Google releases FISMA-compliant Apps for Government

Cloud-based suite meets federal regs; Microsoft looking to catch up

After a year of working on security steps to comply with federal government regulations, Google today launched Google Apps for Government.

Google Apps for Government is the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government, said David Mihalchik, Google’s federal business development executive. The Google Apps platform consists of Google Docs, Gmail, spreadsheets, a video tool and Google Sites.

The General Services Administration has reviewed the documentation of the company’s security controls and last Thursday issued an authorization to operate, Mihalchik said.

The move will almost certainly intensify the competition between Google and Microsoft to provide cloud-based e-mail service and productivity applications to the federal community, industry observers said.

"The federal government is the golden nugget everyone is chasing,” said David Linthicum, chief technology officer and founder of Blue Mountain Labs.

“FISMA is always being brought up as a hindrance to the government moving to the cloud,” Linthicum said. Google is basically saying that Google Apps is ready to go, he said.

Related coverage:

Are Google Apps and Microsoft headed for a showdown?

GSA Plans email system revamp


“FISMA was a top priority for us," Mihalchik said. The certification was a very detail process that involved Google meeting 200 National Institute of Standards and Technology security controls, testing by an independent organization and a GSA review, he said. The review makes it easier for federal agencies to compare Google security features to those of their existing systems, Mihalchik said.

Microsoft says it is close to obtaining the same certification for a Web-based version of Exchange, a widely used program for managing e-mail that most organizations run on their own server systems, according to a Wall Street Journal article. Google and Microsoft are competing to provide e-mail to GSA.

The government defines cloud computing as an on-demand model for network access, allowing users to tap into a shared pool of configurable computing resources, such as applications, networks, servers, storage and services, that can be rapidly provisioned and released with minimal management effort or service-provider interaction.

Google Apps for Government is hosted in a multi-tenant cloud that conforms to NIST's definition of a community cloud, Mihalchik said.

Google  will store Gmail and Calendar data in a segregated system located in the continental United States, exclusively for government customers. Other applications will follow in the near future. Mihalchik said.

The Energy Department’s Lawrence Berkeley Laboratory starting deploying Google Apps for its 5,000 users early this year. Berkeley Labs is using Gmail, Docs, Sites and Calendar, with full deployment scheduled by the end of the year.

The Berkeley lab did its own security accreditation of Google Apps and reviewed Google’s documentation before the company had completed its FISMA compliance, Mihalchik noted. The lab is expected to save $1.5 million to $2 million over five years by using Google Apps for Government, he said.

Google also announced that, a humanitarian relief organization funded by the U.S. Navy, is also using Google Apps for Government to provide users with more real-time collaboration capabilities during disasters.

Government movement to the cloud will continue to be an evolutionary process – agency by agency, division by division, Linthicum said. The offering of e-mail services, which falls into the software-as-a service cloud delivery model, is a logical place for many agencies to start, industry experts have observed.

FISMA compliance for infrastructure-as-a service and platform-as-a-service will be the next step for cloud providers, Linthicum said. FISMA compliance for these cloud delivery models will be more complex, Linthicum noted.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.