Google's FISMA certification: A technicality, misunderstanding or outright lie?
Summary: A question about Google's security certification for its Government Apps product - and the response from Google about it - is putting the company under an uncomfortable spotlight.
Google has suddenly found itself in hot water, exposed - by Microsoft, no less - for being a "liar, liar" when it comes to the security certification it has been touting for its Google Apps for Government offering.
After all, the revelation that Google's product, in fact, was not certified to be compliant under the Federal Information Security Management Act (FISMA) is pretty major. In part, that's because it's the Apps suite that was tailor-made for government agencies and security - extra security, actually - was one of its biggest selling points.
Now, before anyone gets into some panic over government data no longer being secure, there's little concern that Apps for Government isn't secure or that it won't eventually get its FISMA certification. Apps for Government, as Google explains it, is a more secure subset of Google Apps Premier, a product that obtained FISMA certification well before Government was announced last summer. With that rationale, it's no wonder that Google thought it was OK to go around and start touting Apps for Government as being FISMA-certified.
Unfortunately, the truth got in the way.
Google might have been naive about the way the government's FISMA certification process works and just assumed that since Premier was already certified, then Government must be certified, as well. But as we now know - thanks to Microsoft's discovery of a court document that tells otherwise - that's not how the certification process works.
Google says it has not applied for FISMA certification for Apps for Government, but instead is "updating the existing authorization." At a hearing in Washington earlier today, an official with the General Services Administration said that a product has to be re-certified if it changes - and, in essence, Government is a altered version of Premier. That official said Google's products are going through a re-certification based on the changes, according to a report on the Business Insider blog.
Google can spin this any way it wants but, at the end of the day, it has been deceptive in marketing Google Apps for Government as being FISMA-certified. Ignorance of the process is no excuse.
Simply said, Google - a company that has spent millions of dollars and countless hours developing this suite of applications specifically for government agencies - shouldn't be making assumptions about something as significant as FISMA-certification, especially when that's one of the biggest selling points over the competition. (Microsoft is currently awaiting FISMA-certification for its cloud apps offering, as well.) The only thing Google had to do was ask. Plain and simple.
Instead, Google has done itself a world of harm by making assumptions about government process. It's not only created a feeling of uncertainty around the security of its product but also created a perception of itself as a company that flirts with the truth for the sake of scoring a government contract. Does it really need to give its critics even more reason to argue that its motives are evil?
Sure, when all is said and done, Google will likely be granted FISMA certification for Apps for Government - but the damage will have already been done. Google says its product is FISMA-certified - but how do we really know? Google needs government agencies to take them on their word - but, for the moment, there's not much value behind that word.
Maybe we're splitting hairs here. Maybe this was just a technicality. Maybe it was all a misunderstanding. But as long as Google continues to stick by that lame argument about a certification for Premier also applying to Government, the company won't be able to shake the "Liar, Liar" image that it now has.
And the longer it waits to take its lumps, the harder it will be to shake that image.
Related:
- Microsoft vs. Google war of words: Effective use of time?
- Microsoft and Google: Who's the most FISMA-compliant of them all?
- CNET: Microsoft, Google spar over security certification
- Google announces Apps for Government, announces federal security certification
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
So since MS lied, it's fine for every else to lie
and just say "sorry" when their caught? That is exactly what you're saying, isn't it?
It's a start
Microsoft, Google, and everyone else should at _least_ fess up and apologize. I have not seen this happen yet with either. I think ptorning's point is the irony of a prolific liar calling another, presumably less prolific, liar out. It's not lost on most of us.
He also states:
"If Google has lied, deliberately lied, then is should be dealt-with."
Which would suggest that apologizing is not enough. So are you posting for posting's sake? If not, I missed the value-add of your post.
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
What does Vista Ultimate have to do with FISMA?
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
you fail to see that this has nothing to do with what microsoft did in their past. this has everything to do with what google is doing now. they falsely claim they're certified when their not. that should illegal.
and you're trying to defend google? seriously? when clearly they're in the wrong here? there are some sick people in this world.
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
RE: Google's FISMA certification: A technicality, misunderstanding or outri
If my competitor is a compulsive liar or a thief, this does not give legitimacy to my lying or theft. So, bringing MS behavior related to the matter is irrelevant and uncalled for... That being said, however, the bloggers' tone, perception, and apparent intent about the "guilt" of Google is blown out of proportion. Yes, as much I understand from the news, Google was technically at fault for assuming the FISMA certification of a product which was much more securer and well past the criteria of FISMA certification on the basis of their previous certification for the Premier Apps. It is foolish to speculate that this is remotely related to being insecure. It is a premature thinking that they would do something like this deliberately despite of putting so much efforts and resources into this. Yes, it may be a mark on their credibility but I don't think that it is an irreparable damage, instead gives them an opportunity to improve on such fronts.
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
Message has been deleted.
Nice to see the appologist up early today
Sounds like Microsoft slander by Goofle.
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
if the government who makes the purchasing of the apps will most likely know who is certified from who isn't, correct? therefore, since google apps for goverment is not certified that is why they were left out of the bidding process which is the process google is saying it was unlawfully left out of. Microsoft proved that was a lie and in fact the reason why google was left out is that google doesn't have proper certification.
this whole article sounds like one from one of the BIGGEST google apologist i've seen in many months.
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?
that I understand, but if u read the OP's post, then you would see what I used that as my opening
I will say it again. Google is immature in their engineering.
Google hires some of the smartest engineers out there but they often move too fast without thinking. When you are a small company, you can get away with lots of these things. When you are one of the largest companies on the planet, however, you really need to have oversight of your processes.
What scares me about Page as CEO, he has stated he wants to remove even more oversight. As a share holder, this really scares me.
@Bruizer
Why does the Govt buy non certified apps?
That's what they did, that department decided to standardize on Microsoft online office offering, knowing it had no FISMA certification, not any package of it.
Now they're looking for i not dotted and t's not crossed to cover themselves, and it's nice spin, but it's not the full story.
So that excuses "lying" about the certification?
Simple question. Or just not understanding how certification processes work in general.
RE: Google's FISMA certification: A technicality, misunderstanding or outright lie?