Research Report: "Open Source in the Enterprise", a Review
This is a review of a relatively new resource, called Open Source in the Enterprise (OSIE) by Bernard Golden. The report's raison d'être is to help companies to decide if open source applications are right for their enterprise, and if so, how to implement it intelligently.
In OSIE, Golden runs you through the issues you'll likely confront while deciding whether to adopt open source. It is published by O'Reilly as part of its Radar Report series, which the company bills ones that "provides corporate clients with early insight into technologies that may either disrupt their business or provide new, high-growth markets."
Judging by the content and tone, the target reader is an experienced IT manager with minimal knowledge of open source. Those using open source already will find it interesting and informative, reinforcing what they already know.
The report appears to be a good fit for the author Golden, who is CEO of the firm Navica, a management consulting firm “focused on open source and innovation.” He also authored the book Succeeding with Open Source by Addison-Wesley.
It is quite clear that Bernard Golden is an open-source advocate. He is confident enough in it to say that it is good for all businesses, asserting that “it’s clear that open source’s many benefits should be attractive to [businesses that have or have not adopted open source], given the challenges that they face.” Despite his predisposition, Golden is aware that arguments and data are what will win people over, so he provides plenty of both.
Golden kicks off OSIE with an introduction to open source, including facts and figures that illustrate how open source has come of age. Some of those figures include the number of projects on SourceForge growing from around 12,500 in 2000 to nearly 200,000 in late 2007 and 1000% average annual download growth. His opening argument for open source is that enterprises are under pressure to reduce IT costs of around 7-8% annually in real terms. The biggest barrier in the way of realizing those cost reductions is the inexorable rise in software-licensing costs.
The facts and figures are set up for the bulk of the report, which is organized around six key adoption drivers that Golden claims exist regarding open source. These adoption drivers are:
- Agility and scale
- Quality and security
- Breaking vendor lock-in
OSIE covers each adoption driver individually in its own section. Golden outlines the extensive array of business conditions addressed by each adoption driver, including many examples of how these business conditions play out in various types of enterprises. Furthermore, he makes a step-by-step for case to argue how each particular trait of open source can help firms to address their IT challenges. Then, Golden illustrates each adoption driver with an extensive case study that illustrates how a particular firm has implemented open source to its advantage. Finally, he closes each section with two succinct sets of bullet points, one that outlines key best practices, i.e. useful action items related to each driver, and another that summarizes potential pitfalls that may arise if one pursues an open-source strategy.
The author also explains clearly in a table format why these adoption drivers exist. Their basis lies in open-source characteristics such as expansive licensing, development transparency, ability to inspect and modify code, the community aspects and redistribution benefits
An Example of an Adoption Driver: Breaking Vendor Lock-In
To give you a feel for what Golden offers in the report, let's explore how he treats the adoption driver called “Breaking Vendor Lock-In”. Golden begins the section by explaining the basics of vendor lock-in, how providers of proprietary software seek to gain a monopoly type situation over their customers and why proprietary software is so 'sticky', or costly to switch away from.
Golden then explains what this stickiness means for software users, elaborating the following consequences each with a roughly one-paragraph explanation:
- Vendors have most of the power in the relationship so customers suffer
- Vendors increase lock-in though implementation of non-standard functionality
- There is little potential price competition for incumbent vendors
- Customers have no control over the pace of feature implementation
- Customers can't modify the product to fix critical bugs
- Customers can't modify the product to better suit their individual business circumstances
- Customers are forced to signal business intentions to potential competitors
For the most part, the author explains the dynamics behind each issue but also sprinkles in several real-life examples. For instance, regarding being forced to signal business intentions to potential competitors, Golden reveals how Microsoft generally wants to sit down and talk with anyone who wants new functionality in its software, saying how it wants to “discuss your plans for what you want to do with our products.” While these examples are useful, it would certainly be advantageous to have even more of them to better understand the dynamics in context.
In the following part of the section, Golden explains in detail how open source significantly reduces the risk of vendor lock-in. These aspects of open source, each also outlined with a paragraph-long explanation, are as follows:
- Source code availability means that customers are not dependent upon the software provider for access to the product.
- Customers are not dependent on vendors for functionality implementation
- Open source vendors have little ability or incentive to implement non-standard functionality
- Open source vendors have no permanent control of the product due to open-source licensing conditions
- Open source licensing enhances price competition
- Open source licensing enhances support quality
Several of these claims are backed up with evidence, such as the fact that Red Hat tends to sit at the top of CIO Insight's annual Vendor Value Survey, as well as how open-source vendors like MySQL charge tens of thousands of dollars for enterprise-wide support while Oracle charges millions.
