This article is more than 1 year old

The Pentagon has no idea how to deal with bad cloud contracts, say auditors

Terrible IT practices at the DoD? You don't say

Pointing out IT failures at the US Department of Defense is like shooting fish in a barrel, but here we are with another in the cross-hairs: this time it's the DoD that has failed to account for the costs associated with restrictive cloud licensing agreements. 

According to the Government Accountability Office (GAO), restrictive software licenses associated with commercial cloud contracts have resulted in increased costs and limited choices in service providers, among other problems. Many of the issues cited could have been avoided if the DoD had guidance and plans in place to do anything other than identify the presence of restrictive licensing risks, but the GAO said that's not the case.

"DoD's policy and guidance documents addressed identifying impacts related to restrictive software licensing practices during the acquisition process," the GAO said, but those plans don't address "analyzing impacts of restrictive practices during the acquisition process." There's no guidance for identifying or analyzing impacts of restrictive software licenses for established IT investments at all, the GAO noted. 

To bring this full-circle, "DoD's plans also did not require components to mitigate impacts of restrictive software licensing practices," the auditors added.

In short, the DoD has some plans in place to spot restrictive licensing, but no idea what to do about it. 

Among the cloud licensing restrictions that DoD officials noted to the GAO were limits on migration of software from on-premise to cloud environments, licenses that limit access to previous versions of software, third-party compatibility requirements, expensive building of software needed to meet government requirements and the like. 

"Until DoD updates and implements guidance and plans for mitigating the impacts of restrictive software licensing practices, the selected investments [the GAO selected six DoD cloud projects for its study] will continue to implement inconsistent, ad hoc approaches that can be ineffective at identifying and mitigating the department's risks," the GAO concluded. Hence its single recommendation: Implement plans and guidance to identify, analyze and mitigate restrictive software licensing risks.

The GAO didn't include any data about how much the DoD may have overspent on cloud software, but noted that the Department's cloud budget has increased by more than 40 percent since fiscal year 2021, when it was $1.4 billion to FY '23, when it's risen to around $2 billion. 

The DoD agreed with its assessment, the GAO noted, and said it intends to publish updated guidance by the end of the next fiscal year. Whether such guidance would be adhered to is another thing altogether - we reached out to the DoD with questions about the report but haven't heard back.

Just another ticket for the queue

Auditing and accountability agencies from across the US federal government have released reports on IT that are unfavorable to the DoD - this isn't even the first time the GAO has issued a report on cloud problems at the Pentagon. 

Watchdog urges change of HART: Late, expensive US biometric ID under fire

READ MORE

Per the latest GAO report, the Office reported in June 2022 that DoD had taken steps to implement key cloud requirements issued by the Office of Management and Budget, but that the Pentagon failed to kick off an effort to ensure it had the right personnel in place to ensure cloud success, and hadn't prepared a timeline for other necessary changes. 

"We also identified issues with completeness of the department's cloud spending data … which increased the likelihood that cloud spending data was underreported," the GAO said. "We made nine recommendations to DoD" in June 2022, the GAO noted. "All nine recommendations had not been implemented as of July 2023." 

Along with its failure to manage the efficiency of its cloud licensing, the DoD has also been called out by the DoD Inspector General for mismanagement of government-issued smartphones, and the General Services Administration found in a survey of government employees reported last month that the DoD had by far the worst IT support in the US government, too. 

The GAO also found earlier this year that the Pentagon wasn't doing enough to keep up with evolving threats by, among other things, adopting the cutting-edge strategy of agile software development. The DoD, we understand, still loves the old-fashioned waterfall approach to building software, which we remind them need not be as tough and rigid as the field-ready hardware they run on. ®

More about

TIP US OFF

Send us news


Other stories you might like