Congress Should Evolve – Not Eliminate – the FITARA MEGABYTE Category


Following the release of the FITARA Scorecard 10.0 in August, discussion about sunsetting the MEGABYTE category of the scorecard has picked up. But, is that really a good idea?

The MEGABYTE category measures agencies’ success in maintaining a regularly updated inventory of software licenses and analyzing software usage. With most agencies scoring an “A” in that category, the sense seems to be that MEGABYTE’s mission has been accomplished, and it can now rest easy in retirement.

However, just because a goal has been achieved does not mean the method used to achieve the goal should be discarded. A student who graduates Algebra I doesn’t completely declare victory over math for the rest of her academic career; she moves onto Algebra II.

The same principle should apply to the MEGABYTE category. Instead of getting rid of it, Congress should consider building on it to fit the current market dynamics – which are a lot different than they were in 2016, when the MEGABYTE Act became law.

A Changing MEGABYTE for Changing Times

Back then, cloud computing wasn’t quite as ubiquitous as it is today. Agencies were still buying specific licenses for specific needs, owning software, and getting their occasional updates.

As software procurement evolves and changes in the cloud environment, so too will the methods required to accurately track applications and usage – a challenge which could actually make MEGABYTE’s call for accountability more important than ever.

In some cases, agencies may not even know what they’re paying for. As such, they could end up paying more than necessary. Reading a monthly cloud services bill can be the equivalent of scanning a 30-page phone bill, with line after line of details that can be overwhelming. Many time-starved managers might be inclined to simply look at the amount due and hit pay without considering that they may be paying for services their colleagues no longer need or use.

There’s also the prospect of shadow IT, which appears to have been exacerbated by the sudden growth of the remote workforce. Employees could simply be pulling out their credit cards and ordering their own cloud services – not for malicious purposes, but just to make their jobs easier and improve productivity. In the process, agency employees might sign up for non-FedRAMP certified cloud services or blindly agree to terms and conditions that their agency procurement colleagues would not agree to. These actions can open agencies to risk, and must be governed.

A new MEGABYTE for a new era could be a way to measure accountability and success in dealing with these challenges. Agencies, for instance, could be graded on their effective use of cloud services. The insights gained could lead to more efficient use of those services including the potential to cancel services that are no longer needed. Finally, they could be evaluated based on how well they’re able to illuminate the shadow IT that exists within their organizations for a more accurate overview and governance of applications.

Not Yet Time for MEGABYTE to Say Bye

Just because the MEGABYTE category has turned into an “easy A” for most agencies does not mean that it’s time to eliminate it from the FITARA scorecard. Yes, let’s revisit it, but let’s not let it go just yet. Instead, let’s take it to a new level, commensurate with where agencies stand today with their software procurement.

About Cheryl Bruner
Cheryl Bruner is the public policy director for Red Hat.