Mobile // Mobile Applications
03:35 PM
Connect Directly
How to Survive a Data Breach
Oct 25, 2016
Data breaches happen more frequently than we think - and the aftermath can be disastrous with many ...Read More>>

Google Calls Microsoft's FISMA Allegations False

The fight is mainly over the question of whether Google Apps for Business, which does have FISMA certification, is basically the same as Google Apps for Government.

Top 15 Google Apps For Business
Slideshow: Top 15 Google Apps For Business
(click image for larger view and for full slideshow)
Google on Wednesday dismissed Microsoft's "breathless" claim that the search company misrepresented the compliance of its software with the Federal Information Security Management Act (FISMA), a security certification used by government agencies.

"Microsoft claims we filed a separate FISMA application for Google Apps for Government, then leaps to the conclusion that Google Apps for Government is not FISMA certified," said Google Enterprise security director Eran Feigenbaum in a blog post. "These allegations are false."

David Howard, corporate VP and deputy general counsel at Microsoft, made the allegations in a blog post on Monday.

Or as a Microsoft spokesperson asserted, the U.S. government made the claim--"it appears that Google's Google Apps for Government does not have FISMA certification"--and Microsoft merely repeated it.

Though that assertion did come from a U.S. government court filing, Howard used the government's claim to declare unequivocally that Google had presented false information. "It's time for Google to stop telling governments something that is not true," Howard wrote.

The context here is important. The government attorneys who made that claim are defending the Department of the Interior's right to proceed with a $59 million IT services contract for hosted email and collaboration software that involves Microsoft. Google claims the contract was unlawfully awarded as a no-bid contract and has succeeded in blocking the contract while its case is litigated. So the government and Microsoft are on the same side in this instance.

The use of the word "appears" by the government in its filing also is important. It's less than certain, in other words. And while it may be arguable that the FISMA status of Google Apps for Government isn't quite as clear as might be ideal, that argument looks a lot like splitting hairs when examined closely.

As Feigenbaum explained, Google received FISMA certification for Google Apps Premiere Edition (later renamed Google Apps for Business) from the General Services Administration last July. That same month, the company introduced Google Apps for Government. The two versions of Google Apps are the same system, except that Google Apps for Government stores data in a location suitable to federal rules and segregates it from other data for the same reason.

The GSA, according to Feigenbaum, told Google that the name change and additional features could be covered under the company's existing FISMA certification. And because FISMA rules anticipate systems will change over time, re-authorization efforts don't void previous certifications.

So Google Apps for Government is awaiting a FISMA certification update, but that doesn't mean is not certified, assuming Google's representations about its discussions with the GSA are accurate.

Feigenbaum concluded by pointing out an obvious irony, that Microsoft's BPOS system is not FISMA certified. "We're confident that Microsoft will also re-authorize their applications on a regular basis, once they receive FISMA authorization," he quipped.

And to put this tempest in a teapot in its proper context, it's also worth noting that compliance with security rules isn't a guarantee of security. At best, it's blame insulation.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll