A stunning report released by The International Association of Information Technology Asset Managers, Inc. reveals that the federal government is wasting about half of the estimated $80 billion it spends each year on IT and IT security. This waste has led to the massive increase in data breaches among federal agencies that have made headline news, and also leads to lost and stolen hardware, using outdated products, and more.
When compared to IT expenditures by private industries in the U.S., the federal government spends an average of $36,000 per employee versus private industry’s average expenditure of just $4,600 to $4,900 per employee. Within the individual federal agencies, the disparity is even greater — the Department of education spends a mind-boggling $168,000 per employee, the State Department spends $109,000 per employee, and even the more conservative Veterans Administration spends $11,700, which is still twice what private industry spends.
Before you pen an angry letter to your Congressional representative, take a look at what the IT service desk can learn about cyber security from the government’s ineptitude. Everything that is wrong in government IT departments can be fixed with a solid IT asset management system. The Department of Homeland Security managed to save $181 million in software licensing over the course of one year by utilizing asset management. If the federal government adopted this policy across the board, it would translate into $1 billion in annual savings.
1. Properly Tracking and Disposing of Hard Drives
The SEC takes top prize for poorly managing hardware like hard drives. About 200 of their laptops are entirely unaccounted for. A hardware asset management system includes tracking of each piece of hardware, as well as records for how, when, where, and by whom critical hardware is destroyed. Then there are no worries about what sensitive information ended up in the wrong hands from a missing computer or hard drive.
2. Regularly Installing Patches & Updates
Within the Department of Agriculture, it was found that over 82 percent of security vulnerabilities that existed were correctible via available patches. However, the patches had never been installed. Regular patch installations are crucial for security in any IT environment.
3. Making Changes Recommended by Audits
The Veterans Administration failed their cyber security audit for a sadly impressive 16 years in a row — primarily because they failed to make changes recommended by previous audits. Regular internal audits are important, and following the changes recommended by those audits is just common sense.
4. Tracking Mobile Devices
Ninety-four percent of IRS employees are issued a mobile device. Yet policy states that no single employee is allowed more than one device. However, the IRS has been paying service fees for 6,800 devices that are not even in their inventory system, which amounts to $2 million per year in service charges. Seven hundred of their employees had been issued more than one device, and some were issued as many as five. A solid asset management system could eliminate this waste and inefficiency completely.
5. Updating Security Authorizations
In the Department of Education, 24 percent of users were found to be operating on expired security authorizations. This is an easy fix with regular monitoring and consistent enforcement of policies. An asset management system makes this a simple, routine matter to control.
With the right systems, policies, and policy enforcement in place, your business can reduce IT spending while improving cyber security across the organization. The best news is, it doesn’t take an act of Congress to lower costs and improve efficiency — it just takes the ability to learn a few lessons that the federal government has managed to completely ignore.