduced bipartisan legislation earlier this year that would mandate the consolidation of federal agency software licenses and force agencies to take a more transparent approach to software purchasing.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA), ​​which was first reported by FedScoop, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

The legislation was introduced in the Senate in September by Sens. Gary Peters, D-MI, and Bill Cassidy, R-LA, and by Rep. Matt Cartwright, D-PA in the House.

The SAMOSA Act passed the Senate Homeland Security and Governmental Affairs Committee (HSGAC) committee in September and is expected to get a full Senate vote in the coming months. 

CHIPS and Science Act

Bipartisan legislation known as the “CHIPS and Science Act,” pumped approximately $280 billion of new funding intended to boost domestic semiconductor manufacturing and help the U.S. compete with China in the development of cutting edge technologies.

The bill which became law in August includes approximately $52 billion in government subsidies for U.S. semiconductor production. It also includes $24 billion in investment tax credits for chip plants and other funding to spur innovation and research of other key U.S. technologies.

The IT industry and those that rely on it are expected to benefit significantly from the bill thanks to the increased investments and future growth. For example, IT giants and major federal government contractors like IBM are anticipating using funds from the legislation to boost growth in the sector from semiconductors.

The $1.7 trillion omnibus government spending package signed by President Joe Biden on Thursday ​​fell short of providing the maximum funding authorized under the CHIPS Act but nevertheless authorized large funding increases for NIST, the National Science Foundation (NSF), and the Department of Energy’s (DOE) Office of Science.

AI ‘Bill of Rights‘

The Biden administration in October issued a long-awaited blueprint document that is intended to provide guardrails for the use of artificial intelligence technology within the federal government.

The AI Bill of Rights consists of five key principles for the regulation of the technology: safe and effective systems, algorithmic discrimination protections, data privacy, notice and explanation and human alternatives, consideration and fallback.

It was created by the Office of Science and Technology Policy and is intended to address concerns that unfettered use of AI in certain scenarios may cause discrimination against minority groups and further systemic inequality.

Cyber job creation sprint

A 120-day cybersecurity apprenticeship sprint coordinated by the White House and the Department of Labor created 194 new registered programs, the Biden administration announced in November.

In total, the sprint resulted in more than 7,000 cyber apprentices getting hired, of which over one-third were female and 42% were people of color. Out of the cyber apprentices hired, 1,000 were from the private sector.

The sprint was launched in July in a bid to alleviate a shortage in cyber employees. There have been massive challenges in hiring cybersecurity employees within the government due to a tight labor market and a severe shortage of skilled cyber engineers and analysts and the problem continues to get worse. 

CyberSeek, a recruiting website for cybersecurity jobs in the U.S., funded by the Commerce Department, says that in the public sector or the government, there are 47,114 vacant cyber jobs and 72,599 cybersecurity experts currently employed.

The post 2022 in review: FedRAMP reform enacted, SAMOSA Act progresses appeared first on FedScoop.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA) was introduced by Rep. Matt Cartwright, D-PA, and is expected to significantly affect how federal agencies approach the purchasing of software and IT services.

The legislation has already been introduced in the Senate by Sens. Gary Peters, D-MI, and Bill Cassidy, R-LA, who introduced their version of the SAMOSA Act in September. Details of that bill were first reported by FedScoop.

The Senate bill has already advanced out of the Homeland Security and Governmental Affairs Committee and is expected on the Senate floor at some point next year.

“Without in-depth assessments of how agencies buy and use software, vendors often have the upper hand in transactions with federal agencies,” Rep. Cartwright said in a statement. “This bipartisan, bicameral legislation will streamline software procurement practices governmentwide to the benefit of American taxpayers.”

This legislation has been cosponsored by 14 House members already including: Reps. Dan Meuser, R-PA, Ed Case, D-HI, Gerry Connolly, D-VA, Danny Davis, D-IL, Brian Fitzpatrick, R-PA, Glenn Grothman, R-WI, Michael Guest, R-MS, Sheila Jackson Lee, D-TX, Brenda Lawrence, D-MI, Mike Levin, D-CA, Ted Lieu, D-CA, Eleanor Holmes Norton, D-DC, Katie Porter, D-CA, and Jamie Raskin, D-MD.

