Government IT In 2014: GAO's Critique

7 Important Tech Regulatory Issues In 2015

The General Accountability Office has always been a reliable resource for seeing what IT dilemmas the federal government is grappling with. Through its reports and testimony, the GAO seeks to help the feds keep IT projects on schedule, maintain high levels of security, meet statutory requirements, and make the most of their investments.

The GAO produced 31 reports and testimony on IT in 2014. While some reports focused on mundane IT matters, others addressed emerging technologies or uncovered government-wide IT deficiencies that merit inclusion in this roundup.

Cloud computing
In a September report on cloud computing, the GAO noted that a sample of seven agencies were assessing the feasibility of cloud computing services only for new IT systems and not for legacy systems. Such a strategy conflicts with Office of Management and Budget guidance that calls for cloud solutions to be considered whenever a secure, reliable, and cost-effective option exists, regardless of where the investment is in its lifecycle, according to the GAO.

[Will the US Senate turn to third-party cyber security support? Read Senate Explores Outsourcing Security Services.]

However, auditors found that the group of agencies, including Homeland Security, HHS, and Treasury, had increased -- from 21 to 101 -- the total number of cloud services they have implemented since 2012.

Data center consolidation
Federal agencies are continuing to consolidate their respective data centers as mandated by the Federal Data Center Consolidation Initiative that OMB launched in 2010. GAO reported in September that agencies were having difficulty getting an accurate read on the costs of running data center facilities because they lack sound metrics needed to calculate savings.

Of the 24 major federal agencies involved in the consolidation initiative, 19 reported cost savings totaling $1.1 billion between 2011 and 2013. On a positive note, the reported savings amounted to $300 million more than the OMB had projected at the outset of the initiative. GAO recommended that OMB develop a metric for server usage and furnish it to agencies.

Software licensing
Through its audits, the GAO seeks to help agencies find ways to improve how they manage IT software and services. A particularly problematic area in this regard is software licensing.

In a May report, the GAO stated that both OMB and the vast majority of agencies have inadequate policies in place for managing software licenses. Only two of the twenty-four major federal agencies have comprehensive policies that include clear roles and central oversight of enterprise software license agreements, said the GAO.

By consolidating such agreements, agencies stand to save millions, according to the GAO. The watchdog agency urged OMB to issue a directive on the matter. It also urged agencies to improve their existing policies and practices for managing software licenses through the adoption of leading best practices.

Web security
The GAO published a number of reports on the Healthcare.gov website in 2014. The agency found a number of glaring security and privacy weaknesses in the website. Despite corrective measures by the Centers for Medicare and Medicaid Services, "weaknesses remain both in the processes used for managing information security and privacy as well as the technical implementation of IT security controls," the GAO wrote in a September report.

The GAO suggested that CMS strengthen technical controls that protect confidentiality, strengthen passwords, install timely software patches, and improve configuration of the administrative network. Until the weaknesses are fixed, CMS runs the risk that information stored on the system might be modified or disclosed without authorization, the GAO said.

Spending transparency
The GAO also evaluated the accuracy of data on federal grants and loans available to the public through USAspending.gov. In a report released in August, the GAO found that agencies did not report at all, or reported late on grants and loans totaling $619 billion for 302 programs in fiscal 2012.

Auditors found that some key data elements on grants, such as the primary location of performance, were routinely missing.

The GAO recommended that the OMB director clarify guidance on agency responsibilities for reporting awards funded by non-annual appropriations. It also recommended that the OMB director develop a government-wide oversight process that can regularly assess the consistency of data reported by federal agencies to USASpending.gov.

As we pull out of a difficult time in our nation's financial history, government agencies struggle to meet information technology demands. Agencies must focus on the cloud and a strong information governance program to avoid the sort of attention recently focused on the IRS. Get the Time To Reconsider Enterprise Email Strategy report from InformationWeek Government today. (Free registration required.)