Google denies lying about Apps' certification
Analyst takes Microsoft's side in dustup, says Google 'has things to learn' about working with the feds
Computerworld - Google on Monday denied an allegation by rival Microsoft that it lied about an important government certification.
But an analyst with experience in dealing with the federal government, and its contract and bid practices, said Microsoft got it right.
"Microsoft's argument is certainly valid," said Donald Retallack, an analyst and research vice president at Directions on Microsoft, a Kirkland, Wash. research firm that focuses on Microsoft.
Yesterday, Microsoft cited recently-unsealed court documents, including a brief from the Department of Justice (DOJ) that said, "Notwithstanding Google's representations to the public at large, its counsel, the GAO and this Court, it appears that Google's Google Apps for Government does not have FISMA certification."
FISMA, or the Federal Information Security Management Act, is a set of security standards that some federal agencies require vendors to comply with.
"We did not mislead the court or our customers," David Mihalchik, who leads the strategy and business development for Google's Enterprise team, said in a statement.
"Google Apps received a FISMA security authorization from the General Services Administration [GAO] in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements," said Mihalchik. "As planned, we're working with GSA [U.S. General Services Administration] to continuously update our documentation with these and other additional enhancements."
But that's not how things work in Washington D.C.
"Just because you're certified with one system doesn't mean you're certified with others," said Retallack, who before joining Directions worked for Boeing. While with the aerospace company, Retallack frequently dealt with the federal government on contracts that Boeing sought.
The issue comes down to Google's contention that because its Google Apps was FISMA certified, the superset Google Apps for Government suite was also certified. On its Web site, Google touts the latter as FISMA-certified.
"That's not the way that the government works," said Retallack. "That would be like saying that because an electrician had met code on one house, he was certified for all the houses he built. Based on my experience with the government, each system certification is an individual process."
Even if many of the components of Google Apps for Government were previously FISMA certified by the GAO, it doesn't mean the entire system -- which is what the government certifies -- meets the requirements, Retallack added.
The dustup over FISMA is fall-out from a lawsuit that Google filed last November against the U.S. Department of the Interior (DOI). In that suit, Google charged that the agency restricted competition by requiring bidders on a $59.3 million contract for cloud-based email and messaging services to use Microsoft's Business Productivity Online Suite-Federal (BPOS) system.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
Top Considerations for Moving to a Cloud Delivery Model for ITSM
Find out whether SaaS-based ITSM is right for you
- Software-as-a-service is more than just a cloud-based delivery model-it's a new approach to service that lets companies optimize utilization of in-house IT resources... All Government IT White Papers
- Pre-Engineered solutions from VCE Simplify Core Infrastructure Implementation In this video, the CTO of Purdue Pharma, a privately held pharmaceutical company explains how Purdue transformed their data center infrastructure with VCE.
- Integrated Infrastructure: Simplify Operations, Speed Deployments and Reduce Costs George Weiss, Gartner Vice President and Analyst, and Praveen Akkiraju, CEO of VCE, provide practical information regarding the various aspects of Integrated Infrastructures...
- Video: 5 Secrets To Scaling Enterprise Apps Watch this video to learn how to successfully scale enterprise apps>>
- Collaboration 2013: Where Mobility Meets Connectivity Mobility and collaboration are quickly converging and users are demanding more capabilities. It's no longer enough to enable file sharing. This Webcast dives...
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.