MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Microsoft

Microsoft and Google: Who's the most FISMA-compliant of them all?

Summary: There's one thing that seems to be lost in the latest debate between Microsoft and Google, which erupted on April 11 over FISMA-certification of their cloud-hosted app offerings. Neither company has yet achieved FISMA certification status for the federal versions of their wares.

Mary Jo Foley

By for All About Microsoft |

There's one thing that seems to be lost in the latest debate between Microsoft and Google, which erupted on April 11 over FISMA-certification of their cloud-hosted app offerings. Neither company has yet achieved FISMA certification status for the federal versions of their wares.

Google officials said last year that its Google Apps offering was FISMA-certified and highlighted that as a distinction separating it from Microsoft's Business Productivity Online Suite (BPOS). It turns out that Google Apps for Government is not FISMA-certified, even though Google Apps Premier is, as just-unsealed documents made public by the Department of Justice have revealed.

Microsoft also still has not achieved FISMA certification for BPOS. Last summer when I asked, I was told BPOS-Federal would get the FISMA nod "very soon." When I asked again today when it would achieve that state, I was told "imminently."

Is this more than yet another war of words between the two adversaries?

FISMA, the Federal Information Security Management Act (FISMA) specifies a “comprehensive framework to protect government information, operations and assets against natural or manmade threats.” Many federal agenciesstipulate FISMA certification as a requirement for their IT solutions. FISMA certification and accreditation is confirmed by the General Services Administration — which just so happened to be deciding upon a new e-mail system last summer.

Google called out Google Apps for Government at that time as "the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government."

It turns out that Google Apps Premier -- not the federally-focused Apps for Government -- got the FISMA nod. Google is not seeking separate FISMA authorization for Google Apps for Government, however, because the Government and Premier products are almost identical, officials said. Google is simply "updating the existing authorization," a Google spokesperson said. When will that happen? "Imminently."

Hmm. Haven't I heard that somewhere before?

Bottom line: Neither Google nor Microsoft can yet claim the FISMA crown for their federal cloud solutions -- in spite of Google's claims to the contrary last year.

Topics: Microsoft, Apps, Google, Government, Government US

About

Mary Jo has covered the tech industry for more than 25 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion

  • Not to defend the horendous history of insecurity of MS ... but

    ... but they are 100% right on this issue.

    Google Apps have never being FISMA certified. So MS is correct at pointing out that Google reps are lying their rear ends off when claiming that they are.

    On top of that Google Apps aren't even good enough to call beta, much less good enough for production usage. The "suite" (if you can call it that) is buggy, slow, crappy and above all highly insecure.

    Some people who just look at basic text documents may find Google Apps useful. But for people in the "real world", Google Apps aren't even close to be useful. In fact, Google Apps haven't even reached the the level of usability that OpenOffice,org had before it was released as v1.0 .... and that is saying a lot.
    wackoae
    Reply Vote

    • Rubbish

      "Google Apps have never being FISMA certified"

      Yes it was, in July 2010. Here from the DOI brief Microsoft is quoting selectively:
      "DOI also considered the impact of the FISMA certification for Google Apps and determined that, by itself, this fact did not indicate that Google Apps satisfies DOI?s enhanced security requirements.?

      So DOI claims that the FISMA certification of Google Apps isn't sufficient to qualify for DOIs security standard.

      "On top of that Google Apps aren't even good enough to call beta, much less good enough for production usage."

      First they ignore you then they attack you then you win.

      In the real world, MS is so sh*t scared of them, we have to read endless BS stories like this one, false claims of copyright infringement for include headers, now a claim that their FISMA is invalid, even though the apps are the same apps.

      It tells me that Microsoft have NO TECHNICAL ADVANTAGE, because if they did, they'd be pushing that instead of these lawyer tricks.

      They're competing against Microsoft BPOS-Federal which is Microsoft online suite.... which isn't certified, doesn't have the volume of existing users and wasn't price competitive. Yet was chosen in some dodgy no bid process that Google is now challenging in court.

      Good luck to Google with that, and the sooner Microsoft sacks Balmer and gets a proper engineer in there to run the show, the sooner they'll be back to competing on the products they sell.
      guihombre
      Reply Vote

      • Interesting reply.

        @guihombre I've been thinking along those lines recently and I've been using Linux for over 8 years now. I've come to the conclusion that for Government work, Open Source is the only way to go. There can be no hiding covert actions when using open source. Specifically, I've begun to see MS as a very hollow company, with their products being a Frankenstein creation using a laundry list of technologies bought from takeovers of smaller companies. I was astounded to see that all the technologies I believed to be developed by Microsoft were actually from smaller companies that were acquired all the way back to DOS. I don't think they have a real handle on their own software because they didn't create it.<br><br>I have a lot of empathy for Microsoft users and their problems. Non-technical users are being run through the coals with a product that falls short on promises.<br><br>Over the decades, I've seen a pattern with MS. I kept asking myself, how come so many virus infections with their OS? It seemed to always be a cat and mouse game between MS, the AV companies, Critical Updates and users being instructed on how to tune their computers to prevent malware infections (ex. Ed Bott).<br><br>Open Source software works so much better and doesn't have virus problems, even with no Anti-Virus program being used.<br><br><font color=navy><b>My conclusion is MS is using Closed Source to cloak their code instead of providing real thought-out security.</b> In doing this, they have a symbiotic relationship with AV providers and groups who discover unknown problems. The cycle will eventually culminate in the creation of a Security Fix or Update. <b>This saves Microsoft millions of dollars.</b> They can focus their energy on whipping out new products with new features like Win8. Look at the ZDNet articles on new Microsoft products. You will almost never find a mention of security improvements. If you think about this, it really makes sense. You don't have to look any further than botnets, in particular Stuxnet, which is considered the most sophisticated Botnet. It will exit if it does not find Windoww products.<br><br>Unfortunately for this business model, times changed and devices and software are available now that can reverse engineer an OS to a great extent. Years ago, I tried a Mutek Black Box on our flagship CAD program. Just opening the program, drawing one line and closing the program resulted in over 30,000 entries in the black box software. <b>Microsoft doesn't have a chance anymore, because the ambiguity provided by Closed Source doesn't work.</b><br><br>Open Source, on the other hand, has to be designed with security in mind. It has to be thought out because there will be no cloaking from Open Source. I've been using Linux for 8 years without any AV and have never had an issue, so for me personally, I don't have to worry about Microsoft. <br><br>The way I see it, they are playing the American public for fools by working in closed source. XP and IE-6 is not dead. Virtually all businesses use them and I have never seen a corporate upgrade to Vista or Win7.<b> There is a reason for the popularity of Windows XP. It has been around for over 10 years. Using my above theory, there has been an extraordinarily long time for Anti-Virus companies and zero-day research groups to provide feedback to Microsoft. Microsoft in turn has received enough external feedback to provide 10 years of critical updates and service packs. The program is sufficiently stable and users have become aware of it's maturity. It's still no where as secure as open source Linux, but they are not going to give it up. Microsoft's reward to their loyal customers was to ban them from using IE-9.</b><br><br>The world caught up to (and surpassed) the Microsoft money machine.</font>
        Joe.Smetona
        Reply Vote

      • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

        Yet was chosen in some dodgy no bid process that Google is now challenging in court.<a href="http://www.papermoz.com/essays/">Custom Essay</a>
        <a href="http://www.papermoz.com/book-reports/">custom book report</a>
        <a href="http://www.papermoz.co.uk/theses/">Buy Thesis</a>
        Karston1234
        Reply Vote

      • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

        It tells me that Microsoft have NO TECHNICAL ADVANTAGE, because if they did, they'd be pushing that instead of these lawyer tricks.<a href="http://www.papermoz.co.uk/admission-essay/">Buy Admission Essay</a>
        <a href="http://www.papermoz.co.uk/book-reports/">Book Report Help</a>
        Karston1234
        Reply Vote

      • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

        Google called out Google Apps for Government at that time as ???the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government.???<a href="http://www.adisonhighschool.com/">high school diploma</a>
        Shamrock12
        Reply Vote

      • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

        I think both gigantic companies are scared one from another. The competition is tough and they make everythig to lead the worl in their domain of activity. http://www.handyortungkostenlos.eu/Prepaid-Handy-Orten/
        Ibiossa
        Reply Vote

    • Google Apps are FISMA. Google Apps for Government are not.

      @wackoae

      Two different products. Two different certifications.

      This is yet another example where Google hires very intelligent engineers but misses the big picture on many things and is very immature in their decision making processes.

      From a quality stand point, Google Apps are good for a school project but fall apart quickly on large complex documents sets.
      Bruizer
      Reply Vote

    • I think Google Apps have their place.

      @wackoae ... They are valuable on the fly, if you need to read something on someone else's computer.<br><br>I prefer OpenOffice (on Linux) than MS Office. MS is tied too closely into the OS with Active-X. I've never gotten the OLE functions to work the way they were supposed to. And if I did get close, the links would break easily.<br><br>It's easy to create a spreadsheet in OO and convert it to .xls for distribution to MS Office users within a company.