These sections are followed by a case study of Kaplan Test Prep and Admissions, a division of Kaplan, a $2 billion education-related company. In the half-page case study, Golden explores how Kaplan Test moved from Microsoft and Java “DIY” IT shop to open source strategy, including Linux, Apache, Twiki and Alfresco. Kaplan Test implemented open source gradually in three phases, starting with easier, stand-alone applications and moving later towards and enterprise-wide strategy. Each phase of greater usage of opens-source is explained, and Golden concludes that Kaplan essentially broke vendor lock-in with open source.
While insightful, the case study's weakness lies in its brevity. It would be much more helpful to the reader to learn more than just Kaplan Test's implementation strategy and assume that everything turned out just 'peachy'. How have their experiences been? Where was the effort better or worse than expected? Which applications proved better or worse? What personnel issues arose, for better or worse? Whose support services turned out to be worthwhile? Would they pursue the strategy similarly if they knew what they know now?
Following the case study is a collection of robust suggested best practices,with each having a one-paragraph explanation. These best practices regarding vendor lock-in are:
- Recognize that IT is infusing all future business offerings – and lock-in limits the potential for a company to deliver innovation.
- Analyze your future business offerings against the likely directions of your vendors.
- Identify upcoming projects/applications and analyze for lock-in vulnerability.
The final part of the section is a coverage of issues related to vendor lock-in, again each with a one-paragraph explanation. These are:
- Current vendors will work hard to convince you to adopt incremental functionality in existing applications.
- Avoiding lock-in requires a longer-term perspective and a willingness to direct investment toward viewing IT as a competitive differentiator and requiring in-house skill building. .
Besides the limitations mentioned above regarding the depth of the case study, the section regarding vendor lock-in offers a wealth of suggestions and insights on the implementation of open source.
A Special Adoption Driver: Sovereignty
I personally like the fact that this report doesn't just cover the U.S. or wealthy countries. While the bulk of OSIE offers examples from the U.S., the “Sovereignty” section explores in-depth how open source can be a tool for non-U.S. governments and companies that to do not want to be beholden to entities in other countries that often do not consider their needs. Some of these concerns include local functionality, high costs for poor countries, keeping software revenues 'at home', ensuring national security and the development of native IT capabilities. As Golden shows, the characteristics of open source can be a powerful economic development and emancipation tool.
In this section, Golden offers perhaps the deepest range of best practices and issues to consider.
Other Case Studies
Besides the Kaplan Test case study, the report includes five others, which are as follows:
- In the “Scalability and Agility” section, the author tells how PayPal has used Linux to meet these requirements, including integration with partners' systems. While the case focuses a bit heavily on PayPal's business details, it does explain how PayPal uses Linux to gain business advantages that can only occur rapidly if the source code is available. In addition, the case lacks information about challenges encountered with open source.
- In the “Quality and Security” section, Golden elaborates on the Coverity study contracted by the U.S. Department of Homeland Security that analyzed the software quality of Linux and several other popular open-source projects. The study found open-source applications immensely more bug-free than commercial ones. The only drawback is that it appears that information on this study came only from other publications and not from original data collection by the author.
- In the “Cost” section, the case of Big Lots is used, explaining how the firm chose Jboss Application Platform as its core technology infrastructure. The author explains in sufficient detail the ways in which Jboss improved IT management for the company and saved perhaps $10 million or more. Like the PayPal and Kaplan Test examples, the Big Lots case lacks depth, such as challenges encountered.
- In the “Sovereignty” section, Golden provides two case studies, one from Brazil and the other from northern Africa. In the Brazilian example, he outlines the Telecentros project that uses open source applications to power machines supplying Internet access and computer training in poor neighborhoods. He also describes how the Brazilian government is widely pushing open-source initiatives such as an open e-government interoperability standard, an electronic voting system and its tax system. He also adds a wide variety of examples of how governments in wealthy countries are moving to open source.
The North African example explores the Multinational Information Sharing Initiative (MISI) that allows the U.S. Departments of State and Defense to collaborate with several nations in the region. MISI is unique in that it expressly avoided using any proprietary software from a U.S.-based firm and must work on nearly any device since PCs are rare in the area. Drupal, Jabber and Asterisk are the core application. This is a fascinating example of how open source can make international relations more diplomatic.
O'Reilly Does Its Own Metrics to Measure Open Source
We are all quite familiar with the difficulty of measuring the installed base of Linux and other open-source applications. Who knows how many of us have installed Linux on every machine we can get our hands on with one single ISO we downloaded. To get around these challenges, as well as to focus on the enterprise, the author and publisher O'Reilly took a unique path. They data-mined enterprise Web site job postings to see how many open-source related employees are being sought by large companies and what skills they seek. Both the methodology and results are explained, the latter with interestingly positive results. Also included is a ranking of which open-source applications are in highest demand from both growth and popularity perspectives. The data is fascinating.
Open Source Action Plans: The Icing on the Cake
Golden wraps up the report by outlining three different action plans for implementing open source, one each for early, mainstream and advanced users. While at times basic they are thorough, making them great brainstorm provokers. The nicest aspect of this section is that Golden appears to have a solid handle on what firms at need at different levels. At one end of the spectrum are the 80% of firms who are at the “What, there really is open source at our company?” level and really, more than anything, need to take an inventory of what's going on internally. In the middle are 10% of firms that actively use open source but don't lean too strongly in either direction. Finally, the advanced users, 1% of firms, tend to use open source as a rule and only deviate from the rule when the application is inadequate for the job.
Data sources: The Report draws on research and interviews as well as innovative data mining to describe how enterprises are leveraging open source software in support of their business goals.
Thoughts and Impressions on OSIE
Though one could argue differently, I think that OSIE lacks enough counterweight to help firms make a fully informed decision. Are there any cases, I wonder, where companies came away extremely disappointed with their open-source experiences? Clearly Golden is a dyed-in-the-wool open-source advocate. Otherwise he wouldn't be writing this report. He mission is to make the case for open source to new adopters. Admittedly, at times Golden does put many of his arguments in perspective to be sure the reader knows he is not overly ideological. For instance, Golden reviews the two schools of thought in security, namely the closed “security through obscurity” and the open “security through transparency” approaches - and refrains from dismissing the former as a non-option.
Golden also cautions repeatedly that quality of open source projects can very widely, such that users must do their homework before moving forward. At the same time, Golden doesn't adequately address the issue that some applications simply don't exist in the open-source space, which takes some wind out of the sails of his enthusiasm.
In my view Golden holds a latent assumption that the dynamics of and incentives surrounding proprietary software mean that its developers are nearly incapable of providing a solid product that offers strong value and is secure and maintained well. Certainly the incentives in place with open source are favorable, but one must not forget that while Microsoft can do nearly anything it wants due to its de facto monopoly status on the desktop, most other firms must do all they can to maintain happy customers and that typically many alternatives exist in today's hyper-competitive market.
Golden is at his best in the “Innovation” and “Sovereignty” sections. The “Innovation” section offers scores of concrete ways in which firms are driving innovation forward in ways unimagined just a few years ago. This area shows his depth of knowledge, his range of contacts and the research done to make a report like this possible. Meanwhile, the “Sovereignty” section is especially fascinating since it covers information and case studied not often covered in the mainstream IT press. Furthermore, it offers a wealth of ideas for people in poor countries for using open source as an economic development tool.
OSIE is also strong when Golden is explains each adoption driver, where he lays out the numerous business challenges that exist in enterprises today. When making the case for open source, his arguments are generally convincing because he backs each one up with numerous real-world examples, though in some sections the examples are thin. He clearly did a great deal of research in real enterprises to find out what is going on.
Indeed OSIE is a useful document, especially for those less familiar with open source. It offers not only facts and figures but scores of great examples, arguments, case studies, strategies and potential pitfalls. It is hard to imagine reading this report and not come away excited about open source.
If you are considering a move to open source, certainly read the report, but it would be wise to investigate other information sources to balance out Golden's strident argumentation. Seek out case studies where not everything worked out so smoothly and talk to peers in your industry to get more real-life feedback.
Also, if you are already an open-source convert, perhaps out in the field trying to convince others of the merits of Linux and open source, you'll find a wealth of great material for making your pitch.
Open Source in the Enterprise costs $399 for a single copy, $995 for a 5-user site license.
James Gray is Products Editor for Linux Journal
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The US Government and Open-Source Software
- ACI Worldwide's UP Retail Payments
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- Canonical and BQ's Aquaris M10 Ubuntu Edition Tablet
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide