The holidays are over and, no matter what Santa brought us for Christmas, it’s time again to shift focus, back to the world of Digital Identity. ForgeRock is a unique player in the Identity and Access Management space, given our Open Source nature and our ability to deliver a comprehensive software stack to solve IAM related business problems.
As we all know by now, open source software has a number of great advantages over proprietary software and I thought I would revisit some of these in this post.
Security
While no software can claim perfection, many recent studies provide a clear indication that if the source code is open for more people to inspect, vulnerabilities and bugs are more likely to be discovered and fixed.
Proprietary software vendors force their customers to accept whatever security their software has, and the pace at which patches and updates are released. In an open source software model, customers have the option of fixing problems themselves or narrowing down the problem and raising the issue to the community for a fix. With closed source software, as a customer, you simply have no idea what surprises the code might have for you.
Customizability
While working in the field, deploying Identity Management solutions at customers, I often cursed the fact that I never had access to the source code - so I could never make minor tweaks, such as adding or altering the behavior of an integration to a target resource.
One of the true advantages of open source software is that business users can pick up any piece of software, modify it to fit their needs and be done with it. Doing that with proprietary software is infinitely more difficult. Often, tricks such as decompiling with JAD must be used, which might be a violation of the license agreement but are sometime necessary just to get the job done.
Quality
Despite the saying “Too many cooks spoil the broth”, there is research indicating that open source software (up to 1,000,000 lines of code) has a higher level of quality, largely due to the transparency and openness of the source code. More qualified developers can scrutinize the code and bug fixes are addressed quicker in a distributed collaboration. In this context, I can mention that ForgeRock OpenIDM has 247,163 lines of code, as of this writing.
Freedom
Selecting open source software is often a conscious decision for a business to liberate itself from the effects of a traditional proprietary vendor’s “lock-in” strategy. Open source software provides its users greater control, better interoperability and access to a, hopefully, thriving community of skilled developers who are well versed in the solution’s source code.
Another important aspect is the ability to take a project forward independently. Consider what happened when Sun Microsystems was acquired by Oracle, who already had an extensive Identity and Access Management stack with significant investments. Oracle made the decision to render many of the open source projects “non-strategic” going forward, essentially allowing the projects to die, but providing others with the freedom to pick these projects up and continue. In this way, open source provides some kind of insurance regarding the longevity of a project.
Flexibility and Interoperability
The ability to make changes to the source code, and the fact that many open source projects are less resource-intensive and do not follow traditional proprietary vendor upgrade schemes, allows you to be more flexible and agile. Many open source projects also take great pride in following standards, which enables greater interoperability with other components. In the time of cloud computing, interoperability has become a critical must have.
It is easy to advocate the benefits of open source software but to all good things there is a flip side and some principal risks. Open source software is often easy to adopt, with a “try before buy” philosophy. This practice can lead to unmanaged software assets, which can introduce technical and potentially legal challenges (such as intellectual property management, audit compliance and security). The community is critical to realising the benefits of open source software. Other questions you need to ask are pertain to the type of open source software license that is used? Is it a viral GPL or a more business-friendly CDDL?
The barrier to entry to any open source software is low and it is important to recognize that this low barrier, combined with the challenges outlined above, can result in high risk at a high cost. The way to mitigate this risk is, of course, to ensure that there is proper insurance in the form of a vendor backing the software. If you decide, for example, to “build it yourself”, assign a set of engineers and maintain the software yourself, be aware that the cost of maintenance increases over time. Even if the initial entry cost is low in terms of staffing, this cost will increase and there is always the risk of competent skills fleeing the company.
The potential risks aside, when open source software is managed properly, the results are cost optimization, flexibility and innovation, which should be on the mind of all CIOs.
Inga kommentarer:
Skicka en kommentar