Google: Microsoft's FISMA Certification Finger-Pointing 'Irresponsible'


Google battled back against Microsoft's accusation that Google lied about its Google Apps for Government cloud suite obtaining Federal Information Security Management Act (FISMA) certification calling Microsoft's gotcha diatribe a "breathless blog post" and saying Microsoft's charges are "irresponsible."

Earlier this week, Microsoft posted a lengthy blog entry noting that recently unsealed U.S. Department of Justice documents revealed that Google Apps for Government is not FISMA certified, despite Google's claims to the contrary. FISMA certification guarantees that products meet the necessary security guidelines to be appropriate for use in federal and government environments. In the blog post, David Howard, Microsoft corporate vice president and deputy general counsel, Howard calls Google's FISMA claims misleading and points out that Google's Google Apps Premier offering is FISMA certified, but not Google Apps for Government.

Google has already dismissed Microsoft's claims and in an e-mail to CRN, Google Enterprise's David Mihalchik said Google Apps received FISMA security authorization from the General Services Administration (GSA), and since Google Apps for Government is a similar system with tighter security controls, it is also FISMA certified by default.

Google expanded on its response to the FISMA flap in a post on Google's enterprise blog late Wednesday called "The Truth about Google Apps and FISMA." In the post, Google asserts that Microsoft's indictment of Google's FISMA certification is bogus.

"In a breathless blog post, Microsoft recently suggested we intentionally misled the U.S. government over our compliance with the Federal Information Security Management Act (FISMA). Microsoft claims we filed a separate FISMA application for Google Apps for Government, then leaps to the conclusion that Google Apps for Government is not FISMA certified. These allegations are false," Google Enterprise Director of Security Eran Feigenbaum wrote in the blog entry.

According to Feigenbaum, Google is serious about federal government security requirements and has delivered on its promise to meet them, while being open and transparent. Feigenbaum added that "it's irresponsible for Microsoft to suggest otherwise."

Feigenbaum said Google Apps received FISMA authorization from the GSA in July 2010, certification that can carry over to various editions of Google Apps, including Google Apps premier and Google Apps for Government.

"Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system," Feigenbaum wrote. "It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application."

NEXT: Google: We've Been Very Transparent