1 Federal Software Asset Management: The Government’s SAM Framework Alan Vander Mallie, Program Manager U.S. General Services Administration Office of.

1

Federal Software Asset Management: The Government’s SAM

Framework

Alan Vander Mallie, Program ManagerU.S. General Services Administration

Office of Governmentwide PolicySeptember 2009

2

Software Asset Management

Case Study: Running the Government’s SAM Framework

• The GSA Role

• Federal SAM/ITAM Program

• The Government’s SAM Framework

• How’s it working for US?– Successes, Challenges & Trends

3

GSA Role

GSA has a major role in managing Government assets:

• Real Property (over $1.4 trillion)

• Personal Property (disposes > $21 billion per year)

• Travel and Transportation (>600,000 vehicles/1,460

aircraft/$12.3 billion in annual travel expenditures)

• Information Technology Strategy (purchase $71 billion/year)

• Regulatory Information (FAR, FMR, FTR, GSAM)

• Federal Advisory Committees (public transparency)

4

GSA Role

Information Technology spending for FY 2009 may total $71 Billion

• Mission Systems – approx $36 billion– 6236 business cases for mission systems

• Infrastructure – approx $30 billion– 25 major business cases for IT infrastructure

Source: OMB VUE-IT Application for FY 2009: http://www.whitehouse.gov/omb/assets/egov_docs/VUE-IT.pdf

5

Federal SAM Program

Purpose• Support technology strategy efforts so govt is

running in the most secure, open, and efficient way possible

• Help govt realize technical and social goals -focus on process solutions vs technology solutions

• Create strategic value from SAM/ITAM Goals:• Manage Smarter, Buy Smarter, and Increase

compliance of IT assets

6

Federal SAM Program

Benefits include support for:• Aggregated buys through vehicles such as SmartBUY• Improved infrastructure optimization and efficient

software/hardware usage• Closer alignment with approved lists of COTS software (FEA

and EA)• Better use of acquisition, finance, and installed versus actual

usage data• Assurance that security features are incorporated into software

products as required (e.g., NIST FIPS 140-2 preclude the use of unvalidated encryption protection of sensitive or valuable data within Federal systems)

• Achieving Section 508 compliance for software/hardware use by persons with disabilities

• Going Green with IT purchase decisions for more energy efficient IT operating environments & end-of-use disposal

7

Federal SAM Program

Cont’d• Support for desktop management & core configurations • Auto-discovery of installed software• Scheduling maintenance upgrades and software/hardware

disposition• Improving and clarifying software-use policies (who, what,

where, when, why)• Development of standard federal-wide license use clauses to

protect intellectual property and prevent software piracy• Informed software security patching and upgrades, installation

and deployment• Informed user and IT support staff training.

8

Federal SAM Program

Challenges to Establishing Effective SAM:

• Reason it is not being already done – it is very hard• Commercial sector does not always do it well either• Data standards for feeder systems do not exist• Overall SAM Enterprise Frameworks do not exist • Implementing policy that integrates multiple key

business processes• Dealing with tangible and intangible assets that

have many different terms of use depending on the vendor, dealing with each vendor requires a unique approach

• Try not to create a process that requires excessive overhead for agencies

9

Discovery & Program Foundation•Recommend guidelines and strategic framework • Document lessons learned internal/industry• Asses current state-of-SAM across Government

Architect

Invest

Implement

FedITAM Program Realization• Launch Website so Citizens, Industry & Government can participate in advancing SAM• Highlight use of automated tools• Work with Agencies and LOBs re benefits

Govtwide SAM Programs

• Promote Govtwide standardization, consolidation and optimization

• FedITAM website available share best practices and tools

Federal SAM Program - Roadmap

10

Federal SAM Framework

The Federal SAM Framework focuses on process improvements using ISO 19770-1 and other SAM/ITAM related standards and tools for:

• Capturing inventories of deployed software, lists of approved software within FEA and agency enterprise architectures, CPIC investment portfolios, and authorized user data from CIOs;

• Capturing acquisition, purchasing, and negotiated license usage rights information from CAOs; and

• Capturing invoice, payment and finance information from CFOs.

11

Federal SAM Framework

• Highlights six key SAM process areas (ISO 19770-1) and 17 questions from chief officers:– Supports routine and extraordinary efforts to

standardize, consolidate, and optimize the management, purchase, and increased compliancy of IT assets.

– Supports collaboration and partnerships across the disciplines and between those responsible for enterprise architecture and standards, financial management, strategic sourcing and acquisition, IT operations, and asset management.

