Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Cloud Google Government Microsoft Security Technology

Groklaw: Microsoft Cloud Services Aren't FISMA Certified 152

doperative writes with this excerpt from Groklaw: "If you were as puzzled as I was by the blog fight, as Geekwire calls it, between Google and Microsoft over whether or not Google was FISMA certified, then you will be glad to know I gathered up some of the documents from the case, Google et al v. USA, and they cause the mists to clear. I'll show you what I found, but here's the funny part — it turns out it's Microsoft whose cloud services for government aren't FISMA certified. And yet, the Department of the Interior chose Microsoft for its email and messaging cloud solution, instead of Google's offering even though Google today explains that in [actuality] its offering actually is. It calls Microsoft's FUD 'irresponsible.'"
This discussion has been archived. No new comments can be posted.

Groklaw: Microsoft Cloud Services Aren't FISMA Certified

Comments Filter:
  • Maybe Groklaw should stick around?
    • This is really strange that they're coming up with good stuff like this right before going away.

    • by 517714 ( 762276 ) on Thursday April 14, 2011 @07:23PM (#35823974)

      Not if this is the trend. Where are the links to the original sources - DOI RFQ, Google's complaint, the DOJ brief, and the amicus briefs? This was the worst bit of reporting I have seen from Groklaw, and I believe Google's suit is valid.

      If you read the RFQ you can see that the DOI did not issue a competitive request as they should have, but that FISMA certification was to be achieved after the contract was issued so it is a non-issue.

      Google's complaint is whiny and overlong and full of irrrelevant facts that only weaken their position.

      The DOJ brief said the Government is presumed to act fairly so Google's suit should be dismissed. The DOJ has our best and brightest?

      But instead of dealing with the real issues it is about distractions. What is this, Reality TV?

      • by Feltope ( 927486 )

        But instead of dealing with the real issues it is about distractions. What is this, Reality TV?

        Well since your talking about our government I am forced to ask one question. Is that a rhetorical question?

      • by Nyder ( 754090 )

        ...This was the worst bit of reporting I have seen from Groklaw,...

        Well to be fair, Groklaw already put in it's notice and is probably slacking the last bit till it's out of here.

  • by Derekloffin ( 741455 ) on Thursday April 14, 2011 @05:15PM (#35822830)
    When I first heard of this story, I thought it was just some government agency not dotting it's 'i's in the paper work. Now it's really starting to look like some serious BS was going on.
    • by TubeSteak ( 669689 ) on Thursday April 14, 2011 @06:55PM (#35823750) Journal

      Now it's really starting to look like some serious BS was going on.

      A lot of government procurement involves someone writing a list of requirements that can only be met by one company.
      Sometimes it happens at the agency level, sometimes the requirements are attached to congressional appropriations.
      Either way, it happens. A lot.

      • Either way, it happens. A lot.

        Is that somehow mutually exclusive with it being "serious BS"?

        • by Fjandr ( 66656 )

          No, I think the issue was with the "starting to look" part. The start was long ago. We're well into this being run-of-the-mill behavior in government contracting.

      • In this case, it looks like the requirements were only met by one company, but they chose the other one anyway.
  • by npsimons ( 32752 ) *

    This is precisely why I tried modding the original FUD article down in the firehose. Anyone with half a clue and more than a few years experience in computing could have told you that Microsoft was most likely lying.

    • How can you tell when a Microsoft spokesman is lying?


      His lips are moving!

      Perhaps, like Jon Kyl's remarks, this was "Not intended to be a factual statement!"
      • Re: (Score:2, Insightful)

        by WindBourne ( 631190 )
        nah. more like his heart his beating. MS spokesmen are all too happy to lie on-line as well.
        • All vendors play these games, Nicrosoft just happens to be damned good at it.

          Remember their EAL certification on NT? So long as there wasn't a network port or floppy drive installed on the machine, that part buried in the fine print of course.

          Or adding the POSIX subsystem to NT to meet a bid spec. Because of course whoever wrote the spec never imagined somebody would write a whole POSIX implementation, get it certified POSIX and then just ignore it. Because I don't think anyone can point to a single damn

      • How can you tell when a Microsoft spokesman is lying?

        His lips are moving!

        I'd say it's on those days that she (or he, let's not be restrictive) isn't buried in a grave with a stake through their thoracic cavity (where their heart used to be), their heads cut off and their mouth stuffed with garlic.

        Perhaps we should nuke Redmond from orbit, just to be sure.

    • Re: (Score:1, Informative)

      by cbhacking ( 979169 )

      Actually, I don't recall a single place where MS said their offering was FISMA certified. They weren't saying "Our offering is and Google's isn't, so choose us!" they were saying "Google is saying their oiffering is certified but it's not; they're lying to you." So far as I've seen, this is true. Microsoft never tried to hide that their offering wasn't certified yet, they're just a vendor calling out their competitor for lying to the client (the government).

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        The reason MS falsely claimed that Google wasn't certified was to deflect attention away from their own lack. MS not having certification is just the motive for the lie.

        • Not really, Goggle just got caught out by claiming something that was not entirely true and MS took advantage just like I have no doubt Google or any other competitor would have done the same if given the same opportunity.
          • Re: (Score:3, Informative)

            by Anonymous Coward

            What Google said was completely true. Microsoft had a mole inside the government who claimed Google was lying but it was the mole and Microsoft who were lying, not Google. The GSA, who is responsible for FISMA certification said Google's offering was certified. FTFA:

            We [Google] take the federal government's security requirements seriously and have delivered on our promise to meet them. What's more, we've been open and transparent with the government, and it's irresponsible for Microsoft to suggest otherwise.

            Let's look at the facts. We received FISMA authorization for Google Apps from the General Services Administration (GSA) in July 2010. Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system. It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application.

            This was reflected in yesterday's Congressional testimony from the GSA: "...we're actually going through a re-certification based on those changes that Google has announced with the 'Apps for Government' product offering."

            FISMA anticipates that systems will change over time and provides for regular reauthorization -- or re-certification -- of systems. We regularly inform GSA of changes to our system and update our security documentation accordingly. The system remains authorized while the changes are evaluated by the GSA. We submitted updates earlier this year that included, among other changes, a description of the Google Apps for Government enhancements.

            • .mod parent up, informative. Th bolded quotes are a revalation to me. I'm no Google fanboi (I use yippy), but it looks like Google was a lot more forthright than MS, of course the bar MS sets for ethics is not very high, 2 femtometers max, at a guess.
              • Huh, Microsoft only repeated what the DoJ said:

                On December 16, 2010, counsel for the Government learned that, notwithstanding Googles
                representations to the public at large, its counsel, the GAO, and this Court, it appears that
                Googles Google Apps for Government does not have FISMA certification.

          • What Google said was entirely true, as you'll find if you RTFA. Yes there's a lot of words there, but if you can't be bothered to read them, don't bother to comment.

        • The reason MS falsely claimed that Google wasn't certified was to deflect attention away from their own lack.

          Untrue. FISMA certification in advance was not a requirement, and so was irrelevant to the contract at issue. MS raised the issue about Google to distract attention from the fact that Google's substantive claims about the contract being improperly given to Microsoft without allowing competing bids was correct.

      • by Anonymous Coward on Thursday April 14, 2011 @06:34PM (#35823554)
        The GSA themselves have declared that Google's product is indeed FISMA certified ( http://gcn.com/articles/2011/04/14/google-fires-back-on-fisma-certification.aspx [gcn.com] and http://www.businessinsider.com/dear-microsoft-you-owe-google-an-apology-2011-4 [businessinsider.com]) so Google's original argument that the Department of the Interior did not give Google fair consideration when selecting their vendor as Microsoft did not have FISMA certification is still valid. From what I understand, all this does is put more egg on Microsoft's face (along with the officials involved in vendor selection at the Department of the Interior).
      • So far as I've seen, this is true. Microsoft never tried to hide that their offering wasn't certified yet

        Steve, is that you? Naaa, can't be. It's been a while since you've been reported as throwing chairs so even if you're on your meds no way the response would be that calm.

        It's as far as you've seen because you've got Microsoft logos painted on your glasses. Read the article. The GSA stated that Google's offering was FISMA certified since July 2010. Since they're the ones who do the certifications I'd say that makes a pretty strong case as to who's lying here (it's Microsoft, in case you're still too dense to

      • Microsoft never tried to hide that their offering wasn't certified yet, they're just a vendor calling out their competitor for lying to the client (the government).

        Except that it is and was [businessinsider.com] certified, according to the GSA (which issues the certifications).

      • by gaelfx ( 1111115 )

        I had assumed the reason that they mentioned Microsoft's cloud services not being FISMA certified was that the government is still using Microsoft's services...or did I misunderstand something?

      • "As far as you've seen" must not involve reading TFA you're commenting on.

  • I believe part of Google's complaint was that additional cost in the government's Microsoft solution was going towards funding in the process of achieving FISMA certification (apologies, but no citation).

  • by v1 ( 525388 ) on Thursday April 14, 2011 @05:36PM (#35823030) Homepage Journal

    NOT goatse [dilbert.com]

  • by WindBourne ( 631190 ) on Thursday April 14, 2011 @05:37PM (#35823036) Journal
    The fact is, that SCO was NEVER about SCO or Unix. It was MS and Sun behind this. Now, MS has moved on to many many more targets. She is needed more now than ever. If I were in Google, I might consider ways to help her out financially.
    • That seems unwise. If they pay her then all we'll ever hear is how she's on their payroll, regardless of the quality of the work she does.

      If the problem is money then if anything, we should pay her. Anyone feel like starting a "Save Groklaw" fund?

    • As far as I recall, money isn't the issue. She just wants to move on and do something else with her life. Which is understandable.

  • by xkr ( 786629 ) on Thursday April 14, 2011 @05:46PM (#35823116)
    I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?
    • Re: (Score:2, Insightful)

      by sco08y ( 615665 )

      I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?

      This FUD got Google dragged before the US Senate, so it's pretty newsworthy.

      • by ackthpt ( 218170 )

        I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?

        This FUD got Google dragged before the US Senate, so it's pretty newsworthy.

        Yeah, it's not like the House where just about anybody can get dragged before it.

    • by turbidostato ( 878842 ) on Thursday April 14, 2011 @06:55PM (#35823748)

      "I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?"

      As a student of history you should know that FUD was an IBM invention, Microsoft is just an advanced student.

      • If you want to be pedantic, the tactic has been in use for nearly all of human history, and the acronym was coined by Gene Amdahl (but yes, he was talking about IBM).

  • by flimflammer ( 956759 ) on Thursday April 14, 2011 @05:48PM (#35823134)

    Am I not mistaken that Microsofts original claim was that Google claimed to be but were not, essentially calling out their lie? Did Microsoft also claim they were and this proves them to be lying as well?

    • Re: (Score:3, Interesting)

      by Derekloffin ( 741455 )
      I would say the claim was implied since they were producing the product that was competing. If the certification was irrelevant, than bringing it up (particularly falsely as they did) is highly suspect.
    • Re: (Score:2, Insightful)

      by cbhacking ( 979169 )

      Microsoft never claimed that their offering was certified. Their claim was that Google was lying by claiming a certification that Google didn't have.

      Apparently some people who have more hatred for MS than reading comprehension skill have twisted this into a claim that Google was pretending to have a certification that MS already has. That's not the case.

      • Re: (Score:2, Insightful)

        by BasilBrush ( 643681 )

        Microsoft never claimed that their offering was certified. Their claim was that Google was lying by claiming a certification that Google didn't have.

        And that claim by Microsoft was in fact the lie, and Google wasn't lying.

    • Re: (Score:1, Troll)

      by tgd ( 2822 )

      No, but this is Slashdot and the reality distortion field is the rule where certain topics are concerned.

      The poster sending it is not surprising, neither are the anti-microsoft drones replying, but it surprises me that the editors would let a story like this through. I mean, seriously, the last story in here talked about how part of MS's proposal involved the certification process, and the problem was Google was claiming they were cheaper and didn't need the certification.

      Google was, and is, the one lying.

      T

      • by xactoguy ( 555443 ) on Thursday April 14, 2011 @06:36PM (#35823574)
        The GSA has declared that Google's product does have FISMA certification [businessinsider.com] so (at least on this point) they are not lying.
      • There is no gaffe. I know from first-hand experience that PJ spends a couple of days researching before she publishes anything. And I also know that she prefers to go straight to the original sources (such as the gov't) instead of quoting all the other journalists.

        • Then why do we have the misleading article, summary and misleading headline here? "turns out MS didn't have certification"? Huh? When did MS ever claim to have certification? It's just made up by Groklaw.

        • by man_of_mr_e ( 217855 ) on Friday April 15, 2011 @07:36AM (#35827356)

          You do, huh? Then explain why PJ is making a big fuss over something that never happened.

          Microsoft wasn't saying that Google should not be chosen because they weren't FISMA certified, they said that the Department of Justice, in court documents, stated that Google Apps for Goverment was not certified, and that the DOJ claimed that the GSA did not view them as certified. This is not an implication that their (MS's) product was certified, just that Google's wasn't as Google claimed. Somehow PJ inferred a claim that wasn't there, and then proceeded to make a big stink about said non-existent claim. Yeah, that's good research.

          Googles response seems a bit odd. They claim that their Google Apps Premier certification carried over to the Google Apps for Government product, even though they admit that GAfG has several significant differences from GAP that requires it to be recertified, and that recertification was not yet complete. It's a bit like driving on a temporary drivers license, technically you have a valid license, but it's under review.

          Claiming that GAfG was FISMA certified in their bid, and failing to mention that it needed to complete recertification was certainly misleading (the term Microsoft used). What if GAfG was chosen (specifically because Google had claimed it was certified) and then it failed recertification? What if the changes Google made proved to be insecure?

          I think it's certainly understandable that Microsoft interpreted the need for recertification as admission that GAfG wasn't certified. That would seem the logical conclusion. If GAfG was still certified through the GAP certification, then that would be an incorrect (but logical) assumption.. especially given that the DOJ documents made the claim of lacking certification.

          People in the blogosphere seem to be quick to throw the word "lied" around. Even Microsoft didn't say google Lied. In fact, Microsoft merely stated the fact that the Department of Justice made the claim that GAfG wasn't certified. The DOJ also made the claim that the GSA didn't view GAfG as certified. So it was apparently the DOJ that was wrong about the GSA's views.

  • "And yet, the Department of the Interior chose Microsoft for its email and messaging cloud solution, instead of Google's offering even though Google today explains that in actually its offering actually is"
  • by wheresthefire ( 584897 ) on Thursday April 14, 2011 @06:01PM (#35823280) Homepage
    Since when is a legal brief by one of the litigating parties an unbiased source of "facts"? Everything in this post and in the link is stated as fact, yet all of it comes from a single legal brief filed by Google. I thought /.'s standards for journalism were a little higher.
    • Since when is a legal brief by one of the litigating parties an unbiased source of "facts"?

      If you actually read the article you'll find that it's clearly stated that the initial information is from a Google brief and therefore may be biased. And then you'll find in the update to the article that the GSA, who grants the certifications in question, clearly states that Google's claims in the brief are true. That may be just a slightly less biased source supporting Google's claims in the brief.

      • However, the Department of Justice rejected Googles claim that it was certified, and they claimed the GSA did not view it as certified. So, both sides seem to be at odds over what the GSA actually did or didn't do.

  • Wrong terminology (Score:1, Insightful)

    by Bunzinator ( 1105885 )
    It calls Microsoft's FUD 'irresponsible.'? 'Fraudulent' would be a better adjective.
    • "Fraudulent" is the part where they claimed that Google service lacks certification.

      Making such claims while not having certification themselves, is the "irresponsible" part, as bringing it up implies that Microsoft has it, and that is the reason why it is supposedly superior.

  • "If you were as puzzled as I was by the blog fight, as Geekwire calls it, between Google and Microsoft over whether or not Google was FISMA certified, then you will be glad to know I gathered up some of the documents from the case, Google et al v. USA, and they cause the mists to clear. I'll show you what I found, but here's the funny part — it turns out it's Microsoft whose cloud services for government aren't FISMA certified. And yet, the Department of the Interior chose Microsoft for its email and messaging cloud solution, instead of Google's offering even though Google today explains that in actually its offering actually is. It calls Microsoft's FUD 'irresponsible.'"

    Editors!

  • I like how the Groklaw article ends -- to quote
    -quote-
    Guys, don't you realize by now that Microsoft is Microsoft? You don't remember Get the Facts? All those "independent" studies that found Microsoft products to be the best thing since someone invented the wheel? Forewarned is forearmed.
    -end quote-

    keep in mind that
    " We are the Microsoft .You will be assimilated . Resistance is futile !

  • Learn your place & buy Microsoft(TM) or we'll turn you off!
  • Boy, talk about a agency with a bad record for IT issues. Isn't DOI the agency that was told by a court to disconnect from the Internet for their miss-dealing with the Indian Nations. Bozos. http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2352 [ibls.com] Yea I can believe they made the choice before they let the RFQ.
  • Now that's something new ... has never happened before, better take note!

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...