Federal agencies need a unified approach for software compliance, migration, and patch management

Federal managers are looking for solutions that help them better manage software license compliance, Windows 10 migration, and security patch updates. That search leads them to endpoint management solutions that can help automate patch distribution and streamline the software management process.

They need a comprehensive suite of tools that span across many operating environments, including Microsoft Windows, Apple macOS, Linux, and Unix. At the same time, they need an endpoint management solution that can discover and inventory all software implementations and patch levels within their organizations.

“You would be amazed at how much license compliance is really [critical] these days, especially when people are worried about spending too much money or getting software audited,” said Jamie Cerra, Federal Solutions Consultant with Quest® Public Sector, during a FedInsider webcast on new approaches to endpoint management.

“You see a lot of people getting into the endpoint management discussion really because they are concerned about licensing and compliance,” Cerra said.

And rightly so because federal software licensing is included in agency overall scorecards mandated by the Federal Information Technology Acquisition Reform Act (FITARA). According to some analysts, the federal government spends anywhere from $6 billion to $9 billion annually on software licenses and maintenance. The software dimension of the FITARA scorecard measures if agencies follow best practices in managing software licensing and costs.

The Quest KACE® Systems Management Appliance (SMA) is like a Swiss Army knife for endpoint management. It helps agencies implement mature software asset management processes and deliver compliance data to ensure they meet policy deadlines. By using the KACE SMA, agencies can discover and inventory all the devices on their network, including software on laptops, desktops, servers, tablets, and storage devices, as well as any network-connected non-computer devices. Proof of compliance can be confirmed through wizard-based reporting, which lets administration set up pre-configured or customized reports.

Also, many agencies are looking at how to mitigate data breaches. They should look at their patching capabilities, said Cerra. Recently, a customer was hit by the Spectre and Meltdown vulnerabilities. The malware impacted operating system functions as well as firmware — the software programmed into read-only memory — and affected hardware components.

“We used some components in our tools to show them, it’s not just the software,” Cerra said. Quest can tell you whether you put the right software patch on a system. But the Quest tools can also extract information about the firmware levels of the chip sets that were affected.

“We had that holistic approach to be able to say, there are some things we can do to help mitigate attacks and fortify patch management,” Cerra noted.

Windows 10 migration is another big concern for agencies. Many organizations have started the migration and need tools to help streamline that process.

“We talk to people a lot about how to plan for that migration,” Cerra said. Is there an in-place upgrade strategy involved or a rip-and-replace type strategy? What should an organization do with user data during the migration? Quest helps organizations develop a strategy that deals with the migration from start to finish.

“I would say, if I took three big things away from what I deal with day to day with my federal customers, it’s licensed compliance, Windows 10, and patch management,” Cerra said.

Unified endpoint management can help streamline the process for all those functions — patch distribution, hardware and software inventory, and software license compliance.

Check out this on-demand demo


Authored by: Rutrell Yasin, Principal Writer, FedInsider

Anonymous