We use cookies on our website to analyze website usage and to help secure the website against misuse. Advertising and functional cookies are not used in our site or our web application products.
By clicking “Accept Essential Cookies Only”, you consent to us placing these cookies.
In today's uber-connected computing environment, the concept of an air-gapped, locked down, and stand-alone data center running proprietary special use software is an anachronism.
Even the most secure military data systems use some commercial off-the-shelf (COTS) software and almost all IT environments are networked. Procurement and IT managers and officers look for the best hardware and software configurations needed to meet a specific goal, and integrate them into existing data centers and networks.
Having been common practice for a period of years, this model raises the questions, "What exactly are we running?" and "What do we need?" A secure, approved and flexible IT asset (ITAM) management solution can help answer those questions.
The software that is in place, and the acquisition process itself, was the topic of a recent presentation made by the Secretary of the Air Force, Heather Wilson. In her address she noted that "We are facing a rapidly innovating adversary who is challenging us, and we have to be willing to accept more risk in our acquisition process." She added that "This is particularly true when it comes to software. We'll also be buying software as a 'service', paying by actual usage, rather than by individual license, or the so-called consumptive license model. All of this adds up to faster decisions, faster analysis, faster strikes, faster assessments and more success in combat." However, that change will require the IT managers and officers to measure their actual consumption levels, which will require an in-depth understanding of the details of their configurations. An approved ITAM solution would make that all possible, and support Secretary Wilson's objectives.
In her speech, Secretary Wilson also addressed the problem of legacy systems. By way of example she spoke about the in-air refueling software. She described how tacticians were using a software program written for the first Gulf War, nearly 30 years ago. The software was "grossly" out of date, and despite spending millions of dollars, software engineers were not able to update it. She noted that five or six Airmen were spending all day, every day, moving colored plastic shapes on a whiteboard to match tankers to fighters, to locations and times. In an unrelated article published by Computerworld, Tony Scott, the former federal CIO is quoted telling Congress that legacy systems "often pose significant security risks, such as the inability to utilize current security best practices, including data encryption and multi-factor authentication, which make them particularly vulnerable to malicious cyber activity." In fact, the article reported that the U.S. government, has over 3,400 IT professionals employed to maintain legacy programming languages. Clearly, being able to discover and inventory legacy systems, understand the software they operate and develop a migration plan is key to cybersecurity, operational efficiency and effective use of scarce budgets.
However, legacy systems are not the only components that need to be upgraded or replaced. Commercial software must be kept up-to-date with patches and new releases. In a public report entitled "Take Advantage of Software Improvements", the National Security Agency (NSA) emphasized the critical need to keep software current. Citing the need to keep software patched, the report said "The Common Vulnerabilities and Exposures (CVE) database demonstrates the sheer volume of vulnerabilities that are reported daily and patched by vendors. Responsible enterprises - and malicious adversaries - act on this information. Malicious actors race to develop working exploits by analyzing and reverse engineering each software patch. Delaying or ignoring patches for vulnerabilities considerably increases the chance of systems being exploited, in particular Internet connected systems." Without a Software Asset Management (SAM) program in place, it is difficult to determine what exact software various systems are running, and to what extent they are patched or running the most current version of the software.
The critical need for military and governmental agencies to establish a comprehensive inventory of their data center equipment, and the installed software, has now been mandated by law. Congress passed two pieces of legislation: the Federal Information Technology Acquisition Reform Act (FITARA) and the Making Electronic Government Accountable By Yielding Tangible Efficiencies Act of 2016 (MEGABYTE). The focus of these laws, and the requirements included in both make it mandatory for federal agencies to maintain accurate inventories of both hardware and software.
Specifically, the MEGABYTE Act mandates that the Chief Information Officer of each executive agency to:
Notwithstanding the mandates in the laws, recent reports indicate that very few federal departments are in compliance, or even come close. Perhaps, one obstacle is identifying an ITAM solution approved for use in secure and government IT environments.
Even though there are several commercial ITAM and SAM solutions and tools available, there are critical factors that are required for use in a secure, military or governmental computing environment.
These include:
The requirements make the list of available ITAM solutions very short. In fact the xAssets ITAM/ND solution is the only ITAM software product on the USAF approved/certified list of software. The xAssets ITAM-ND solution meets all the requirements and is immediately available as COTS software. As such, proposing xAssets ITAM-ND can justify a sole source award and shorten the acquisition timeframe.
To learn more about how xAssets ITAM-ND software can help you manage your infrastructure and become FITARA and MEGABYTE Act compliant visit us at www.xassets.com, email usgovsales@xassets.com or call us on 800 691 9120.
Free instances are free forever and can show demo data or your data.