VA misses targets on data center shutdowns, savings
- By Derek B. Johnson
- Jan 31, 2019
As the federal government moves workloads to the cloud and consolidates and optimizes its data centers, the Department of Veterans Affairs Office of Inspector General found the VA has not met key requirements under the Federal IT Acquisition Reform Act.
With the passage of FITARA in 2014, agencies were required to establish strategic plans to consolidate and optimize data centers that included determining how many data centers they operated, identifying inefficiencies and developing timelines, performance metrics and estimated cost-savings for closing down duplicative or unnecessary centers.
VA failed to carry out or implement key aspects of the initiative in 2018 and 2017, the IG said in its Jan. 30 report. Specifically, IT leaders at the agency continue to lack a detailed strategic plan for optimizing their data centers, a problem identified in numerous past audits by the Government Accountability Office. In the past, FITARA co-sponsor Rep. Gerry Connolly (D-Va.) has flagged poor planning by agencies as a root problem holding back progress on the Data Center Optimization Initiative.
In the case of VA, that lack of planning may have led to other failings, including the discovery of 860 unreported data centers. More than half of those were so-called "closet data centers," often consisting of a single server. Additionally, VA's internal targets for planned closures in 2018 did not match OMB's plan for the agency, and VA's plans for 2017 and 2018 didn't establish any targets for estimated cost savings.
Auditors put a chunk of the blame on basic communication breakdowns about the project between IT staff and broader agency personnel, leaving many non-IT officials unsure of what was and wasn't considered a data center under the initiative. As a result, VA closed only 32 centers in 2018, far below its target goal of 85 and OMB's goal of 130.
"These conditions occurred because the OIT Deputy CIO for Service Delivery and Engineering, who directs all operational and maintenance activities associated with VA's information technology (IT) environment, did not effectively communicate the criteria for identifying and reporting data center inventories VA-wide to ensure clarity and accountability," the report said.
Not surprisingly, auditors recommended that VA work with OMB to determine how many of the 860 unreported centers would have been covered under DCOI, establish better strategic planning and performance metrics, create a formal process to inventory the centers and ensure that IT leaders are effectively communicating project goals and timelines to the rest of the agency.
In an attached response signed by Deputy CIO and Chief Information Security Officer Dominic Cussatt, the VA concurred with four of the five recommendations but pushed back on the charge that it failed to establish an effective strategic plan. Cussatt claimed the DCOI definition of data centers was incompatible with the medical centers VA runs and that OMB knew VA would not be able to meet certain targets.
"Given VA's environment, the majority of VA’s data center closures are due to consolidation efforts (i.e. moving servers from one room to another) rather than the elimination of physical space," the response read. "OMB agreed that the target of $85.35M would not be feasible for VA to achieve; therefore, VA's Data Center Optimization Initiative strategic plan does not include a path to meet this target."
This article was first posted on FCW, a sibling site to GCN.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.