      My daughter has been using OpenOffice for 4 years of HS and College. She does not have access to MS Office and everything has been smooth as silk. She uses an inexpensive Acer notebook with Linux Mint.<br><br>I have no problems with Google, I've been using Gmail since 2/2005 with over 55,000 archived emails. (54%). Also, Google calendar is extremely powerful.
      Joe.Smetona
      Reply Vote

    • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

      @wackoae They're competing against Microsoft BPOS-Federal which is Microsoft online suite.... which isn't certified, doesn't have the volume of existing users and wasn't price competitive. Yet was chosen in some dodgy no bid process that Google is now challenging in court. <a href="http://www.profischnell.com/uebersetzungsbuero/uebersetzungsbuero.html">Uebersetzungsbuero</a> <a href="http://www.profi-fachuebersetzung.de">Uebersetzung Deutsch Italienisch</a> <a href="http://www.profi-fachuebersetzungen.de">Uebersetzung</a> <a href="http://www.uebersetzung-deutsch-englisch.com">Uebersetzung Deutsch Englisch</a>
      prolanguage1
      Reply Vote

  • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

    If Steve had balls he would do an hassle take over of Google and be done with it.
    Randalllind
    Reply Vote

  • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

    Fantastic composing. Would <a href="http://www.nfljersey-eshop.com/" style="text-decoration: none; color: black;">buy jerseys</a> you ideas me submitting an internet site website link of this text on my blog? It'll help my viewers simultaneously.
    tomlin21-24319035676893835085146735905770
    Reply Vote

  • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

    I am wonder why you must compare Microsoft with Google?
    http://www.handyortungkostenlos.eu/Prepaid-Handy-Orten/
    Ibiossa
    Reply Vote

  • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

    Wonderful blogging site web site! I almost always like the method by which chances are it will always be amazing on my smaller imaginative and prescient vision seeing that effectively information and facts are precisely efficiently and also. [url=http://www.nfl-rush.com/]pittsburgh steelers jerseys[/url],[url=http://www.nfl-rush.com/peyton-hillis-jersey-youth-peyton-hillis-jersey-kids]peyton hillis jersey[/url],[url=http://www.nfl-rush.com/peyton-manning-jersey-indianapolis-colts-peyton-manning-jersey-large]peyton manning jersey[/url],[url=http://www.nfl-rush.com/ray-lewis-jersey-kids-reebok-ray-lewis-jersey]ray lewis jersey[/url],[url=http://www.nfl-rush.com/desean-jackson-jersey-desean-jackson-jersey-kids]desean jackson jersey[/url], I personally impressed the particular web-site on the internet moment from the past, considering the amazing advice actually are, may perhaps be that this In an attempt to necessary to are desperate for the gorgeous final many days period, cheers
    makrekdw4001-24353677471932760034751638734215
    Reply Vote

  • ice machine

    I'm having some minor security problems with my latest website and I'd like to find something more safeguarded. Do you have any recommendations?<a href="http://www.cbfi-icemachine.com">ice machine</a>
    ice makers
    Reply Vote

    • RE: Microsoft and Google: Who's the most FISMA-compliant of them all?

      @ice makers this is exactly my opinion too. Very good answer!
      <a href="http://www.nagelstudio-harburg.com">Nagelstudio Harburg</a>
      Nagelstudio in Hamburg
      Reply Vote

  • ice maker machine

    This type of clever work and coverage! Keep up the great works guys I've included you guys to blogroll.http://www.cbfi-icemachine.com
    ice makers
    Reply Vote

  • hang&Acirc;&nbsp;tag

    no coding knowledge so I wanted to get advice from someone with experience. Any help would be greatly appreciated!http://www.bestgarmentaccessories.com/
    ice machine
    Reply Vote

  • dough rounder

    I'm kinda paranoid about losing everything I've worked hard on. Any tips?
    Hello there! Do you know if they make any plugins to help with SEO? I'm trying to get my blog to rank for some targeted keywords but I'm not seeing very good gains. If you know of any please share. Appreciate it!
    I know this if off topic but I'm looking into starting my own weblog and was curious what all is needed to get set up? I'm assuming having a blog like yours would cost a pretty penny? I'm not very internet smart so I'm not 100% certain. Any suggestions or advice would be greatly appreciated. Cheers
    Hmm is anyone else experiencing problems with the images on this blog loading?
    dough rounder
    Reply Vote

  • dough rounder

    I'm trying to find out if its a problem on my end or if it's the blog. Any feed-back would be greatly appreciated.
    I'm not sure why but this weblog is loading extremely slow for me. Is anyone else having this problem or is it a issue on my end? I'll check back later and see if the problem still exists.
    Hi! I'm at work browsing your blog from my new apple iphone! Just wanted to say I love reading your blog and look forward to all your posts! Keep up the superb work!
    Wow that was odd. I just wrote an very long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm not writing a http://www.chinacateringequipment.com
    dough rounder
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close