Once, techies sold company execs on open source by emphasizing the cost savings. Nowadays, the appeal to the CIO is security and scalability.

Once upon a time, when someone in IT wanted to make use of open source software, it was usually an off-the-books project that didn’t require much in the way of management buy-in. Costs were minimal, projects often were smaller with a couple of people in a single department, and it was easy to grasp what a particular open source project provided. Back then, IT primarily used open source to save money and “do more with less,” letting the department forgo the cost of commercial software.

Times have certainly changed. Yes, software costs are still a factor, and while it is generally true that open source can save money, it isn’t the only reason nowadays to adopt it. While application deployment costs have risen, the direct software cost is a small part of the overall development budget, often dwarfed by infrastructure, scalability, and reliability measures.

As a result, today’s open source efforts aren’t anything like those in earlier days. Open source projects are bigger, their code base is mature, and the adoption process involves greater departmental collaboration. If the CIO isn’t involved in an open source project’s direct sign-off, it is someone else of equivalent rank in the management suite who does. The scope of the project is greater, but so are the payoffs and acceptance by all layers of IT management.

Welcome to the changing world of today’s enterprise open source. There are several reasons for these changes.

Baking in open source security

As more companies are hacked, designing security from the start means finding a well-tested application that reduces the actual cost of securing corporate data. Or businesses are daunted by the energy that goes into keeping up with frequent patches and security updates for custom-built applications. Both of these things happened at Maritz, a large customer marketing and meetings management company. The company’s staff found that open source could reduce the cost of securing its enterprise application portfolio, and it could be more proactive with its overall security posture. That contributing factor led to Maritz going from almost no open source projects six years ago to having nearly a quarter of all its software running on open source, according to sources in its IT department.

Many other companies discovered that improved security can tip the scales in open source’s favor, such as the government VAR SuprTEK in St. Louis. Charles Forsythe, the company's director of IT solutions, says, “With open source, you don't have to wait around for a security patch. If necessary, you can fix the problem yourself. In all likelihood, by the time you learn of a vulnerability in a technology that you're using, someone else has already fixed it and an update is available.” The alternative with commercial software: wait until the vendor releases a patch.

Keeping code up to date

Open source also makes it easier to keep code current. “A build script can now say, ‘Include the latest version of XYZ,’ and it will go fetch it from the repository during the build. Previously, writing open source code involved finding where to get it, downloading it manually, and manually tracking updates,” says Forsythe. This self-service mentality is in keeping with today’s generation of developers, many of whom grew up on open source.

That isn’t to say that open source is always a perfect situation. Even the most avid open source advocate can slip up. Witness the Equifax disaster when the company failed to keep its Apache code updated; the consequence was a massive data breach affecting consumers across the U.S. and U.K.

Emerging technologies are changing our future. A new world is coming. Get the Technology.nxt Report

In the past, open source projects lacked well-developed partner networks. That has changed. Today, the open source community has equaled or surpassed the metrics of the commercial software world. For example, look at Apache’s Spring Framework, an open source application development and version control tool. Pivotal Software, a commercial vendor that was spun out of EMC/VMware several years ago, now administers Spring. And Hadoop has numerous commercial vendors, such as Cloudera and Hortonworks, that offer full support and extensive training classes that are the envy of a typical commercial ecosystem.

This makes the line between open and commercial software harder to distinguish; many open source tools have commercial developers contributing code and running support programs.

Open source adoption is no longer particularly notable. Younger developers grew up with these technologies and turn to them first when they need to deploy software. “A lot of developers are actually more familiar with open source technologies than with the commercial counterparts,” says Forsythe. Developers today start out with a significant open source portfolio, such as Apache, Tomcat, Spring, and MySQL. They are comfortable building their own extensions on top of this technology stack using tools such as Docker, Jenkins, and Ansible.

Five years ago, many of these tools were in their infancy or didn’t even exist. “When I was in college many years ago, open source was just getting underway,” says John Cronin, a 25-year veteran IT architect. “But then open source grew as the Internet became more important, and commercial software didn’t keep up with Internet-based innovations in terms of price and performance.”

Stability? Not a worry

This toolset maturity is a big asset for the open source community. “The stability of the major packages has improved dramatically,” says Robert Matsuoka, chief technology officer at New York-based Citymaps, which is owned by TripAdvisor. For example, Matsuoka feels that PostgreSQL tops any commercial database. “And the breadth of app stacks and other service-level tools have also improved significantly,” he adds.

As a result, many companies are moving to a strategy of choosing open source first. “We only use commercial software where no open source equivalent exists,” says Matsuoka. “In the web software space, most companies use open source as their full DevOps stack. We use hundreds of different pieces of open source now.”

Some companies aren’t as religious, and they mix and match commercial and open source projects as their needs arise. That is a big change from a few years ago, when developers stayed on one side or the other. “One project we have is almost entirely built on open source, except for the database,” says Forsythe. IT determined that only Oracle could handle the large and complex data sets required.

As applications have become Internet and cloud native, they play to many open source projects’ strengths. The major cloud vendors “created an ecosystem that makes a cloud-based solution easy to test drive new products and support them for lower cost,” says Cronin.

This “test-drive” mentality is a strong motivation for open source, because many enterprises are trying new tools as they work to innovate their technology portfolios. “If I want to try something, and it comes with a six-figure software and hardware price tag, it is a lot harder for management to say yes than if it comes with a zero-dollar software cost and a lower hardware cost,” says Forsythe.

Disruptive technologies start as open source

Open source lowers the startup costs for entrepreneurs, who continue to build their software on those foundations. For example, big data, cloud-based services, and advanced analytics have often begun as open source projects, with a prime example being the Hadoop ecosystem.

Enterprises that are building applications to scale are also finding them with open source projects. In the past, that could mean purchasing additional mainframe resources or adding processing or storage to a physical server. In comparison, open source applications can be cheaply and easily scaled up with cloud services. “With open source and good application design, a firm can grow its systems to support 10 times, 100 times, or 1,000 times more workload cost effectively,” says Cronin. “Today’s open source is vastly more scalable than commercial software.”

Cronin points to Amazon’s evolution as an example. Amazon started out using commercial software. It eventually migrated to the company’s own custom tools, which it published as open source when its decision-makers realized that the initial technology couldn’t scale up fast enough and didn’t have the features that were needed.

Open source became more important as Internet-scale companies such as Amazon, Google, and Facebook developed their own code. “VAR support and licensing models weren’t keeping up with the price and performance needs of these Internet-scale companies, where each firm is using thousands or more commodity servers along with technology that could be massively scaled up,” says Cronin. Licensing costs continue to increase, making the decision to migrate toward open source more attractive now.

Open source in the enterprise: Lessons for leaders

Open source projects can improve your overall application security posture.

Many open source projects have commercial vendor support and formal partner networks.

Open source can be used to try out innovative approaches or test drive new applications.

Open source was born on the Internet and can support rapid applications scaling.

Many companies are mixing open source and commercial apps together.

Related links:

Open source-related jobs at HPE