Screenshot 2016-06-07 09.23.24
,

Embracing FITARA to Drive IT Visibility and Cybersecurity

This blog post is an excerpt from GovLoop’s recent guide FITARA: What You Need to Know. Download the full guide here

At its core, the Federal Information Technology Acquisition Reform Act (FITARA) is about creating transparency around how much agencies spend on IT and how that technology is acquired, secured and managed.

“What FITARA is designed to do is drive the IT transparency and visibility that organizations have struggled to achieve in previous years, and it allows department-level CIOs to have visibility into their components, their bureaus and their sub-agencies,” said Clark Campbell, Vice President for Public Sector at BDNA.

Under FITARA, the visibility and intelligence that CIOs are expected to have about their agencies’ IT domains as they make critical spending and management decisions will also inform them and their CISOs about where critical assets exist that require better defenses and where vulnerabilities exist that require remediation.

When CIOs and their teams know in detail what IT assets are in use departmentwide, they can make better budgeting decisions and plan for future needs. That means they can make smarter decisions when it comes to prioritizing modernization spending; eliminating or consolidating duplicative IT resources; optimizing the management of software licenses; leveraging Category Management and Federal Strategic Sourcing initiatives for commodity IT; and optimizing data center consolidations, cloud migrations and shared service adoptions, among other things.

Moreover, with this greater visibility and intelligence of their enterprise IT environments, CIOs and their CISOs are better positioned to secure those assets and quickly address cyber vulnerabilities. Specifically, they can identify and remove cybersecurity vulnerabilities in the form of software and hardware assets that are at or approaching end of service and end of life; identify and remove cybersecurity vulnerabilities in the form of unauthorized IT assets – or shadow IT – that are not approved; and enhance Information Security Continuous Monitoring (ISCM) activities to ensure that all IT assets are subject to an automated inventory, configuration, or vulnerability management capability.

Many agencies already have Continuous Diagnostics and Mitigation (CDM) tools in place to track and manage software installments, IT asset inventories, and IT configuration and patch requirements. But a big problem is that most of those tools operate within confined siloes and fail to cover the entire enterprise. Another problem is that those tools do not integrate with each other or use a standard language, which means it is impossible to gain a clear, actionable enterprise view of one’s IT environment in a single pane of glass.

“The ability to leverage existing tools to turn that insight into something useful is the challenge that departments are having,” Campbell said. “For example, if you don’t know the end of life of your hardware and software, it is a struggle to plan from a budgeting and cyber security standpoint.”

In addressing the challenge of poor IT visibility and intelligence, numerous agencies have turned to a suite of solutions developed by BDNA and anchored on BDNA’s Technopedia, a comprehensive repository of market intelligence on enterprise software and hardware. These solutions unify IT asset datasets and supplement that data with detailed and updated market information, including end-of life dates. This increased visibility keeps CIOs and CISOs informed as they play a larger role in steering procurement, budget and cyber- security decisions.

“FITARA is a good overall framework to drive a lot of important efforts within the federal government,” Campbell said. “However, the underlying aspect that the federal government cares about is protecting its information. The cybersecurity component of that is the most critical piece of FITARA.”

Using BDNA solutions, agencies have up-to- date normalized data and market information on more than 1.2 million enterprise hardware and software products. Having consistent, accurate and relevant information about the technology in use at federal agencies enables the level of visibility required to implement FITARA, as well as IT Asset Management, ITSM, strategic sourcing, enterprise architecture, and other initiatives.

For example, the Defense Department is among the government agencies migrating to Microsoft’s Windows 10. That leaves a lot of older versions of various software that need to be phased out or terminated because they are not supported anymore. BDNA helps agencies sort through such challenges by providing detailed information on what software applications will no longer be supported by Windows 10.

One federal agency leverages BDNA to normalize 497,000 endpoints, servers, PCs and associated software applications each week in a matter of hours. This process allows that agency to see the IT assets in use that have been approved by IT and those that have not.

“It’s important not only to have that transparency, but also the intelligence and lexicon for all IT,” Campbell said. “BDNA provides a comprehensive, enterprise view of IT in a standard language, so that everyone is referring to the same thing.”

bdna-header-logo

Leave a Comment

Leave a comment

Leave a Reply