Apps for Government is the first suite of cloud computing applications to receive Federal Information Security Management Act certification and accreditation from the U.S. government. Microsoft also working to obtain certification for Web-based e-mail.
After a year of working on security steps to comply with federal government regulations, Google today launched Google Apps for Government.
Google Apps for Government is the first suite of cloud computing applications to receive Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government, said David Mihalchik, Google’s federal business development executive. The Google Apps platform consists of Google Docs, Gmail, spreadsheets, a video tool and Google Sites.
The General Services Administration has reviewed the documentation of the company’s security controls and last Thursday issued an authorization to operate, Mihalchik said.
The move will almost certainly intensify the competition between Google and Microsoft to provide cloud-based e-mail service and productivity applications to the federal community, industry observers said.
"The federal government is the golden nugget everyone is chasing,” said David Linthicum, chief technology officer and founder of Blue Mountain Labs.
“FISMA is always being brought up as a hindrance to the government moving to the cloud,” Linthicum said. Google is basically saying that Google Apps is ready to go, he said.
Related coverage:GSA Plans email system revamp
“FISMA was a top priority for us," Mihalchik said. The certification was a very detail process that involved Google meeting 200 National Institute of Standards and Technology security controls, testing by an independent organization and a GSA review, he said. The review makes it easier for federal agencies to compare Google security features to those of their existing systems, Mihalchik said.
Microsoft says it is close to obtaining the same certification for a Web-based version of Exchange, a widely used program for managing e-mail that most organizations run on their own server systems, according to a Wall Street Journal article. Google and Microsoft are competing to provide e-mail to GSA.
The government defines cloud computing as an on-demand model for network access, allowing users to tap into a shared pool of configurable computing resources, such as applications, networks, servers, storage and services, that can be rapidly provisioned and released with minimal management effort or service-provider interaction.
Google Apps for Government is hosted in a multi-tenant cloud that conforms to NIST's definition of a community cloud, Mihalchik said.
Google will store Gmail and Calendar data in a segregated system located in the continental United States, exclusively for government customers. Other applications will follow in the near future. Mihalchik said.
The Energy Department’s Lawrence Berkeley Laboratory starting deploying Google Apps for its 5,000 users early this year. Berkeley Labs is using Gmail, Docs, Sites and Calendar, with full deployment scheduled by the end of the year.
The Berkeley lab did its own security accreditation of Google Apps and reviewed Google’s documentation before the company had completed its FISMA compliance, Mihalchik noted. The lab is expected to save $1.5 million to $2 million over five years by using Google Apps for Government, he said.
Google also announced that InRelief.org, a humanitarian relief organization funded by the U.S. Navy, is also using Google Apps for Government to provide users with more real-time collaboration capabilities during disasters.
Government movement to the cloud will continue to be an evolutionary process – agency by agency, division by division, Linthicum said. The offering of e-mail services, which falls into the software-as-a service cloud delivery model, is a logical place for many agencies to start, industry experts have observed.
FISMA compliance for infrastructure-as-a service and platform-as-a-service will be the next step for cloud providers, Linthicum said. FISMA compliance for these cloud delivery models will be more complex, Linthicum noted.