An audit report showed the space agency spent an additional $20 million over the same period in fines and overpayments to vendors such as IBM, SUSE, and SAP among others. Credit: NASA / Roscosmos All Posts The US National Aeronautics and Space Administration (NASA) has overspent about $15 million on Oracle software over the past five years because it lacked a centralized software asset management practice, according to an audit report published by the space agency’s office of the inspector general (OIG). The report attributes the huge over-expenditure to vendor lock-in and NASA’s unwillingness to risk a license audit by Oracle because of its lack of visibility into software management. Vendor lock-in, according to the report, is a situation when an enterprise customer using a product or service cannot easily transition to a rival product or service. “NASA purchased large amounts of Oracle products to support Space Shuttle processing and other mission operations during that timeframe containing licensing terms that made transitioning to a competitor difficult due to proprietary technologies,” the OIG wrote in the report. NASA was unwilling to commit to an Oracle audit as it was scared that the resultant penalties from the audit would cost more than the $15 million, the report showed. “OCIO (office of the chief information officer) officials explained that they ‘knew better than to try our luck with an audit.’ Simply put, merely the potential threat of being audited by the vendor encouraged overbuying when the accuracy of agency software asset management was suspect,” the report said. An email sent to Oracle about easing “lock-in” practices didn’t immediately receive a response. Non-existence of a software asset management (EAM) program The space agency’s problem, according to the report, is the absence of a centralized software asset management practice and its current “ad-hoc” practices, which could expose NASA to operational, financial, and cybersecurity risks. Software asset management is the practice of controlling and optimizing the purchase, deployment, maintenance, and utilization of software applications or suites in an organization or institution. “Efforts to implement an enterprise-wide software asset management program have been hindered by both budget and staffing issues and the complexity and volume of the agency’s software licensing agreements,” the OIG wrote in the report, giving the agency’s software management practices a “basic” rating—the lowest rating as per the International Organization for Standardization. The agency uses over 49,000 desktops, laptops and engineering computers. Further, the report showed that NASA was years away from moving to an enterprise computing model and was in violation of the federal policy to implement a centralized software asset management program that tracks inventory and license data. “We also found internally developed mission and institutional software applications suffer from a lack of centralization and inventory visibility, limiting the agency’s ability to identify duplicative or obsolete software,” the OIG wrote. In addition, NASA’s current organizational setup, which is against federal policy, hinders the effective implementation of a centralized software management policy. “The agency’s software asset management office and software manager positions are misaligned and do not report to the chief information officer as required by federal policy,” the OIG wrote as part of the report. Other challenges plaguing the space agency includes inconsistent processes for legal representation during software contract negotiations or vendor audits, unsupervised training software and unsupervised software buying. These challenges expose the agency to increased costs because of penalties for violations of software licensing agreements, the report showed. “NASA has failed to implement processes necessary to manage financial risks as software purchases are not sufficiently tracked and authorized by the Office of the Chief Information Officer (OCIO)—allowing some users to bypass OCIO authorization (and software asset management team scrutiny) to purchase software through alternative means such as purchase cards,” the OIG wrote. NASA overspent more than $35 million The OIG also pointed out an additional $20 million expense in fines and overpayments, which could have been avoided. “We estimate the agency could have saved approximately $35 million ($20 million in fines and overpayments and $15 million in unused licenses) and moving forward could save $4 million over the next 3 years by implementing an enterprise-wide software asset management program,” the OIG report said. According to the OIG’s analysis, almost 11,000 users, between 2020 and 2022, were granted privileged access (the ability to control one’s computer system akin to administrative rights) to download software at will due to operational constraints and delay in funding. In 2017, NASA had to pay $18.9 million to IBM post an audit to bring its software usage in compliance with license agreements. In 2021, multiple vendors such as SAP, Dassault and Ansys, collectively were paid about $4.4 million by the agency to settle software usage penalties. NASA ENDS Related content feature State of IT jobs: Mixed signals, changes ahead Layoffs and salary plateaus in the wake of exuberant pandemic-era IT hiring has the IT talent market in flux. And while employers pay premiums for hard-to-find AI skills, IT pros seek the same for filling in-office openings. By Sarah K. White May 17, 2024 10 mins Salaries Hiring IT Jobs feature Project manager salary: 5 key tips to earn more Project managers need to know what their worth is — and make others know it, as well. Here’s a look at project manager compensation, skills that increase a project manager’s pay scale, and how to negotiate a more competitive project By Josh Fruhlinger May 17, 2024 14 mins Salaries Project Management Careers feature Cyber resilience: A business imperative CIOs must get right With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security. By Andrada Fiscutean May 16, 2024 9 mins Regulation Incident Response Data and Information Security feature Shine a Spotlight on Your Team’s IT Excellence with CIO Awards Canada By Allice Shandler May 16, 2024 4 mins Events IT Leadership PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe