Federal Information Security Management Act of 2002

Google responds to Microsoft's FISMA certification accusations

April 11, 2011: 5:32 PM ET

Earlier this morning Microsoft accused Google of false advertising.  Google responds.

This morning, David Howard, Corporate Vice President & Deputy General Counsel at Microsoft (MSFT) took the opportunity to look at unsealed documents to point out something, that if true or genuine, would seem to be a pretty big deal.

Last Friday afternoon, I learned that a batch of court documents had been unsealed and had revealed one particularly striking development: the United States Department of Justice had rejected Google's claim that Google Apps for Government, Google's cloud-based suite for government customers, has been certified under the Federal Information Security Management Act (FISMA). Given the number of times that Google has touted this claim, this was no small development.

Ouch.  Would Google lie about being FISMA certified when it got rejected?  Seems like a seemingly stupid and risky move.  But later on, some clarification came to light.

The Justice Department acknowledges that the General Services Administration (GSA) had certified a different Google offering, Google Apps Premier, for its own particular use under FISMA last July. As the DOJ's brief explains, "However, Google intends to offer Google Apps for Government as a more restrictive version of its product and Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government." Lest there be any doubt about the situation, the brief adds, "To be clear, in the view of the GSA, the agency that certified Google's Google Apps Premier, Google does not have FISMA certification for Google Apps for Government."

It appears that Google's (GOOG) General Apps product, the one for mom and pop businesses up to huge companies like Genentech, was FISMA approved for use by the General Services Administration in July 2010.   The more restrictive version of Apps, for Government, is still going through the application process.

So a less secure version of Apps is certified and a newer, more secure version of Apps for Government isn't.  Interestingly, Microsoft's own product, Business Productivity Online Standard, is not FISMA approved. It is interesting that Microsoft has taken this strategy to support which exposes a weakness.

Google's David Mihalchik, Google Enterprise told me: More

Current Issue
  • Give the gift of Fortune
  • Get the Fortune app
  • Subscribe
Powered by WordPress.com VIP.