Google and Microsoft Security Poker: A New Round
April 15, 2011
I ignored the push backs, reinterpretations, and revelations about the murkiness of both Google’s and Microsoft’s security certifications. I was hoping the “security card” story would die a quiet death as the pundits chased the resurgence of RIM with its co-dependent tablet or the Google financial results.
No such luck.
Navigate to “Google Lashes Back at Microsoft over Accusations of Lying.” The story introduces for me a couple of interesting elements. First, this passage sets the tone of the “security card” discussion:
Google said Wednesday it does have FISMA certification from the General Services Administration. FISMA stands for Federal Information Security Management Act. Microsoft said Monday that certification for one agency, the GSA, does not automatically qualify software for another agency, the Department of the Interior. The Department of the Interior had earlier chosen Microsoft’s cloud software over Google. Google sued, claiming the department had not fairly considered its bid, and successfully forced the department to re-evaluate its purchase.
What’s nifty about this approach is that it puts the “debate” in the 10 point font used for government documents. Who really knows what’s inside these “rules of the road”. Agency policies, the role of the General Services Administration, and the notion of duplication of effort within the government may indicate that both Google and Microsoft are on a 50-50 basis.
The other point is the reminder that Google sued a Federal agency. Now, I don’t know about you, but that’s an opportunity for consultants to attend quite a few meetings.
Second, my view is that the “security card” is a potentially corrosive issue within the US government. Calling attention to the idiosyncrasies of how certain security certifications “work” is something that I would keep as part of specific project discussions and out of news releases, blog posts, and other modern conduits.
Stephen E Arnold, April 15, 2011
Freebie