After blasting Google, Microsoft finally gets FISMA certification of its own

Microsoft's government cloud service is now FISMA-certified

When Microsoft called out Google for making misleading claims about FISMA certification, Microsoft was still working on getting its own stamp of approval from the government.

Microsoft just today announced that BPOS-Federal, its hosted Exchange, SharePoint and Office Communications suite, has gotten approval under the Federal Information Security Management Act. You might have thought Microsoft wrapped this up long ago given its criticisms of Google's FISMA certification.

Tech's best rivalry? The 10 bloodiest battles Microsoft and Google fought in 2010

But Microsoft has been somewhat slower than Google in satisfying FISMA requirements, although today's announcement may put Redmond at least temporarily in the lead on this front - or at least until Microsoft has to certify the upcoming Office 365. Microsoft has convinced the U.S. Department of Agriculture to move 120,000 employees to BPOS-Federal.

"We take our responsibility to protect customer data very seriously, and our cloud services already meet some of the industry's most rigorous global security and privacy standards," Microsoft official Eron Kelly blogged. "FISMA for BPOS-Federal is just the latest example."

Microsoft did earn another FISMA certification late last year, but that one covered just its cloud computing data centers, rather than the actual hosted Exchange and SharePoint services. Plus, Microsoft's certification came six months after Google's, so the company was feeling the heat in its battle for government cloud customers. 

This all boiled over recently due to a lawsuit Google filed against the Department of the Interior for choosing Microsoft products instead of Google Apps. As my colleague Julie Bort notes, it was Google Apps Premier that received FISMA certification, not Google Apps for Government. 

Microsoft said "Google's misleading security claims to the government raise serious questions," while Google argued that it was all semantics. "Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system," Google said

A U.S. General Services Administration official reportedly said Google Apps will have to be re-certified because of changes in the product between the Premier and Government editions. But the GSA has deemed Google Apps robust enough to use as its own email platform, and it seems unlikely Google wouldn't be able to obtain the re-certification.

For Microsoft, it has a better story to tell government customers now that its own FISMA certification has been expanded to Exchange and SharePoint online. 

But one big issue remains. BPOS provides hosted versions of the 2007 editions of Microsoft products such as Exchange and SharePoint. Pretty soon, BPOS will be succeeded by Office 365, which is based on the 2010 editions. Just like Google, Microsoft will need to be re-certified, and the differences between BPOS and Office 365 are likely to be bigger than the differences between Google Apps Premier and Google Apps for Government. Given that Microsoft is just now getting FISMA certification for a cloud product that will soon be outdated, who knows how long it will take Office 365 to pass muster. If Google re-certifies quickly, it will at least have certification for the current generation of its service. 

In today's statement, Microsoft said "We plan to pursue FISMA certification and accreditation for Office 365, our next generation cloud productivity suite, after it launches." 

UPDATE: It turns out BPOS for government customers is based on the 2010 versions of Exchange and SharePoint, not the 2007 ones. But Microsoft still needs a new FISMA certification for Office 365. The standard version of BPOS is still based on 2007 software.

Follow Jon Brodkin on Twitter.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT