Share This Article:

The battle for the federal cloud took an interesting twist following the unsealing of Department of Justice briefs that reject Google’s assertions its cloud email and collaboration applications are certified as secure under federal guidelines. The assertion could setback Google’s bid to earn a large share of the expanding federal cloud market.

The Justice Department disputes Google's claim that its Web applications have FISMA certification. Google denies misleading the government, saying it does have the credential.

Under federal law, IT vendors must certify their products as secure as prescribed by the 2002 Federal Information Security Management Act. Google has been marketing a special version of its cloud productivity suite – Google Apps for Government – as both secure and FISMA certified. Google is locked in a pitch battle with Microsoft for federal cloud business, and both sides have gone to court to dispute contract awards.

The dispute over the security certification arose in the legal battle for the Department of the Interior’s $59 million email service contract. The Interior Department initially awarded the five-year contract to Microsoft for its BPOS service. Google and its reseller partner, Onix Networking, challenged the award claiming the bidding was expressly designed to exclude non-Microsoft products. The courts initially ruled in Google’s favor and the case is in appeal.

The Justice Department’s position on Google’s FISMA certification is a setback since it would prohibit the sale of the Google service to government agencies. Google’s position is that it did receive certification for a different version of the service, which is virtually the same as the offering in dispute. “Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements… [Google] did not mislead the court or our customers,” said David Mihalchik, who oversees Google’s government software initiatives, in a statement to the Los Angeles Times.

Microsoft was quick to jump on the issue. In a blog post, Microsoft deputy general counsel David Howard wrote, “As I read all this on Friday, my first reaction was that perhaps something positive could come out of Google’s lawsuit. For months a number of people have been asking for details about Google’s FISMA certification. To put it charitably, because of Google’s unwillingness to provide answers, the facts have remained opaque. As a result of the lawsuit, it looks like we finally are beginning to get some answers.”

The picture painted by Howard is that Google deceived both the government and partners of its true FISMA certification status. As he wrote, “Nor does it seem likely that Google believes that the two offerings are so similar that the differences simply won’t matter to people. After all, if the facts are so good, why persist in telling a fiction? Google easily could have explained that it had received certification for Google Apps Premier and was in the process of seeking certification for Google Apps for Government. Instead, Google has continued to state that Google Apps for Government has FISMA certification itself.”

Undoubtedly, Google will come out with a clearer explanation for the FISMA gap. It already holds cloud service contracts with the Department of Energy’s Lawrence Berkeley National Labs, and won the contract to provide email to 15,000 employees at the General Services Administration – the agency that administers the FISMA certification.

Microsoft isn’t exactly without fault in this cloud front. The original bid called for Microsoft products to fulfill Interior’s cloud email requirements. Interior officials claimed they needed Microsoft for compatibility and security reasons. And they further claimed the bidding process was competitive since several Microsoft partners were vying for the deal. Government agencies are prohibited from using specific vendor’s names in requests for proposal, but vendors’ influence in Washington often leads to officials inserting brand names in bid specifications.

And you can’t blame the Interior Department for being cautious about its email and security. For years, the Interior had no email service while it fought a lawsuit brought by Native Americans over trust fund disbursements and the security of their data. When the Interior’s networks were found to be riddled with security problems, the federal courts ordered the entire department disconnected from the Internet.

The legal battle for the Interior cloud service is a harbinger of the level of competition to come in the cloud-computing era. As government agencies and enterprises migrate on-premise applications to the cloud, vendors will engage all measures – including the courts – ensure they get their piece. In the federal and public sector market, solution providers will go along for the ride as government agencies must buy technologies through partners. This could lead to serious disruptions in sales and revenue for some public sector resellers.

The Department of the Interior case is definitely one to watch. Solution providers and vendors alike should maintain a watchful eye as the outcome of the court battle could set the stage for cloud competition standards.

* * *

Lawrence M. Walsh is CEO and president of The 2112 Group, a technology business advisory service that specializes in optimizing indirect channels and partner relationships. He’s also the executive director of the Channel Vanguard Council. He is the former publisher of Channel Insider and editor of VARBusiness Magazine. You can reach him at lmwalsh@the2112group.com.

On Twitter:
Larry Walsh:@lmwalsh2112| Channelnomics: @channelnomics

One Response to “Feds Doubt Google Security Certification”