Confronting Financial, Security Risks with Supply Chain Management

Federal spending on software has seen growth for years, but with that has also come an increase in wasted funds. The General Services Administration reported that federal spending on software totals more than $6 billion annually and that a typical organization spends 30 percent more than necessary.

This issue is primarily due to a lack of clarity when it comes to managing the software supply chain, which is the active management of data from the beginning of a contract to the end of life of the software. The confusion around the supply chain also results in increased security risks for many agencies.

Additionally, the relationship between software companies and government agencies is tenuous. Vendors have taken advantage of the lack of transparency, making it even more difficult for agencies to find solutions to the management challenges that they face.

So how can government start to patch the holes to reduce unnecessary spending and bolster security? GovLoop’s recent roundtable event, “Creating Trust and Transparency in the Software Supply Chain,” provided insight into the obstacles and best practices for taking back control of government software spending.

“From the standpoint of cost, there are over $6 billion spent on [software] each year,” Bill Zielinski, Deputy Assistant Commissioner, Office of Information Technology Category, Federal Acquisition Service at GSA, said during the discussion. “Part of what we’re trying to do is help agencies really understand the software market. Software is a major transition point into and through government agencies.”

He continued on to describe the reliance that agencies have on software companies and managed service providers, making it clear that more attention should be put toward understanding what it is that agencies are receiving for their money. “The days of buying whatever you want are gone,” Zielinski said.

Tristen Yancey, Regional Vice President, Federal at Flexera, agreed with those observations and noted the aspect of security that agencies should take into consideration.

“Do you understand how you’re overspending?” Yancey said. “In terms of security, do you have eyes during that entire process? Do you know where the breaks and leaks are? In the gaps, you could be missing something extremely critical, [and] that’s where your vulnerabilities lie.”

Although these issues should be a top priority, they are overshadowed by one thing that has prevented supply chain management from being fixed: routine.

“You don’t have a lot to go on other than what have we bought before?” Zielinski said. “What was our spending pattern before?”

In order to break agencies out of that mindset, Zielinski believes that it comes down to finding the points that can provide clarity for decision-makers on the supply chain challenges. Identifying places that they’re losing money and face security challenges is key.

Yancey also reiterated the importance of understanding the process behind software.

“[It’s about] knowing all hardware and software on your network, putting all purchase orders into some sort of aggregate system and aligning your IT baseline,” she said. “Am I under-licensed? Over-licensed? You need to know what you have in order to protect yourself. It’s the fear of the unknown that’s going to get you.”

Attendees noted some of the problems that they faced while trying to take control of their system. When trying to save on unused licenses, one attendee from the Census Bureau said that he faced challenges due to the manual nature of the process. Yancey agreed with that issue.

“It’s still a lot of manual processes,” she said. “I think we need to automate it. It needs to be a consistent, automated process that you can rely on.”

The most common problem raised by multiple members of the discussion, however, was how to get started.

“You start small and you do a demonstration,” Zielinski said. “We can give them the basics of software management in a very short time window [and] say, ‘here are immediate actions you could take now that would save you millions of dollars.’”

He also noted the necessity of using resources when getting started.

“Don’t try to do this on your own,” he said. “There’s a community. Reach out to others. People are more than willing to share their experiences and practices. You don’t have to reinvent the wheel on this. What agencies don’t always realize is that they don’t have to make a large capital investment right off the bat.”

Yancey agreed that it is attainable and that the best way to start is to reach out to government peers and break the process down into smaller pieces. When asked what should prompt agencies to take action, she hinted again to the financial and security risks.

“It’s the cost of ‘what if you don’t?’” she said.

Leave a Comment

One Comment

Leave a Reply