The Crisis in Federal IT Asset Management
According to a February 2015 report from the International Association of Information Technology Asset Managers (IAITAM), the federal government’s proposed $14billion cybersecurity budget for 2016 does not emphasize asset management nearly enough. The report details the increase in cyber incidents that affect federal agencies and highlights several high-profile cases at the Department of Defense, the White House, and the US State Department.
The report details specific weaknesses in the handling of IT Asset waste, device mismanagement, unfixed issues, and cases where lost and stolen wireless devices were not documented. Almost 6,800 devices were not inventoried at the IRS.
From the report:
“At the root of much of what ails the federal government bloat in IT spending and related woes is a lack of meaningful IT Asset Management. ITAM is the bridge that links an organization’s financial, contractual, and physical IT inventory requirements with the goals and objectives of the operational IT environment. The Federal Government’s approach to ITAM should include two components:
· The first is a rigorous government-wide centralized ITAM program responsible for creating policies, procedures, processes, and metrics for all government agencies.
· The second is an agency-level ITAM team, which would include the day-to-day management of all assets within that agency as set forth and required by the centralized program.
Concurrently, legislation should be enacted to protect and manage our greatest resource (technology) at the federal level, state level, and in critical infrastructure in the private sector. This legislation should address the areas of procurement, disposal, inventory management to the component level of IT Assets (such as hard drives), data security, and other mandated policies that would mitigate the risk to the United States and the critical infrastructure that is not owned by the government but is enabled and regulated by legislation.”