With the one-year anniversary approaching for the passage of MEGABYTE Act, SIE evaluated what was learned and accomplished over the past year. For those not familiar with the MEGABYTE Act (Making Electronic Government Accountable By Yielding Tangible Efficiencies), it essentially requires the Chief Information Officer (CIO) of each Executive Department to achieve the following four (4) directives specific to Software License Management (SLM):
1. Policy: Develop a comprehensive software licensing policy identifying roles and responsibilities for management
2. Inventory: Establish a comprehensive inventory of software licenses (including 80% of spending and license agreements) using automated tools
3. Analyze: Analyze software usage, provide training, establish goals and objectives, and implement effective decision-making using the software license management lifecycle
4. Report: Sent to the Office of Management and Budget (OMB), the financial savings or avoidance of spending that resulted from improved software license management
While MEGABYTE adds a layer of compliance requirements to Federal OCIOs relevant to their Software License Management (SLM) programs, it joins another piece of recent legislation intent on achieving similar objectives. Specifically, FITARA, (Federal Information Technology Acquisition Reform Act), which became law in 2014, is broader in scope, and contains the following goals for Federal IT investments:
· Provide better visibility into IT expenditures,
· Improve risk management in IT investment,
· Engage other senior officials in the oversight of IT investments, and
· Give greater authority to the federal government’s more than 250 CIOs to plan, approve and execute IT acquisitions.
OMB developed implementation guidance and established the Common Baseline — a framework for agencies to implement FITARA requirements. The resulting guidance led to the creation of a FITARA scorecard – a way for agencies to be assessed on their progress against requirements. In October 2015, the first scorecard was released. Only two agencies (DOC and GSA) received a “B” score – with others falling below.
Where are we today?
Since implementation, the fourth version of the scorecard has been released. FITARA 4.0 now captures Agency compliance with MEGABYTE and adds a fifth grade assessing performance on SLM. The results released in June 2017 show positive momentum for FITARA scores overall, but reveal more work needs to be done specific to SLM and MEGABYTE. Overall, seven agencies scored a “B,” and one (USAID) scored an “A” with 16 agencies scoring a C or less. For MEGABYTE specifically, every agency (except for Dept. of Education, GSA and USAID) received an F grade. If the Federal Government was in college, these scores might result in academic probation, with serious risk of failing out.
How do agencies move forward (and improve their grades)?
Implementing the provisions of the MEGABYTE act takes discipline. Every organization, public, or private, is pulled in multiple directions. Many organizations postpone the implementation of SLM since “IT is working” – often saying we can put the effort off until next quarter (and the quarter after that).
The risk in delaying commitment to SLM includes:
· Paying for software that is not used, or paying too much for software
o Do you know if your deployment and usage match your purchase?
· Having unsecured software deployed
o Ask anyone impacted by Petya or WannaCry – malware is disruptive to the mission, resulting in a reactive security, opposed to proactive optimization.
· Prolonged non-compliance and poor FITARA/MEGABYTE scores
o Let’s face it; nobody likes having somebody look over your shoulder. SLM, when properly implemented, makes data calls and policy compliance routine functions. You can than focus on serving agency customers, and improving performance.
SIE Consulting Group has helped numerous agencies on SLM implementation such as FAA, NRC, OPM, and others. SIE is committed to helping our customers implement SLM resulting in, among other things, reduced spending on software licensing, controls for across the entire software lifecycle and improving overall agency cybersecurity posture. Our Software License Management as a Service (SLMS) program was recognized by award-winning Mary Davie on Great Government Through Technology.