ie8 fix
Click Here

All About Microsoft

Mary-Jo Foley
Home / News & Blogs / All About Microsoft

Microsoft and Google: Who's the most FISMA-compliant of them all?

By | April 11, 2011, 3:01pm PDT

Summary: There’s one thing that seems to be lost in the latest debate between Microsoft and Google, which erupted on April 11 over FISMA-certification of their cloud-hosted app offerings. Neither company has yet achieved FISMA certification status for the federal versions of their wares.

There’s one thing that seems to be lost in the latest debate between Microsoft and Google, which erupted on April 11 over FISMA-certification of their cloud-hosted app offerings. Neither company has yet achieved FISMA certification status for the federal versions of their wares.

Google officials said last year that its Google Apps offering was FISMA-certified and highlighted that as a distinction separating it from Microsoft’s Business Productivity Online Suite (BPOS). It turns out that Google Apps for Government is not FISMA-certified, even though Google Apps Premier is, as just-unsealed documents made public by the Department of Justice have revealed.

Microsoft also still has not achieved FISMA certification for BPOS. Last summer when I asked, I was told BPOS-Federal would get the FISMA nod “very soon.” When I asked again today when it would achieve that state, I was told “imminently.”

Is this more than yet another war of words between the two adversaries?

FISMA, the Federal Information Security Management Act (FISMA) specifies a “comprehensive framework to protect government information, operations and assets against natural or manmade threats.” Many federal agenciesstipulate FISMA certification as a requirement for their IT solutions. FISMA certification and accreditation is confirmed by the General Services Administration — which just so happened to be deciding upon a new e-mail system last summer.

Google called out Google Apps for Government at that time as “the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government.”

It turns out that Google Apps Premier — not the federally-focused Apps for Government — got the FISMA nod. Google is not seeking separate FISMA authorization for Google Apps for Government, however, because the Government and Premier products are almost identical, officials said. Google is simply “updating the existing authorization,” a Google spokesperson said. When will that happen? “Imminently.”

Hmm. Haven’t I heard that somewhere before?

Bottom line: Neither Google nor Microsoft can yet claim the FISMA crown for their federal cloud solutions — in spite of Google’s claims to the contrary last year.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “All About Microsoft”

Topics

Google Inc., Google Apps, FISMA, Microsoft Corp., FISMA-certification, Government, Mary Jo Foley

Mary Jo has covered the tech industry for more than 25 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Disclosure

Mary-Jo Foley

Freelance journalist/blogger Mary Jo Foley has nothing to disclose. WYSIWYG (what you see is what you get). I do not own Microsoft stock or stock in any of its partners or competitors. I have no business ventures that are sponsored by/funded by Microsoft or any of its partners or competitors.

Biography

Mary-Jo Foley

Mary Jo Foley has covered the tech industry for 25 years for a variety of publications, including ZDNet, eWeek and Baseline. She has kept close tabs on Microsoft strategy, products and technologies for the past 10 years. In the late 1990s, she penned the award-winning "At The Evil Empire" column for ZDNet, and more recently the Microsoft Watch blog for Ziff Davis.

Got a tip? Send her an email with your rants, rumors, tips and tattles. Confidentiality guaranteed.

23
Comments
Add Your Opinion

Join the conversation!

Just In

dough rounder
dough rounder 9th Jan
It's a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a designer to create your theme? Excellent work!
Howdy! I could have sworn I've been to this blog before but after browsing through some of the post I realized it's new to me. Anyways, I'm definitely happy I found it and I'll be book-marking and checking back often!
Hi there! Would you mind if I share your blog with my myspace group? There's a lot of folks that I think would really appreciate your content. Please let me know. Thanks
Hey there, I think your website might be having browser compatibility issues.
know more information please contact me (Michael Ling ) http://www.chinacateringequipment.com

http://www.marklinecatering.com/
View in thread
0 Votes
+ -
Not to defend the horendous history of insecurity of MS ... but
wackoae 11th Apr 2011
... but they are 100% right on this issue.

Google Apps have never being FISMA certified. So MS is correct at pointing out that Google reps are lying their rear ends off when claiming that they are.

On top of that Google Apps aren't even good enough to call beta, much less good enough for production usage. The "suite" (if you can call it that) is buggy, slow, crappy and above all highly insecure.

Some people who just look at basic text documents may find Google Apps useful. But for people in the "real world", Google Apps aren't even close to be useful. In fact, Google Apps haven't even reached the the level of usability that OpenOffice,org had before it was released as v1.0 .... and that is saying a lot.
0 Votes
+ -
Rubbish
guihombre 12th Apr 2011
"Google Apps have never being FISMA certified"

Yes it was, in July 2010. Here from the DOI brief Microsoft is quoting selectively:
"DOI also considered the impact of the FISMA certification for Google Apps and determined that, by itself, this fact did not indicate that Google Apps satisfies DOI?s enhanced security requirements.?

So DOI claims that the FISMA certification of Google Apps isn't sufficient to qualify for DOIs security standard.

"On top of that Google Apps aren't even good enough to call beta, much less good enough for production usage."

First they ignore you then they attack you then you win.

In the real world, MS is so sh*t scared of them, we have to read endless BS stories like this one, false claims of copyright infringement for include headers, now a claim that their FISMA is invalid, even though the apps are the same apps.

It tells me that Microsoft have NO TECHNICAL ADVANTAGE, because if they did, they'd be pushing that instead of these lawyer tricks.

They're competing against Microsoft BPOS-Federal which is Microsoft online suite.... which isn't certified, doesn't have the volume of existing users and wasn't price competitive. Yet was chosen in some dodgy no bid process that Google is now challenging in court.

Good luck to Google with that, and the sooner Microsoft sacks Balmer and gets a proper engineer in there to run the show, the sooner they'll be back to competing on the products they sell.
0 Votes
+ -
Interesting reply.
Joe.Smetona Updated - 12th Apr 2011
@guihombre I've been thinking along those lines recently and I've been using Linux for over 8 years now. I've come to the conclusion that for Government work, Open Source is the only way to go. There can be no hiding covert actions when using open source. Specifically, I've begun to see MS as a very hollow company, with their products being a Frankenstein creation using a laundry list of technologies bought from takeovers of smaller companies. I was astounded to see that all the technologies I believed to be developed by Microsoft were actually from smaller companies that were acquired all the way back to DOS. I don't think they have a real handle on their own software because they didn't create it.

I have a lot of empathy for Microsoft users and their problems. Non-technical users are being run through the coals with a product that falls short on promises.

Over the decades, I've seen a pattern with MS. I kept asking myself, how come so many virus infections with their OS? It seemed to always be a cat and mouse game between MS, the AV companies, Critical Updates and users being instructed on how to tune their computers to prevent malware infections (ex. Ed Bott).

Open Source software works so much better and doesn't have virus problems, even with no Anti-Virus program being used.

My conclusion is MS is using Closed Source to cloak their code instead of providing real thought-out security. In doing this, they have a symbiotic relationship with AV providers and groups who discover unknown problems. The cycle will eventually culminate in the creation of a Security Fix or Update. This saves Microsoft millions of dollars. They can focus their energy on whipping out new products with new features like Win8. Look at the ZDNet articles on new Microsoft products. You will almost never find a mention of security improvements. If you think about this, it really makes sense. You don't have to look any further than botnets, in particular Stuxnet, which is considered the most sophisticated Botnet. It will exit if it does not find Windoww products.

Unfortunately for this business model, times changed and devices and software are available now that can reverse engineer an OS to a great extent. Years ago, I tried a Mutek Black Box on our flagship CAD program. Just opening the program, drawing one line and closing the program resulted in over 30,000 entries in the black box software. Microsoft doesn't have a chance anymore, because the ambiguity provided by Closed Source doesn't work.

Open Source, on the other hand, has to be designed with security in mind. It has to be thought out because there will be no cloaking from Open Source. I've been using Linux for 8 years without any AV and have never had an issue, so for me personally, I don't have to worry about Microsoft.

The way I see it, they are playing the American public for fools by working in closed source. XP and IE-6 is not dead. Virtually all businesses use them and I have never seen a corporate upgrade to Vista or Win7. There is a reason for the popularity of Windows XP. It has been around for over 10 years. Using my above theory, there has been an extraordinarily long time for Anti-Virus companies and zero-day research groups to provide feedback to Microsoft. Microsoft in turn has received enough external feedback to provide 10 years of critical updates and service packs. The program is sufficiently stable and users have become aware of it's maturity. It's still no where as secure as open source Linux, but they are not going to give it up. Microsoft's reward to their loyal customers was to ban them from using IE-9.

The world caught up to (and surpassed) the Microsoft money machine.
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
Karston1234 20th Sep
Yet was chosen in some dodgy no bid process that Google is now challenging in court. Custom Essay
custom book report
Buy Thesis
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
Karston1234 20th Sep
It tells me that Microsoft have NO TECHNICAL ADVANTAGE, because if they did, they'd be pushing that instead of these lawyer tricks. Buy Admission Essay
Book Report Help
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
Shamrock12 28th Sep
Google called out Google Apps for Government at that time as ???the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government.??? high school diploma
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
Ibiossa Updated - 10th Nov
I think both gigantic companies are scared one from another. The competition is tough and they make everythig to lead the worl in their domain of activity. http://www.handyortungkostenlos.eu/Prepaid-Handy-Orten/
0 Votes
+ -
Google Apps are FISMA. Google Apps for Government are not.
Bruizer 12th Apr 2011
@wackoae

Two different products. Two different certifications.

This is yet another example where Google hires very intelligent engineers but misses the big picture on many things and is very immature in their decision making processes.

From a quality stand point, Google Apps are good for a school project but fall apart quickly on large complex documents sets.
0 Votes
+ -
I think Google Apps have their place.
Joe.Smetona Updated - 12th Apr 2011
@wackoae ... They are valuable on the fly, if you need to read something on someone else's computer.

I prefer OpenOffice (on Linux) than MS Office. MS is tied too closely into the OS with Active-X. I've never gotten the OLE functions to work the way they were supposed to. And if I did get close, the links would break easily.

It's easy to create a spreadsheet in OO and convert it to .xls for distribution to MS Office users within a company.

My daughter has been using OpenOffice for 4 years of HS and College. She does not have access to MS Office and everything has been smooth as silk. She uses an inexpensive Acer notebook with Linux Mint.

I have no problems with Google, I've been using Gmail since 2/2005 with over 55,000 archived emails. (54%). Also, Google calendar is extremely powerful.
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
prolanguage1 18th Oct
@wackoae They're competing against Microsoft BPOS-Federal which is Microsoft online suite.... which isn't certified, doesn't have the volume of existing users and wasn't price competitive. Yet was chosen in some dodgy no bid process that Google is now challenging in court. Uebersetzungsbuero Uebersetzung Deutsch Italienisch Uebersetzung Uebersetzung Deutsch Englisch
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
Randalllind 14th Apr 2011
If Steve had balls he would do an hassle take over of Google and be done with it.
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
tomlin21-24319035676893835085146735905770 11th Oct
Fantastic composing. Would buy jerseys you ideas me submitting an internet site website link of this text on my blog? It'll help my viewers simultaneously.
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
Ibiossa 10th Nov
I am wonder why you must compare Microsoft with Google?
http://www.handyortungkostenlos.eu/Prepaid-Handy-Orten/
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
makrekdw4001-24353677471932760034751638734215 Updated - 10th Nov
Wonderful blogging site web site! I almost always like the method by which chances are it will always be amazing on my smaller imaginative and prescient vision seeing that effectively information and facts are precisely efficiently and also. pittsburgh steelers jerseys,peyton hillis jersey,peyton manning jersey,ray lewis jersey,desean jackson jersey, I personally impressed the particular web-site on the internet moment from the past, considering the amazing advice actually are, may perhaps be that this In an attempt to necessary to are desperate for the gorgeous final many days period, cheers
0 Votes
+ -
ice machine
ice makers 10th Nov
I'm having some minor security problems with my latest website and I'd like to find something more safeguarded. Do you have any recommendations? ice machine
0 Votes
+ -
RE: Microsoft and Google: Who's the most FISMA-compliant of them all?
Nagelstudio in Hamburg 16th Nov
@ice makers this is exactly my opinion too. Very good answer!
Nagelstudio Harburg
0 Votes
+ -
ice maker machine
ice makers 10th Nov
This type of clever work and coverage! Keep up the great works guys I've included you guys to blogroll.http://www.cbfi-icemachine.com
0 Votes
+ -
hang tag
ice machine 11th Nov
no coding knowledge so I wanted to get advice from someone with experience. Any help would be greatly appreciated!http://www.bestgarmentaccessories.com/
0 Votes
+ -
dough rounder
dough rounder 8th Dec
I'm kinda paranoid about losing everything I've worked hard on. Any tips?
Hello there! Do you know if they make any plugins to help with SEO? I'm trying to get my blog to rank for some targeted keywords but I'm not seeing very good gains. If you know of any please share. Appreciate it!
I know this if off topic but I'm looking into starting my own weblog and was curious what all is needed to get set up? I'm assuming having a blog like yours would cost a pretty penny? I'm not very internet smart so I'm not 100% certain. Any suggestions or advice would be greatly appreciated. Cheers
Hmm is anyone else experiencing problems with the images on this blog loading?
0 Votes
+ -
dough rounder
dough rounder 8th Dec
I'm trying to find out if its a problem on my end or if it's the blog. Any feed-back would be greatly appreciated.
I'm not sure why but this weblog is loading extremely slow for me. Is anyone else having this problem or is it a issue on my end? I'll check back later and see if the problem still exists.
Hi! I'm at work browsing your blog from my new apple iphone! Just wanted to say I love reading your blog and look forward to all your posts! Keep up the superb work!
Wow that was odd. I just wrote an very long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm not writing a http://www.chinacateringequipment.com
0 Votes
+ -
convection oven
dough rounder 11th Dec
I suppose for now i'll settle for book-marking and adding your RSS feed to my Google account. I look forward to new updates and will talk about this site with my Facebook group. Talk soon!
Greetings from Los angeles! I'm bored at work so I decided to check out your blog on my iphone during lunch break.
know more information please contact me (Michael Ling ) http://www.chinacateringequipment.com
0 Votes
+ -
convection oven
dough rounder 11th Dec
I'd be very grateful if you could elaborate a little bit further. Appreciate it!
Hello there! I know this is kind of off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I'm using the same blog platform as yours and I'm having difficulty finding one? Thanks a lot!
When I originally commented I clicked the "Notify me when new comments are added" checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove me from that service? Appreciate it!
Hello there! This is my first visit to your blog!


We are a group of volunteers and starting a new project in a community in the same niknow more information please contact me (Michael Ling ) http://www.chinacateringequipment.com
0 Votes
+ -
dough rounder
dough rounder 9th Jan
It's a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a designer to create your theme? Excellent work!
Howdy! I could have sworn I've been to this blog before but after browsing through some of the post I realized it's new to me. Anyways, I'm definitely happy I found it and I'll be book-marking and checking back often!
Hi there! Would you mind if I share your blog with my myspace group? There's a lot of folks that I think would really appreciate your content. Please let me know. Thanks
Hey there, I think your website might be having browser compatibility issues.
know more information please contact me (Michael Ling ) http://www.chinacateringequipment.com

http://www.marklinecatering.com/

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix