Archive

Posts Tagged ‘information security management’

Government Agrees With Microsoft: Google Wasn’t Certified

April 13th, 2011 04:44 admin View Comments

Today, the U.S. government agreed with Microsoft’s accusation that Google had provided misleading information about whether or not its Google Apps for Government is certified under the Federal Information Security Management Act (FISMA).

According to Business Insider, a government agent agreed with Microsoft in front of the U.S. Senate, testifying that the product in question was currently going through the recertification process.

David McClure, an associate administrator with the U.S. General Services Administration, testified before a hearing led by U.S. Senator Tom Carper, in which Carper asked if McCure would “comment on these recent reports and discuss how OMB and GSA are addressing the concerns that are raised by them.” His answer, as quoted in Business Insider (with their emphasis):

MCCLURE (GSA): Sure, I’d be glad to bring some clarity to it. In July 2010, GSA did a FISMA security accreditation for “Google Apps Premier.” That’s what the Google product was called, and it passed our FISMA accreditation process. We actually did that so other agencies could use the Google product. If we do one accreditation, it’s leveraged across many agencies. Since that time, Google has introduced what they’re calling “Google Apps for Government.” It’s a subset of Google Apps Premier, and as soon as we found out about that, as with all the other agencies, we have what you would normally do when a product changes, you have to re-certify it. So that’s what we’re doing right now, we’re actually going through a re-certification based on those changes that Google has announced with the “Apps for Government” product offering.

Google does have FISMA certification for Google Apps Premiere, but not for the Apps for Government, although that claim does appear on its website.

When we wrote about this topic earlier this week, Google’s David Mihalchik told us that “we did not mislead the court or our customers. Google Apps received a FISMA security authorization from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.”

We’ve asked Google for an updated comment and will update this story upon receiving one.

Source: Government Agrees With Microsoft: Google Wasn’t Certified

Microsoft Accuses Google of Misleading Security Certification

April 11th, 2011 04:55 admin View Comments

google150150.gifMicrosoft is accusing Google of providing misleading information about whether or not its Google Apps for Government is certified under the Federal Information Security Management Act (FISMA).

The roots of the accusation, laid out today in a blog post by Microsoft Corporate Vice President & Deputy General Counsel David Howard, date back to last fall, when the Department of Interior awarded Microsoft with the contract to upgrade its email system and move it to the cloud. Google filed a lawsuit requesting an injunction and claiming that the selection process was unfair.

Following the success of its Apps for Business and Apps for Education offerings, Google has tried to make in-roads into government cloud contracts as well, which do require some additional security measures. And that’s what today’s brush-up involves.

Google has claimed that its Apps for Government does met the minimum security requirements for government IT, but according to a Department of Justice brief unsealed last week, “notwithstanding Google’s representations to the public at large, its counsel, the GAO and this Court, it appears that Google’s Google Apps for Government does not have FISMA certification.”

Google says that Google Apps for Government has received this certification, and had made a point in its lawsuit that it deserved consideration for the federal contract because Microsoft’s rival offering, Business Productivity Online Suite, did not have FISMA certification.

Google does have FISMA certification for Google Apps Premiere, but not for the Apps for Government, although that claim does appear on its website.

google_apps_govt.jpg

As Howard points out, “Google can’t be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application for Google Apps for Government?”

Of course, Microsoft has its own motivations for painting Google’s lack of FISMA certification in this light. As Howard notes, the Department of Interior isn’t moving forward with the installation of Microsoft’s cloud offerings, and other government contracts are probably facing extra scrutiny as well.

We have reached out to Google for comment, and we’ll update this story when we hear more.

Source: Microsoft Accuses Google of Misleading Security Certification

YOYOYOOYOYOYO