accusing Google of providing misleading information about whether or not its Google Apps for Government is certified under the Federal Information Security Management Act (FISMA).Microsoft is
The roots of the accusation, laid out today in a blog post by Microsoft Corporate Vice President & Deputy General Counsel David Howard, date back to last fall, when the Department of Interior awarded Microsoft with the contract to upgrade its email system and move it to the cloud. Google filed a lawsuit requesting an injunction and claiming that the selection process was unfair.
We've updated this story with a statement from Google
Following the success of its Apps for Business and Apps for Education offerings, Google has tried to make in-roads into government cloud contracts as well, which do require some additional security measures. And that's what today's brush-up involves.
Google has claimed that its Apps for Government does met the minimum security requirements for government IT, but according to a Department of Justice brief unsealed last week, "notwithstanding Google's representations to the public at large, its counsel, the GAO and this Court, it appears that Google's Google Apps for Government does not have FISMA certification."
Google says that Google Apps for Government has received this certification, and had made a point in its lawsuit that it deserved consideration for the federal contract because Microsoft's rival offering, Business Productivity Online Suite, did not have FISMA certification.
Google does have FISMA certification for Google Apps Premiere, but not for the Apps for Government, although that claim does appear on its website.
As Howard points out, "Google can't be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application for Google Apps for Government?"
Of course, Microsoft has its own motivations for painting Google's lack of FISMA certification in this light. As Howard notes, the Department of Interior isn't moving forward with the installation of Microsoft's cloud offerings, and other government contracts are probably facing extra scrutiny as well.
We have reached out to Google for comment, and we'll update this story when we hear more.
Update: The following is a statement from David Mihalchik, Google Enterprise:
This case is about the Department of Interior limiting its proposal to one product that isn't even FISMA certified, so this question is unrelated to our request that DOI allow for a true competition when selecting its technology providers.
Even so, we did not mislead the court or our customers. Google Apps received a FISMA security authorization from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we're working with GSA to continuously update our documentation with these and other additional enhancements.