The subcommittee members, however, questioned why it has taken so long to see real progress in both in the number of data center closures and the savings associated with them.
That assessment was generally supported by David Powner, GAO's director for information technology management issues. Powner, in testimony before the subcommittee, agreed that OMB "did the right thing" to change its definition but that overall, OMB and agencies needed to take more effective steps to implement plans already laid out to achieve promised IT savings.
VanRoekel and McClure noted that it was not until last year that a total cost of ownership model was completed that agencies could use and agree upon to assess their data center operations and their needs and make planning decisions.
Lawmakers subsequently hammered McClure on GSA's own record for closing data centers. To date, GSA has closed only one of its non-core data centers and only recently announced it plans to close 38 data centers by the end of this fiscal year and 37 more by the end of fiscal 2014.
"I'm at a loss at how we got only one closure in the last three years, and why are we suddenly ramping up now and how is that going to happen," said Congressman Meadows.
McClure deferred the answer to GSA's own CIO, Casey Coleman, but noted that GSA's experience is symptomatic of most federal agencies, where "CIOs don't have complete control over all data centers," he said.
"(Defense Department CIO) Teri Taki has very little authority to do more than report what's being reported to her," said VanRoekel, reinforcing McClure's point.
What changed at GSA, said McClure, was the decision by GSA Administrator Dan Tangherlini in May to grant Coleman with agency-wide IT authority. That proved to be a perfect set-up for Rep. Connolly to seek further support for the Federal IT Acquisition Reform Act, sponsored by Darrell Issa (R-Ca.), chairman of the House Oversight and Government Reform Committee and Connolly.
The legislation, which was adopted June 14 in the House would, among other measures, elevate and empower agency CIOs with authority and accountability for managing the IT portfolios of their agencies. Rep. Meadows pressed on, wanting to know from VanRoekel -- assuming that fewer data centers meant a smaller footprint for security threats -- what was the appropriate number of data centers that government should be shooting for.
VanRoekel declined to provide even a ballpark number, saying "yes, fewer data centers would improve security," but that building "cyber capabilities was grounded in following the Federal Information Security Management Act" and monitoring traffic going through the government's trusted Internet connections.
"Fewer is better and optimized is better. It depends on size and need of the agency," he said. But he pointed to the Department of Homeland Security, which has three core data centers, as one model to consider.