IG says VA is falling short on data center optimization

The Department of Veterans Affairs is failing to meet key data center optimization requirements under the Federal IT Acquisition Reform Act, a new government audit finds.

Since 2010, the Office of Management and Budget has pushed agencies to shrink the federal government's sprawling data center footprint and migrate workloads to the cloud. After the passage of the Federal IT Acquisition Reform Act (FITARA), agencies were required to establish strategic plans for this purpose, determine how many data centers they operated, identify inefficiencies and develop timelines, performance metrics and estimated cost-savings for closing down duplicative or unnecessary centers.

According to a Jan. 30 Office of Inspector General report, VA failed to carry out or implement key aspects of the initiative in 2018 and 2017. Specifically, IT leaders at the agency continue to lack a detailed strategic plan for optimizing their data centers, a problem identified in numerous past audits by the Government Accountability Office. In the past, FITARA co-sponsor Rep. Gerry Connolly (D-Va.) has flagged poor planning by agencies as a root problem holding back progress on the Data Center Optimization Initiative.

In the case of VA, that lack of planning may have led to other failings, including the discovery of 860 unreported data centers. More than half of those were so-called "closet data centers," often consisting of a single server. Additionally, VA's internal targets for planned closures in 2018 did not match OMB's plan for the agency, and VA's plans for 2017 and 2018 didn't establish any targets for estimated cost savings.

Auditors put a chunk of the blame on basic communication breakdowns about the project between IT staff and broader agency personnel, leaving many non-IT officials unsure of what was and wasn't considered a data center under the initiative. As a result, VA closed only 32 centers in 2018, far below its target goal of 85 and OMB's goal of 130.

"These conditions occurred because the OIT Deputy CIO for Service Delivery and Engineering, who directs all operational and maintenance activities associated with VA's information technology (IT) environment, did not effectively communicate the criteria for identifying and reporting data center inventories VA-wide to ensure clarity and accountability," the report said.

Not surprisingly, auditors recommended that VA work with OMB to determine how many of the 860 unreported centers would have been covered under DCOI, establish better strategic planning and performance metrics, create a formal process to inventory the centers and ensure that IT leaders are effectively communicating project goals and timelines to the rest of the agency.

In an attached response signed by Deputy CIO and Chief Information Security Officer Dominic Cussatt, the VA concurred with four of the five recommendations but pushed back on the charge that it failed to establish an effective strategic plan. Cussatt claimed the DCOI definition of data centers was incompatible with the medical centers VA runs and that OMB knew VA would not be able to meet certain targets.

"Given VA's environment, the majority of VA’s data center closures are due to consolidation efforts (i.e. moving servers from one room to another) rather than the elimination of physical space," the response read. "OMB agreed that the target of $85.35M would not be feasible for VA to achieve; therefore, VA's Data Center Optimization Initiative strategic plan does not include a path to meet this target."