Google denies lying about Apps' certification
Analyst takes Microsoft's side in dustup, says Google 'has things to learn' about working with the feds
Computerworld - Google on Monday denied an allegation by rival Microsoft that it lied about an important government certification.
But an analyst with experience in dealing with the federal government, and its contract and bid practices, said Microsoft got it right.
"Microsoft's argument is certainly valid," said Donald Retallack, an analyst and research vice president at Directions on Microsoft, a Kirkland, Wash. research firm that focuses on Microsoft.
Yesterday, Microsoft cited recently-unsealed court documents, including a brief from the Department of Justice (DOJ) that said, "Notwithstanding Google's representations to the public at large, its counsel, the GAO and this Court, it appears that Google's Google Apps for Government does not have FISMA certification."
FISMA, or the Federal Information Security Management Act, is a set of security standards that some federal agencies require vendors to comply with.
"We did not mislead the court or our customers," David Mihalchik, who leads the strategy and business development for Google's Enterprise team, said in a statement.
"Google Apps received a FISMA security authorization from the General Services Administration [GAO] in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements," said Mihalchik. "As planned, we're working with GSA [U.S. General Services Administration] to continuously update our documentation with these and other additional enhancements."
But that's not how things work in Washington D.C.
"Just because you're certified with one system doesn't mean you're certified with others," said Retallack, who before joining Directions worked for Boeing. While with the aerospace company, Retallack frequently dealt with the federal government on contracts that Boeing sought.
The issue comes down to Google's contention that because its Google Apps was FISMA certified, the superset Google Apps for Government suite was also certified. On its Web site, Google touts the latter as FISMA-certified.
"That's not the way that the government works," said Retallack. "That would be like saying that because an electrician had met code on one house, he was certified for all the houses he built. Based on my experience with the government, each system certification is an individual process."
Even if many of the components of Google Apps for Government were previously FISMA certified by the GAO, it doesn't mean the entire system -- which is what the government certifies -- meets the requirements, Retallack added.
The dustup over FISMA is fall-out from a lawsuit that Google filed last November against the U.S. Department of the Interior (DOI). In that suit, Google charged that the agency restricted competition by requiring bidders on a $59.3 million contract for cloud-based email and messaging services to use Microsoft's Business Productivity Online Suite-Federal (BPOS) system.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5
- This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms
- In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86
- Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye
- Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe. All Government IT White Papers
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- All Government IT Webcasts