In a scathing blog post, one of Microsoft’s top lawyers cited previously withheld U.S. Department of Justice court documents that allege Google has been falsely claiming that its Google Apps for Government service has an important security certification.
The two companies have been pitched in a fierce battle for government customers and have been trading barbs and in some cases lawsuits over the past year.
On Monday, Microsoft said that court documents related to a case Google filed charging the government with unfairly favouring Microsoft were unsealed. Those documents include a brief from the Department of Justice noting that “notwithstanding Google’s representations to the public at large, its counsel, the GAO and this Court, it appears that Google’s Google Apps for Government does not have FISMA certification.”
The Federal Information Security Management Act (FISMA) set a stringent security standard that some federal agencies must require their vendors to comply with.
On official Web sites, Google prominently markets Google Apps for Government as FISMA-certified.
Microsoft notes that a version of the service, Google Apps Premier, has been certified for FISMA. However, the DOJ explained in its December filing that Google Apps for Government is a more restrictive version of the product and that Google is still in the process of finishing its application for FISMA certification for the product.
Google argues that the two services are essentially the same. “We did not mislead the court or our customers,” David Mihalchik, a spokesman for Google Enterprise, said in a statement in response to Microsoft’s charges. “Google Apps received a FISMA security authorization from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.”
Microsoft acknowledged that there are two sides to every story, but not without taking the opportunity to criticize Google.
“As I read all this on Friday, my first reaction was that perhaps something positive could come out of Google’s lawsuit. For months a number of people have been asking for details about Google’s FISMA certification. To put it charitably, because of Google’s unwillingness to provide answers, the facts have remained opaque,” David Howard, deputy general counsel for Microsoft, wrote in the blog post.
“As I thought about this further, my second reaction was to wonder what Google is thinking as it continues to claim that Google Apps for Government has FISMA certification. I don’t pretend to have all the answers and I acknowledge that there are frequently two sides to a story,” he wrote. “But what is the other side of the story in this instance?”
Microsoft hasn’t yet achieved full FISMA certification for its hosted BPOS Federal offering. It is currently going through FISMA certification with the USDA and has temporary FISMA authority to operate from USDA. It expects final certification soon.
As Google and Microsoft compete for potentially lucrative government deals, both have had successes and challenges. Google has won deals to supply hosted services to the GSA as well as agencies in Washington, D.C.; Orlando; the state of Wyoming; Larimer County, Colorado; the state of New Mexico attorney general; and Multnomah County, Oregon.
Google won a high-profile contract with the city of Los Angeles but faced deployment delays, in part due to security concerns from the police department.
Microsoft has signed some large government deals as well, including with the USDA, New York City, agencies in California and the state of Minnesota. But it faced criticism in December after its commercial hosted service accidentally let businesses access and download data belonging to other customers.