In a breathless blog post, Microsoft recently suggested we intentionally misled the U.S. government over our compliance with the Federal Information Security Management Act (FISMA). Microsoft claims we filed a separate FISMA application for Google Apps for Government, then leaps to the conclusion that Google Apps for Government is not FISMA certified. These allegations are false.
We take the federal government’s security requirements seriously and have delivered on our promise to meet them. What’s more, we’ve been open and transparent with the government, and it’s irresponsible for Microsoft to suggest otherwise.
Let’s look at the facts. We received FISMA authorization for Google Apps from the General Services Administration (GSA) in July 2010. Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system. It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application.
This was reflected in yesterday’s Congressional testimony from the GSA: “...we're actually going through a re-certification based on those changes that Google has announced with the ‘Apps for Government’ product offering.”
FISMA anticipates that systems will change over time and provides for regular reauthorization—or re-certification—of systems. We regularly inform GSA of changes to our system and update our security documentation accordingly. The system remains authorized while the changes are evaluated by the GSA. We submitted updates earlier this year that included, among other changes, a description of the Google Apps for Government enhancements.
We’ve been very transparent about our FISMA authorization. Our documentation has always been readily available for any government agency to review, and dozens of officials from a range of departments and agencies have availed themselves of the opportunity to learn more about how we keep our customers’ data secure.
We’ll continue to update our documentation to reflect new capabilities in Google Apps. This continuous innovation is an important reason government customers select our service. We’re confident that Microsoft will also re-authorize their applications on a regular basis, once they receive FISMA authorization. We look forward to continuing to work with governments around the world to bring them the many benefits of cloud computing.
6 comments:
The simple fact is, folks, that Google Apps for Government is a SUBSET of Google Apps Premier Edition. Though it may consist of "the same technology", it is a DIFFERENT PRODUCT. Thus it surely deserves separate attention.
You should be willing to allow others to provide LOGICAL proof to your assertion that it is "more secure" (and indeed that "subsetting" has not resulted in omission of some element[s] crucial to the standards of security demanded by FISMA standards).
What?!? Microsoft spreading FUD about a competitor? I cannot believe that!
In other words, Google Apps for Government would not require a separate application.
----
Then why Google filed FISMA for GoogleApps for Government?
Microsoft attacking a competitor that built a more secure product? That almost never doesn't happen.
That's business when your model is to be a "fast following" instead of innovating..
It appears that Microsoft wasn't FISMA certified in the first place. Don't throw stones when you have a glass roof. http://www.groklaw.net/article.php?story=20110413220154117
Perhaps Microsoft owes Google an apology:
http://www.businessinsider.com/dear-microsoft-you-owe-google-an-apology-2011-4
I think the separate application was filed prior to them finding that it wasn't necessary.
Post a Comment
Thank you for sharing your feedback with the Google Enterprise team. We will respond to open issues addressed in Comments with future posts on this blog. We appreciate your interest in Google Enterprise.