Google attempted Wednesday, April 13, to punch holes in Microsoft’s accusation earlier in the week that Google’s Apps for Government productivity suite isn’t FISMA certified as advertised.
In a sign of the times, executives from the two companies are trading jabs not in person, but on their company blogs. In Google’s response, Eran Feigenbaum, director of security for Google Enterprise, called Microsoft’s claims false and stated that it was “irresponsible” for Microsoft to suggest that Google hasn’t been open and transparent with the government.
Feigenbaum said that Google Apps for Government is the same technology platform as Google Apps Premier Edition, which received certification on Federal Information Security Management Act standards from the U.S. General Services Administration (GSA) in July 2010. He added that the two aren’t separate systems; the only difference, he said, is that Google Apps for Government has two additional security enhancements — data location and segregation of government data.
Google claims that after consulting with GSA, obtaining another FISMA certification because of these differences wasn’t needed. But some observers disagree, pointing to a Department of Justice brief that stated GSA believed the program wasn’t certified.
“Because Google Apps for Government has some notable differences from the Google Apps Premier product, it requires separate certification, and there is no question that the product has not received that certification,” said Shawn McCarthy of IDC Government Insights, an industry analyst community, in a blog entry.
McCarthy said that while he believes Google didn’t violate the spirit of the law, how the company pitched Google Apps for Government to customers was questionable.
“Because the product is based on a set of FISMA-certified solutions, and because the only real differences are designed to enhance security, it's not totally fair to say that Google lied,” McCarthy said. “It would have been easier to swallow this particular mistake if Google had claimed FISMA compliance, rather than actual certification.”
Google maintains that it has been “very transparent” regarding its FISMA authorization and that law allows for the changes many systems undergo over time, providing for what Feigenbaum said were “regular reauthorization — or recertification — of systems.”
“We submitted updates earlier this year that included, among other changes, a description of the Google Apps for Government enhancements,” Feigenbaum added.
Still, McCarthy wasn’t convinced that Google Apps for Government is covered under the Google Apps Premier certification.
“It's highly likely that Google will eventually receive separate FISMA certification for Google Apps for Government,” McCarthy said. “But it jumped the gun on how it markets the product to the government.”
Associate Editor Matt Williams and Staff Writer Brian Heaton contributed to this report.