The bill would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using.

According to the Senate bill text, multiple reports from the Government Accountability Office and other organizations in recent years have shown that federal agencies could manage their software licenses better to save taxpayer dollars and more effectively execute technology modernization efforts.

Major federal government software and cloud service providers like Microsoft, Amazon Web Services (AWS), Google, Oracle and Adobe are expected to be affected significantly by the legislation. 

IT contracting sources told FedScoop that Microsoft, which by some estimates holds about 85% of the market share of the federal government’s productivity and collaboration software, is expected to be affected the most by the bill. 

The House bill is intended to improve the federal agency software procurement process and save money by forcing agencies to conduct independent reviews to ensure they have a clearer understanding of agency software licenses by cost and volume. 

In its current form, the proposed legislation would require each Inspector General to complete an Independent review of software license management within their respective agency. This would take place one year after the bill passes into law, and would be required to capture the total costs of all software agreements as well as related costs.

The bill also includes a government wide strategy to leverage government procurement policies and practices to increase the interoperability of software acquired and deployed within agencies to reduce costs and improve performance.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements.

The post House lawmakers introduce bill to overhaul how agencies buy software appeared first on FedScoop.

Language included in the draft Strengthening Agency Management and Oversight of Software Assets Act bill (SAMOSAA) has prompted fears that the proposed legislation could make it harder for agencies to switch away from software systems sold by some of the biggest incumbent players.

In its current form, SAMOSAA mandates agencies to negotiate better prices from tech companies through collective bargaining, and to purchase unlimited software licenses from a single software provider where possible.

Greater monopoly power within the federal government software space would likely increase cybersecurity risks and stymy innovation, software procurement experts told FedScoop.

Speaking with FedScoop, one acquisition expert who has worked on software contracts for GSA and other agencies said: “If you grant unlimited enterprise licenses to Microsoft, Oracle and other big players, then it makes it much harder for non-dominant players to get a foothold in the market. If an entire agency buys its software from a big player for some years then how will it ever decide to buy from a smaller player in the future?”

Software procurement scholar and former Director of the UC Berkeley Center for Long-Term Cybersecurity Steve Weber also cautioned that while the legislative proposals may help the government achieve better value for money, the push to consolidate contracts could give each federal agency fewer options.

He said: “The bulk discount for the government from the SAMOSA Act is great but I’m worried about large sections of the government using the one [piece of] software and a monopoly occurring.”

Weber added: “A narrow set of software options exacerbates the single cloud and single software security vulnerability issues the government is already facing.”

Staff working for the bill’s sponsor, Sen. Peters, D-Mich., disagree with this view. They say the bill will help to save taxpayer dollars and encourage innovation in government by reducing duplicative software purchases.

FedScoop exclusively obtained details of SAMOSAA earlier this month from the Senate Homeland Security and Governmental Affairs Committee, that if passed into law, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

SAMOSAA passed the Senate HSGAC committee last week and is expected to get a full Senate vote in the coming months. 

In sum, IT acquisition experts speaking with FedScoop gave a varied picture of the benefits and potential challenges for federal agency technology leaders posed by the legislation. Here are some of the principle strengths and weaknesses of the bill they described:

Strengths 

SAMOSAA would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using and saved taxpayers more than $450 million since being signed into law.

The legislation instructs the chief information officer of each federal agency to conduct an “inventory of the agency, including software entitlements, contracts and other agreements or arrangements of the agency, and a list of the largest software entitlements separated by vendor,” the bill says in its current form.

Multiple experts told FedScoop the bill could improve cost savings by forcing agencies to conduct more comprehensive independent reviews and audits that ensure they have a clearer understanding of agency software licenses by cost and volume.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements, the IT acquisition specialists added.

In particular, section four of the proposed legislation directs the chief information officer of each agency “to develop a plan … to improve the performance of, or reduce unnecessary costs to, the agency, adopt enterprise license agreements across the agency.”

According to software procurement scholar Steve Weber, the bill would likely lead to short term harm of enterprise software providers like Amazon, Microsoft, Oracle and others because the federal government would no longer be buying software it doesn’t need. However, Weber added that this short term decline in profits would greatly benefit the health of the software ecosystem in the long run for both tech companies and the government.

Weaknesses

Speaking with FedScoop, the acquisition expert who has procured software for GSA and other agencies said the legislation could be tweaked to avoid giving big software providers an advantage.

“The SAMOSA Act is a good start but we need more meat on the parts of the bill that encourage interoperability so that it’s easier for the government to switch providers in the future.” he added.

Weber added also that he was concerned that the consolidation of government agency software contracts could lead to a “mono-culture of narrowing software options that could exacerbate the single cloud single software security and vulnerability issues that exist currently.”

He said: “Interoperability is also good for the country, its citizens and technology. Locked in customers like the federal government are good for the bottom line of some companies but bad for tech, innovation and customers in long run.”

He said that Congress could add more strength and accountability to the interoperability elements of the bill to force software companies to compete on price performance, security and features, rather than choosing a software because it is too expensive or difficult to switch to an alternative provider. 

Section three of SAMOSAA would require chief information officers to audit the interoperability of each piece of software purchased by their agency as well as their agency’s efforts to improve interoperability of software assets.

“The government shouldn’t just take the easier path of more consolidation and cheaper prices right now with more problems and complications later on,” added Weber. 

An aide for Sen. Peters pushed back on criticism of the bill, saying it has received bipartisan support for the primary goals of the bill which are to save taxpayer dollars and encourage innovation in government by reducing wasteful software purchases.

The aide added that the bill is likely to improve the state of cybersecurity within federal agencies by increasing the visibility that federal Chief Information Officers have in their software purchases to ensure agencies are buying and appropriately updating the most secure software.

The post SAMOSA Act could increase large software providers’ monopoly powers say acquisition experts appeared first on FedScoop.

FedScoop exclusively obtained draft legislation earlier this month from the Senate Homeland Security and Governmental Affairs Committee, that if passed into law, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSAA) will be marked up on Wednesday and is expected to pass the committee with broad bipartisan support, two sources familiar with the bill told FedScoop.

In its current form, SAMOSAA includes language to develop a governmentwide strategy to leverage procurement policies and practices to increase the interoperability of software acquired and deployed by agencies.

The bill was formally introduced last week by HSGAC committee chairman Sen. Gary Peters, D-Mich., and Republican Sen. Bill Cassidy of Louisiana.  

Major federal government software and cloud service providers like Microsoft, Amazon Web Services (AWS), Google, Oracle and Adobe are expected to be affected significantly by the legislation. 

IT contracting sources speaking with FedScoop said Microsoft is most likely to be most affected by the bill. According to one estimate, Microsoft holds about 85% of market share for federal government productivity and collaboration software.

The bill would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using.

The bill is intended to improve the federal agency software procurement process and save money by forcing agencies to conduct independent reviews to ensure they have a clearer understanding of agency software licenses by cost and volume.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements.

The post Bill to consolidate federal agency software contracts expected to progress in Senate appeared first on FedScoop.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSAA) would also compel agencies to provide greater transparency about software purchases and require additional contract audits.

IT contracting sources speaking with FedScoop said technology giants including Microsoft are most likely to be most affected by the bill. According to one estimate, Microsoft holds about 85% of market share for federal government productivity and collaboration software.

FedScoop exclusively obtained a draft copy of the legislation, which is sponsored by HSGAC Chairman Sen. Gary Peters, D-Mich. It is expected to be introduced formally in the coming weeks.

The bill would build upon the MEGABYTE Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using.

“We are working to finalize this legislation that builds on Chairman Peters’ MEGABYTE Act, which has saved taxpayers more than $450 million since being signed into law. The Chairman will continue leading commonsense efforts to save taxpayer dollars and improve government efficiency,” a staffer for Sen. Peters told FedScoop.

According to the bill text, multiple reports from the Government Accountability Office and other organizations in recent years have shown that federal agencies could manage their software licenses better to save taxpayer dollars and more effectively execute technology modernization efforts.

“It is, therefore, in the interest of Congress to build upon the successes of the MEGABYTE Act of 2016 to improve the oversight, accountability, and effectiveness of agency software management practices so that agencies can acquire, deploy, and effectively leverage leading commercial software capabilities to meet their missions at a reduced cost to taxpayers,” the draft bill text said.

Major federal government software and cloud service providers like Microsoft, Amazon Web Services (AWS), Google, Oracle and Adobe are expected to be affected significantly by the legislation. 

The bill is intended to improve the federal agency software procurement process and save money by forcing agencies to conduct independent reviews to ensure they have a clearer understanding of agency software licenses by cost and volume. 

In its current form, the proposed legislation would require each inspector general to complete an independent review of software license management within their respective agency. This would take place one year after the bill passes into law, and would be required to capture the total costs of all software agreements as well as related costs.

The bill also includes a governmentwide strategy to leverage government procurement policies and practices to increase the interoperability of software acquired and deployed within agencies to reduce costs and improve performance. It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements.

The post Lawmakers float cost-saving legislation to mandate consolidation of federal agency software contracts appeared first on FedScoop.

Of the 24 Chief Financial Officers Act agencies evaluated, 16 maintained their grades, three improved them and five saw downgrades — including the General Services Administration, which had its exemplary A+ August mark reduced to a B+.

The House Oversight and Reform Committee uses the scorecard to measure federal digital hygiene and compliance with IT reform laws, and all agencies received passing grades despite the removal of one metric and addition of another.

“In the midst of a global pandemic, continued reliance on remote work and an unprecedented and highly sophisticated cyberattack by a foreign adversary, the importance of federal agencies’ effective use of IT is too great to ignore,” Gerry Connolly, D-Va., who chairs the committee, said in a statement. “Let’s ensure we use [FITARA] to continue to raise the bar.”

That bar was raised by retiring the scorecard’s software licensing metric, which all agencies received an A in — the first time that’s happened with any FITARA category.

The Making Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016 requires agencies to maintain an automated software license inventory accounting for 80% of spending and enterprise licenses. Only two agencies had such inventories when the category was added to the scorecard in June 2017, but now every CFO Act agency uses them to reduce duplicative software costs.

In the software licensing metric’s place, the committee made the decision to add one grading agencies’ efforts to transition off expiring telecommunications contracts onto the $50 billion Enterprise Infrastructure Solutions (EIS) modernization vehicle. The measure was previewed on the August scorecard in the form of percentages, which have since been replaced with grades depending on where agencies are in relation to 50% completion.

Only eight agencies received As, while five got Fs on their transitions.

Some tech officials took to Twitter to criticize the committee’s moving targets.

Sources told FedScoop that the addition of EIS to the FITARA Scorecard will hopefully focus agencies’ efforts transitioning to the contract and give them a new urgency, similar to how adding a category for software licensing and the MEGABYTE Act was so successful.

The three agencies that saw their overall grades improve were the Department of Health and Human Services to a B, Department of Labor to a B- and Department of Veterans Affairs to a B+. No agency received an A this time around, and at least seven continue to perform damage control on their networks following the SolarWinds hack, one of the most momentous in U.S. history.

“Agencies’ information technology systems need to meet modern-day challenges, steward taxpayer dollars, and ensure the success of their critical mission,” said Rep. Jody Hice, R-Ga., the committee’s ranking member, in a statement. “In light of the recent cyberattack against several U.S. departments and agencies, it’s also imperative to reflect on their state of cyber readiness.”

The post FITARA grades hold steady almost a year into pandemic appeared first on FedScoop.

Consider the U.S. Department of Agriculture, which has about 35,000 unique software applications across agency devices, with an average of only two installations each, according to Tim McCrosson, associate chief information officer for the department’s Client Experience Center.

Each update or version of an app counts as a separate license, but even considering that fact, the overall number of licenses is unscalable in the long run, McCrosson says. With that in mind, USDA wants all of its approximately 110,000 employees installing the same apps when possible,

“Increasing that average installation rate is something that’s very important to me,” McCrosson said, during an Advanced Technology Academic Research Center (ATARC) webinar Thursday. “And decreasing the number of overall software applications is also interesting because it’s going to make my service desk, my support group, more efficient.”

Fewer apps mean less testing and less that can go wrong, because each version of a piece of software represents an additional cybersecurity threat vector, he said.

The Air Force confronted its license inventory issues head-on as it moved to telework, said Chief Technology Officer Frank Konieczny. The service had to prioritize hardware like laptops because its airmen were used to working from desktops in the office.

A bring-your-own-device (BYOD) pilot was quickly launched, but that policy quickly depleted the telework funding money provided under the Coronavirus Aid, Relief, and Economic Security Act, Konieczny said.

Agencies inventory software licenses using automated discovery tools and metrics on usage and numbers purchased to ensure they have what they need. The challenge is hardly a new one.

In May 2014, the Government Accountability Office found only two of the 24 CFO Act agencies had comprehensive policies for managing software licenses, and only two kept an inventory. Missed savings could be as high as $181 million at some agencies, according to the GAO report.

Two years later the Making Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act was passed requiring agencies to continually inventory software licenses, analyze their use, and report savings.

Still, 19 of the 135 recommendations for improving software license management that GAO made in its 2014 report remained unimplemented as of November 2019. Six such recommendations had to do with maintaining and analyzing software license inventories, according to the GAO audit.

Sizing up the problem

Improved software license management becomes all the more critical because of the cost savings associated with deprovisioning apps like Skype, which Microsoft is retiring on July 31, 2021, in favor of Teams. Both USDA and the Air Force primarily use Microsoft Teams since the start of the coronavirus pandemic.

Rationalization — the process of keeping, replacing, retiring or consolidating apps — reduces license duplication and allows funds to be reallocated possibly to COVID-19-related initiatives, said Kim Weins, vice president of cloud strategy, at Flexera.

Companies might be forgiving with license cost estimates during the pandemic, Weins said, but eventually agencies will be hit with audits and possibly “true ups” — when a software provider measures the actual number of licenses and bills for that higher number.

“Now we need to sort of get our arms around what we’ve done,” she said. “We maybe want to prevent the coming hangover, so to speak.”

Vendors “always” come to the Air Force looking for true-ups, which has about 150 bases worldwide — often with their own unique set of apps, Konieczny said.

As a result, the Air Force needs to improve its inventorying, especially when an insecure version of software needs to be quickly identified across all bases, he said. Cybersecurity software is potentially a problem area, Konieczny said.

“We have an initiative to actually decrease the number of cybersecurity tools because there are too many now,” he said. “And you can’t really operate effectively with that many toolsets.”

Telework-related licenses aren’t going away, with McCrosson estimating 90% of USDA IT support will remain remote once the pandemic ends and Konieczny adding the Air Force is discussing permanent telework positions.

“The shift to our digital experience has been accelerating,” said John Moses, director of governance and enterprise management services at the Nuclear Regulatory Commission. “Plus any barriers you might have experienced in the past, those seem to be diminished or almost washed away.”

NRC formed teams to centralize software and hardware assets, with the former assigning portfolios of software license agreements for companies like Microsoft and IBM to individuals. Different versions of software are evaluated, and the agency tries to buy in larger quantities per agreement, Moses said.

New tools and features are offered to employees in an effort to replace and consolidate software “chaff,” he said.

The Air Force is running a number of other mobile-tech pilots, like video-to-text capability and augmented reality consultations for aircraft repairs.

Another pilot program under consideration would allow teleworkers on mobile devices to securely connect, using zero-trust architecture, to apps like Office 365. Implementing zero-trust technology would necessitate other changes, Konieczny said.

“Do I have something that could actually change my endpoint security?” he said. “Which means the licensing would change; the inventory would change.”

The post Telework boom expanded an existing headache: keeping track of software licenses appeared first on FedScoop.