Agencies lack a way to measure their progress on server efficiency ever since the Office of Management and Budget stopped requiring them to report use in June 2019, according to the Government Accountability Office.
OMB originally had agencies report the percentage of time their servers were busy using continuous, automated monitoring but later determined the metric failed to account for each one’s operational needs and technological capabilities.
“OMB’s current server utilization metric does not require agencies to report the utilization rates for their servers, nor does it provide the necessary parameters to evaluate agencies’ [Data Center Optimization Initiative] performance,” reads the report. “Without such information, agencies are not providing a complete picture of their server utilization and cannot ensure they are making meaningful progress toward better server utilization.”
OMB hadn’t made progress establishing a new metric as of December, GAO’s one recommendation in its report.
Still, the 24 Chief Financial Officers Act agencies saw progress reducing data center duplication and costs in fiscal 2019 and 2020.
Only the Department of Defense failed to meet its fiscal 2019 data center closure goal, closing 33 of the 39 planned facilities, citing litigation delays around the Joint Enterprise Defense Infrastructure (JEDI) cloud contract. But it had exceeded its overall Data Center Optimization Initiative (DCOI) closure goal of 233 facilities by 12 as of January.
All other agencies planned to meet, met or exceeded their data center closure goals for fiscal 2020 as of August — expecting to close 229 facilities for a savings of $1.1 billion over two years, according to GAO.
Agencies continue to exclude about 4,500 facilities from their data center inventories since May 2019, when OMB narrowed its definition to stop counting spaces not originally intended for that purpose. Excluded facilities are typically smaller, but not always, and still present cybersecurity risks, according to GAO.
GAO recommended in a 2020 report that OMB continue to have agencies report those facilities as data centers to retain cyber-visibility, but the agency hasn’t addressed the recommendation to date.
“We continue to maintain that, because of OMB’s decision to remove non-tiered data centers from agency DCOI reporting requirements, agencies risked losing the overall visibility and oversight that is needed for these facilities and the potential security vulnerabilities that they represent,” reads the report.
OMB launched the DCOI two years after the Federal Information Technology Acquisition Reform Act of 2014 directed GAO to regularly review agencies’ data center inventories. Agencies have addressed 72 of GAO’s 125 recommendations regarding the DCOI to date for an estimated savings of $6.2 billion.
Regarding GAO’s latest report five agencies agreed with its findings, six neither agreed nor disagreed and 13 had no comments. OMB did not comment on GAO’s lone recommendation regarding a server use metric.