Microsoft: Google Lied About Security Standards of Its Cloud Suite for Government Customers

Google has been touting the fact that its Cloud-based suite of offerings designed for government customers was certified under the Federal Information Security Management Act (FISMA), a small detail which apparently is not true, Microsoft pointed out.

And it’s not exactly Microsoft that’s doing the pointing, since the Redmond company is merely repeating the conclusions of the United States Department of Justice (DOJ).

DOJ reveals that despite the Mountain View search giant’s claims to the contrary, Google Apps for Government has not received FISMA certification.

David Howard, Corporate Vice President & Deputy General Counsel quoted a recently unsealed DOJ brief which states:

“On December 16, 2010, counsel for the Government learned that, notwithstanding Google’s representations to the public at large, its counsel, the GAO and this Court, it appears that Google’s Google Apps for Government does not have FISMA certification.”

Google’s defense is rather simple, and representatives of the company note that they did not in fact, lie, either to the public or to the government.

Google Apps Premier has been FISMA certified by the General Services Administration (GSA), and Google Apps for Government is nothing more than a version of Google Apps Premier, the Mountain View-based search giant notes.

However, despite this claim, fact is that Google Apps Premier and Google Apps for Government are two different products, even though closely related.

According to the DOJ briefing, it is the view of GSA that Google Apps for Government has not been FISMA certified. And after all, it is the GSA that provides FISMA certifications.

And it appears that Google itself views Google Apps Premier and Google Apps for Government as two separate products, one certified and one in the course of receiving its FISMA certification.

“Google can’t be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application for Google Apps for Government?” Howard asked.

“While we wait for Google to provide its side of the story, perhaps it’s time to ask another question: at the very least, isn’t it past time for Google to issue a correction on its website? The Department of Justice has concluded squarely that Google Apps for Government does not have FISMA certification.”