FISMA Flap: Microsoft Cries Foul Over Google Federal Cloud Certification


Microsoft is calling out Google, its key cloud computing competitor, claiming that Google Apps for Government isn't up to snuff and doesn't have Federal Information Security Management Act (FISMA) certification, despite Google's claims to the contrary.

The FISMA fight is just another match in the long-standing cloud computing kerfuffle between Microsoft and Google as the two duke it out for cloud dominance.

According to Microsoft, recently unsealed court documents show that the U.S. Department of Justice rejected Google's claim that Google Apps for Government, Google's cloud suite of applications for federal and government customers, has been FISMA certified. FISMA certification shows that products adhere to security regulations as they pertain to the handling and protection of information for the federal government and national security. Microsoft said Google has been misleading federal customers into believing that Google Apps for Government has indeed been certified – via promotional materials and various mentions on Web sites and blog posts – but instead it is the Google Apps Premier play that has achieved the FISMA stamp of security approval.

"Indeed, for several months and as recently as this morning, Google's Web site states, 'Google Apps for Government -- now with FISMA certification.' And as if that's not sufficient, Google goes farther on another Web page and states 'Google Apps for Government is certified and accredited under the Federal Information Security Management Act (FISMA),'" wrote David Howard, Microsoft corporate vice president and deputy general counsel in a Microsoft blog post outing Google's FISMA cloud folly.

According to Microsoft, the foul-up came to light as a direct result of Microsoft's and Google's continuing legal battle over the cloud-based e-mail system for the Department of the Interior. The DOI selected Microsoft's Business Productivity Online Suite (BPOS) as its cloud provider for its 88,000 employees, but in October Google filed a lawsuit claiming it was unfairly passed over for the federal cloud e-mail deal and that procurement documents heavily favored Microsoft. In the suit, Google touted its Google Apps for Government suite and claimed it had all of the necessary functionality and security, plus the appropriate certifications, including FISMA, to fulfill the DOI's cloud computing needs. A judge granted Google an injunction that prevents the DOI project from moving forward with Microsoft's cloud until corrective actions are taken.

"So imagine my surprise on Friday afternoon when, after some delay, some of the court papers were unsealed, at least in part," Howard wrote. "There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims. The DOJ's brief says 'On December 16, 2010, counsel for the Government learned that, notwithstanding Google's representations to the public at large, its counsel, the GAO and this Court, it appears that Google's Google Apps for Government does not have FISMA certification.'"

NEXT: Google: We're FISMA Certified In The Cloud


See the latest cloud technologies, learn best practices, and interact with your peers at the channel’s first all-inclusive cloud event: NexGen Cloud Conference & Expo, December 4-5, 2014 at the San Diego Convention Center. Register now at  www.NexGenCloudCon.com