Google Going After Gov Market With Apps Certification

After a year of working on security steps to comply with federal government regulations, Google today launched Google Apps for Government.

Google Apps for Government is the first suite of cloud-computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government, said David Mihalchik, Google's federal business development executive. The Google Apps platform consists of Google Docs, Gmail, spreadsheets, a video tool and Google Sites.

The General Services Administration has reviewed the documentation of the company's security controls and last Thursday issued an authorization to operate, Mihalchik said.

The move will almost certainly intensify the competition between Google and Microsoft to provide cloud-based e-mail service and productivity applications to the federal community, industry observers said.

"The federal government is the golden nugget everyone is chasing,” said David Linthicum, chief technology officer and founder of Blue Mountain Labs.

“FISMA is always being brought up as a hindrance to the government moving to the cloud,” Linthicum said. Google is basically saying that Google Apps is ready to go, he said. “FISMA was a top priority for us," Mihalchik said. The certification was a very detail process that involved Google meeting 200 National Institute of Standards and Technology security controls, testing by an independent organization and a GSA review, he said. The review makes it easier for federal agencies to compare Google security features to those of their existing systems, Mihalchik said.

Microsoft says it is close to obtaining the same certification for a Web-based version of Exchange, a widely used program for managing e-mail that most organizations run on their own server systems, according to a Wall Street Journal article. Google and Microsoft are competing to provide e-mail to GSA.

The government defines cloud computing as an on-demand model for network access, allowing users to tap into a shared pool of configurable computing resources, such as applications, networks, servers, storage and services, that can be rapidly provisioned and released with minimal management effort or service-provider interaction.

Google Apps for Government is hosted in a multi-tenant cloud that conforms to NIST's definition of a community cloud, Mihalchik said.

Google  will store Gmail and Calendar data in a segregated system located in the continental United States, exclusively for government customers. Other applications will follow in the near future, Mihalchik said.

The Energy Department's Lawrence Berkeley Laboratory starting deploying Google Apps for its 5,000 users early this year. Berkeley Labs is using Gmail, Docs, Sites and Calendar, with full deployment scheduled by the end of the year.

The Berkeley lab did its own security accreditation of Google Apps and reviewed Google's documentation before the company had completed its FISMA compliance, Mihalchik noted. The lab is expected to save $1.5 million to $2 million over five years by using Google Apps for Government, he said.

Google also announced that, a humanitarian relief organization funded by the U.S. Navy, is also using Google Apps for Government to provide users with more real-time collaboration capabilities during disasters.

Government movement to the cloud will continue to be an evolutionary process -- agency by agency, division by division, Linthicum said. The offering of e-mail services, which falls into the software-as-a service cloud delivery model, is a logical place for many agencies to start, industry experts have observed.

FISMA compliance for infrastructure-as-a service and platform-as-a-service will be the next step for cloud providers, Linthicum said. FISMA compliance for these cloud delivery models will be more complex, Linthicum noted.

About the Author

Rutrell Yasin is the senior technology editor of Government Computer News (


  • Microsoft Drops 'Solorigate' for 'Nobelium' in Ongoing SolarWinds Attack Investigations

    Microsoft this week described "three new pieces" of malware that were used in the SolarWinds Orion espionage attacks dubbed "Solorigate," although Microsoft security researches are now calling it "Nobelium."

  • Microsoft Universal Print Service Commercially Released

    Microsoft announced on Tuesday that its Universal Print service is now commercially released at the "general availability" stage worldwide.

  • Restoring a Backup to Dissimilar Hardware: 3 Things To Watch Out For

    Getting a new desktop looking and feeling like the old one used to take a long time, but modern backup applications have greatly streamlined the process. Still, there are a few things to keep in mind to avoid potential issues.

  • Black Box

    Microsoft Releases Windows Server 2022 Preview

    Microsoft announced during its Ignite event that Window Server 2022 is currently availability at the preview stage.

comments powered by Disqus