Most organisations are affected by the recent wave: use open source to reduce cost. But there are a few pointers that need to be looked into before taking the leap into open source.

While open source does appear to be a fantastic alternative, it comes with a price. Since the price that one pays towards acquiring open source tools is often indirect, it takes a while for the organiaation to realise this. There are pros and cons to open source as there are in proprietary software, but by no means do they take away from the utility of open source.

Depending on Open Source
It is typical of the organisations to start using products like Open Office in the initial phase, before jumping on to the open source bandwagon fully. Some of them the early products including Ubuntu and its variants (like Kubuntu and the Ubuntu Server edition) are popular choices of OS platforms. Other software platforms such as Mozilla Firefox/Thunderbird, Gimp, VLC Media Player, etc., provide good replacements for the classic end-user needs.

HELP!!! I Need Support
A colossal proportion of the IT industry is obsessed with Office suite, a proprietory software spread across end users, system administrators and IT managers.  The reason is obvious, as users recognise basic operations on the systems; administrators know how to troubleshoot; and managers know whom to contact in case of a problem.

Take for instance a situation when someone from finance department starts screaming that salaries won’t be credited on time as an automated macro to be run on spreadsheets has failed, since Open Office is unable to execute it: What does an IT manager do? He is now caught in a big dilemma with regard to seeking the right support.

Open Office with fantastic basic functionality cannot even come close to what proprietary office suites offer, as the knowledge base of such software is often incomplete. There is increased dependency on forums and bulletin boards to help you break away from the problem and resume actual productive work. Although I must admit that these forums are very helpful, they are not certified and competent to support any Open tool.

Most of the open source software relies on plug-ins or extensions to primary software package for added functionality and features. These extensions are not written by the author(s) of the primary package. Also, there are no warranties that those extensions will work or the primary package will continue to support them after an upgrade or a major version change.

Caution about Cost
Yes! More often than not, open source leads to much higher installation cost. No wonder that more than 95 per cent of the end-user laptops and desktops come with a pre-installed copy of proprietary operating system. This operating system comes with effective recovery alternatives. You can easily avail the option of reinstalling the entire operating system without losing any of your valuable data.

The same story holds true for slightly larger enterprise systems like web and database servers. The staff required to manage and administer open source solutions are hard to find and expensive. These solutions don’t necessarily provide off-the-shelf advanced functionality like load-balancing, clustering etc.  A lot of customisation is required to attain the desired functionality and there is no assurance of support.

These customisations come at an extraordinary cost and yet there is no one who can certify or sign on these custom architectures as a guarantee or reliablity. Despite the huge investments made, one will have a crude hack and not a solution.

Reliability: A Big Question
Although many technology conglomerates directly and indirectly support the cause of open source; they have extremely limited financial commitment in these initiatives. Good examples of such angelic investments include, Oracle buying a stake in MySQL and IBM investing in the Apache foundation and Eclipse. IBM’s venture to invest heavily into making its own open source database, Cloudscape, (which is now absorbed into the Apache suite as Derby) has not been a success.

These investments are only to set aside feelings of anti-monopoly and are clearly motivated by sentiments, than business.  If these open source applications were really so efficient and cost-effective then the IT industry would have witnessed a revolution, which again proves the case for proprietary software.

How do I get my updates?
Always bear in mind, this simple principle: “If you are not paying for the product itself; no one is indebted to send you updates”. So if you are running open source systems, please set clear expectations with your business in terms updating and patching to meet newer requirements.
Proprietary software companies on the other are contractually and legally bound to send you critical patches and updates as soon as flaws are detected. They will have their teams sweat it out as soon as a bug or missing functionality is detected.

Many have witnessed proprietary software taking the lead to make itself compatible to Web 2.0, Cloud capability, real-time synchronisation, seamless recovery, etc.

Open Challenges Security
Open source software always capitalises on the security failures of their proprietary alternatives. However, since these proprietary companies are constantly fighting their ‘anti-sentiment’; the real flaws of open source never actually reach the users.

It is critical to find that open source does not have the liberty of incorporating several security mechanisms like code obfuscation and data masking. The confidentiality involved in making such proprietary software eventually pays off.

Since the entire code and all related modules are ‘open’; it takes tremendous amount of time and effort for open source communities to unite and issue an advisory or suggest workarounds; let alone fix vulnerability. On the contrary, proprietary software companies have teams ready to respond to such ‘zero-day’ vulnerabilities immediately. With open source, your best bet is to lurk around some forums waiting for someone actually knowledgeable to post something that might help you.

Another simple explanation for security flaws in open source software is the absence of dedicated professionals and teams to address security problems independently. These professionals only address security risks and functionality. The presence of such teams inculcates a maker-checker mechanism that ensures product superiority. Therefore, they cannot be expected to react spontaneously and fix the flaws.

Dhananjay C Rokde is Global Head, Information Security, Cox & Kings Group.