Better visibility is the key to improved FITARA scores
- By Mav Turner
- Jun 13, 2019
The most recent version of the scorecard measuring agency implementation of the Federal IT Acquisition Reform Act gave agencies cause for both celebration and concern. On the whole, scores in December’s FITARA Scorecard 7.0 rose. But some agencies keep earning low scores, having been weighed down by several of the scorecard’s primary metrics, including data center optimization, software licensing, transparency and risk management.
It’s not that agencies don’t want to be transparent; it’s that they typically don’t have the appropriate visibility into their networks to allow them to be transparent. While some agencies are more exempt from this area than others (the Department of Defense, for instance), all agencies should strive for better network visibility. Let’s take a look at how greater visibility can help improve an agency’s score and how DevOps and agile approaches can propel their modernization initiatives.
Agencies with the lowest scores in this category failed to provide regularly updated software licensing inventories. This isn’t entirely surprising; after all, it’s not as if agencies get a book of software licenses where they can look up and assess the state of their licenses. Just like a Netflix subscription that hasn’t been used in months, licenses that aren’t immediately visible tend to get forgotten or buried as a budget line item. Out of sight, out of mind.
However, the Making Electronic Government Accountable by Yielding Tangible Efficiencies Act (MEGABYTE Act) of 2016 is driving agencies to make some changes. MEGABYTE requires agencies to establish comprehensive inventories of their software licenses and use automated discovery tools to gain visibility into and track them. Agencies are also required to report on the savings they’ve achieved by optimizing their software licensing inventory.
Even if an agency doesn’t have an automated suite of solutions, it can still assess their inventory. For instance, agency IT leaders can ask, “What software did we purchase last year? How are we using that software? Are we still using it?” Then, record the answers -- a simple Excel spreadsheet or Word document can suffice -- and make the necessary cuts. This can be a great exercise for cleaning house and identifying “shelfware,” software that was purchased and is no longer being used.
Risk management is directly tied to inventory management. IT professionals must know what applications and technologies comprise their infrastructures. This understanding can help them ascertain potential vulnerabilities that reside on their networks.
Obtaining a complete understanding of everything within those complex networks can be daunting, but there are a number of solutions that can help. Network and inventory monitoring technologies can give IT professionals insight into the different components that are impacting their networks, from mobile devices to servers and applications. They can use these technologies to monitor for potential intrusions and threats, but also to look for irregular traffic patterns and bandwidth issues.
Each of these options can provide deep insights into what is happening on government networks. These insights can help agencies better manage risk and provide the visibility necessary for greater transparency, both of which can result in higher FITARA scores.
Data center optimization
Better visibility can also help IT managers identify legacy applications to modernize. Knowing which applications are being used is critical to being able to determine which ones should be removed and where to focus modernization efforts.
Unfortunately, modernization itself can cause headaches, as it’s not as easy as simply turning on a new application to replace an old one. Even as they add new technologies, agencies discover they still need legacy solutions to complete certain tasks. They get stuck in a vicious circle where they continue to add to, rather than reduce, their data centers. Their FITARA scores end up reflecting this struggle.
Part of the problem is that agencies try to do too much at once. In their efforts to modernize, they attempt to make wholesale changes and, in the process, bite off more than they can chew.
Applying a DevOps approach to modernization can help agencies achieve their goals. DevOps is about aligning the creation of applications with the ongoing support for those services to improve reliability. DevOps is often based on agile development practices that enable incremental improvements in short amounts of time. Instead of focusing on a three-to-five-year plan, teams see what they can realistically get done in three to five weeks. They prioritize the most important projects at a given point in time and strive for short-term wins. This incremental progress can build momentum toward longer-term goals, including getting all legacy applications offline and reducing costly overhead.
While visibility and transparency are essential for improvements across all of these categories, FITARA scorecards themselves are also useful for shining light on the macro problems that agencies face today. They can help illuminate areas of improvement so IT professionals can prioritize their efforts and make significant impact on their organizations. Every government IT manager should stay up-to-date on the scoring methodologies and how other agencies are doing. Understanding the ramifications of a simple letter grade can open up avenues for optimization, monitoring and risk management.
Mav Turner is senior director, product management, for SolarWinds.