12

Federal SAM Framework

NOTES: The Federal SAM framework leads agencies towards higher levels of maturity in their software asset management programs so they do not continue to waste time and money with manual inventories, ineffective decision processes, and redundant software purchasing efforts.

Through inputs to and relationships with federal-wide (SmartBUY) or agency strategic sourcing efforts and the IT Infrastructure LOB program the SAM framework (1) moves vendors towards constantly improving and better securing their products for government enterprise use and (2) moves IT operations and their vendors away from spending too much time and money on purchasing or marketing on many disparate levels.

13

Federal SAM Framework

The goal of communicating a common framework across Government is to:

-- foster visibility of standards and assets, and promote better management, strategic sourcing, and accurate tracking

-- so that information, assets, people, and processes are adequately detected/identified, protected and

connected across the federal government.

14

Federal SAM Framework

NOTES: The Federal SAM Program & Framework recommends that every software acquisition should be aligned with: – OMB policy and guidance for software acquisition and

SmartBUY acquisition– Federal enterprise architecture (FEA)– Agency strategic plans and enterprise architectures– Federal security standards– Capital planning and investment controls (CPIC)– Legislated acquisition and IT requirements.

15

Federal SAM Framework

“The Govts SAM framework offers a view into integrated lifecycle management for IT assets”

The Government’s SAM Framework – 6 process areas that cross organizational boundaries:– Approving Software & Hardware– Managing the Buy– Managing Contract Compliance– Monitoring Inventory Usage– Complying with Policies & Standards– Financial & Capital Planning

16

Federal SAM Framework

Managing the Buy

Financial & Capital Planning

Approving SW & HW

Managing Contract

Compliance

MonitoringInventory

Usage

Complying withPolicies & Standards

Fed ITAM Integrated Life-Cycle

Management

17

Framework Process Areas

Approving IT Architecture Software & Hardware

• What IT assets are approved to run on the network architecture?

• What unapproved products are running on the network or are being purchased for deployment, exposing us to risk?

• Are we addressing the security areas of patch-management and network identity-management?

18

Framework Process Areas

Managing the Buy• What IT assets are good candidates for

cost-saving Smart Buy, GWACs, and other Strategic Sourcing agreements?

• What are relevant contract terms and clauses for enterprise-wide compliant use of assets?

• Do our ordering practices reflect the actual depletion, deployment, saturation, and utility rates of my organization?

19

Framework Process Areas

Managing Contract Compliance

• What installed assets expose us to piracy liabilities because they lack licensing agreements?

• Do our installations exceed authorized licensing?

• Are agencies in compliance with contract terms and are S/W and H/W vendors in compliance with federal policies?

20

Framework Process Areas

Monitoring Inventory Usage

• What installed assets are not being actively used; and (how) should they be re-used or retired?

• What assets are sitting on the shelf in large quantities reflecting potentially unwarranted ongoing expenses?

• What critical asset inventories are nearly depleted?

21

Framework Process Areas

Fostering Compliance with Policies & Standards

• What Federal policies and guidelines govern particular categories of IT assets?

• How are we working toward compliance with ISO 19770, UNSPSC, and other current or emerging global standards?

• What are current ITAM policy guidelines issued by OMB, NIST, and OGP; and is our agency in compliance?

22

Framework Process Areas

Financial & Capital Planning

• What are opportunities to increase return on investment and improve cash-flow through smarter buys and uses?

• What are noteworthy variances in unit pricing for similar products and how best can we close gaps and avoid costs?

23

How is it Working for US?

ID Management technology strategy for Implementing HSPD12

Initiative has clear and visible govtwide architecture related to a govtwide acquisition strategy which includes a public list of approved & certified products and services.

Website: http://www.IDManagement.gov

24

How is it Working for US?

SmartBuy/ESI/GWACs and other Strategic Sourcing agreements

Initiative has CoBranding between GSA and DoD - Use of common clauses, terms & conditions to achieve best value – Mandatory consideration of Smart Buy/ESI contracts in FAR Case 2005-014.

Website: http://www.gsa.gov/smartbuy

25

How is it Working for US?

IT Infrastructure Line of Business (LoB)

Initiative promotes use of automated tools and adoption of SAM/ITAM processes – Consolidated hundreds of infrastructure investments into 25 and applied highend consulting and engineering expertise to five-year plans.

Website: http://www.itinfrastructure.gov

26

How is it Working for US?

Strategic View of Automated Tools

Planning & Management

28%

Infrastructure Operations

46%

IT Security26%

Infrastructure Operations

Planning & Management

IT Security

27

How is it Working for US?

Strategic View of Tools # of Tools

% Total

Infrastructure Operations 520 46%

Planning & Management 317 28%

IT Security 291 26%

Total 1128 100%

28

How is it Working for US?

Questions Raised by Tool Analysis:

Do CIOs have the personnel, policies, and procedures in place to optimize IT assets?

Do CIOs know what they have, where it is, who is using their IT assets?

Do CIOs have the right tools and enough information to optimize and manage their IT assets?

Are CIOs buying tools using SmartBUY agreements?

29

How is it Working for US?

Created SAM Framework and built proof-of-concept Federal SAM repository and reporting tool

Initiative identified common data inputs and sources for using SAM automated tools.

Website: http://www.gsa.gov/feditam

30

How is it Working for US?

NOTES: Optimizing COTS software use requires collecting and analyzing SAM data using standard data collection best practices, such that data can be used within and across agencies toward making the Federal Government a leader in software investment management.

31

Sample Data Inputs

Acquisition & Finance(CAO) (CFO) (CIO)

Human Resources

(CIO) (CHCO)

IT InventorySystem

(CIO) (CFO)

(Optional) Personnel Information Agency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSenderPOC NamePOC Phone No.POC Email AddressEmployment StatusDepartment

Acquisition & Financial InfoAgency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSenderProduct NameProduct VersionManufacturer NameContract NumberLicense typeSIN NumberLicense descriptionNational Stock NumberPrice categoryQuantity PurchasedQuantity OrderedContract TypeContract DescriptionDate of OrderOrder Number

Cont’d…

Deployed Software Inventory DiscoveryAgency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSenderProduct NameProduct VersionManufacturer NameUser NameMachine NameIP AddressMAC AddressMachine PlatformLocationMachine type (formerly Class)Model No (formerly Model)RAMFree HDD CapacityTotal HDD Capacity Processor TypeCont’d…

Sample Inputs for Automated Tools and Life-Cycle Reporting

IT Architecture

(CIO)

Agency’s Approved Software ListAgency org codeSub agency org codeRegion codeFile send dateFile Source NameFile NumberSender Product NameProduct versionManufacturer NameProduct TypeProduct DescriptionSoftware CategoryProduct OSVersion Release DateApproving Agency NameTransaction CodeLoad Type

32

cont’d, Sample Data Inputs

Acquisition & Finance Human Resources IT Inventory

System

(Optional) Personnel Information

Acquisition & Finance, Cont’d…

Date of ReceiptPerson to ContactNo of Licenses ReceivedReceiving personLicense Start DateLicense End DateSmart BUY StatusFederal-wide FlagVendor NameVendor NumberInitial License CostAnnual Subscription CostAnnual Support CostAnnual Subscription & SupportBPA numberInvoice numberACT numberFund Code

Deployed Software Inventory Discovery

Cont’d…

No. of ProcessorsServer FlagMachine Serial NumberOS DomainDNS Host NameServer Manager NameServer Used asServer NameServer Contact NameHost NameSoftware categoryInstalled quantityDate Last UsedDate InstalledOS PlatformProcessor/CPU speedNo. IPS Machine

Sample Inputs for automated tools and Life-Cycle Reporting

IT Architecture

Agency’s Approved Software List

33

Reports

• Summary & Detailed Reporting aggregated by Organization • View by Product Name (Oracle, Lotus Notes, MS Windows, etc.)• View by Manufacturer (IBM, Microsoft, McAfee, etc.)• View by Server Name• View by Contract or Blanket Purchase Agreement Number• View by Fiscal Year (original purchase date)• List of Expired Licenses• List of Approved & Non-Approved Products • List of Charge Card Purchases• Customized Reporting (you create your own report template) • Administrative: List of SAM Tool Users • Administrative: History of Agency Data Refreshes• Executive Dashboard Reports:

– Actionable Advices and Alerts– Executive Spreadsheet– Store Documents and Reports

34

How is it Working for US?

Published website at www.gsa.gov/feditam to make technology strategy for Federal SAM visible to citizens, industry, and government so we can work together.

Contact and interact with US at [email protected]

Alan Vander Mallie

Federal SAM/ITAM Program Manager

Office of Governmentwide Policy

U.S. General Services Administration

Phone: (202) 501-6901

Email: [email protected]