The reality of implementing open source in enterprises and make a case for its essential role in enabling enterprise opportunities, overcoming…
I started off this year with a blog post on the major cloud imperatives for business leaders in 2022. One of the themes that I briefly touched upon then was to do with the role of open source technologies in core enterprise solutions. This was a particularly important topic for me personally as I’ve been a lifelong proponent of the open-source movement. So, it was rather disconcerting when the Log4J incident attracted major criticism for open source solutions. In this blog post, we shall discuss the reality of implementing open source in enterprises and make a case for its essential role in enabling enterprise opportunities, overcoming challenges, and as a key imperative for any digital leader in the digital age.
Making a Case for OSS
The modern internet and digital economy are built on open source. Just the creation of the internet, open-source stemmed from the academic principles of knowledge sharing. And long before the first IT boom, it had taken root as the backbone of the software industry with tools like Linux, FreeBSD, Apache HTTP and many others, creating the environment that would evolve into the digital economy. This trend has only grown over the past 25 years. A survey revealed that in the last year alone, more than three-quarters (77%) of all organizations increased open-source software usage owing to the spiralling popularity of DevOps tooling, data technologies, and AI/ ML. It also showed that open source skills are also in high demand with talent shortage posing a key hindrance to adoption. And finally, this was reinforced by another study that reported a staggering 92% of all recruitment managers struggled to locate and retain open source talent in 2021. The surge of cloud adoption has directly motivated numerous advancements and growth in open source technologies and solutions than ever before. Market leaders have already outlined the impact of open sources, in conjunction with SaaS and server-less architecture in terms of reduced investment, elimination of infrastructure management, and closing the gap between business and app development.
OSS in the Enterprise
And despite its established history, there are those who hold a different view. These factions believe that open source isn’t suitable for business, and instead, closed, proprietary technology is necessary to manage and offset risks. However, this is only in theory since, in reality, every major opponent of the open-source movement has changed their tune and accepted the cost/benefit trade-off to be immensely favourable to modern business practices. It’s worthwhile to remember that the battle for open source has been decades in the making – with behemoth opponents like Microsoft (who battled open source for 30 years) now becoming one of its biggest contributors. In terms of enterprise use, open-source solutions have been the go-to resource for solving problems that directly generate benefits for enterprises in costs, flexibility, and innovation. It’s abundantly clear that today’s reality and tomorrow’s future are heavily reliant on open source solutions, just as it has been for more than the past quarter-century.
But What about the Security Gaps?
There is an old saying – you get what you pay for, and when it comes to free code, nothing could be truer than that. There is no denying that the discovery of Log4Shell and Log4j vulnerabilities highlighted an important area of concern for enterprise users. Can the open source be considered secure? To quickly understand the content, it’s worth knowing that these numerous vulnerabilities were identified with Apache Log4J. Since it was a widely used JAVA logging library, these vulnerabilities provided a large attack surface that could lead to major data loss or unauthorized access by hackers. As a result, the Log4J revelation made waves across the enterprise landscape, raising many questions and concerns for digital leaders. However, most of the loudest concerns were from those who know frighteningly little about open source. I would go so far as to postulate that these alarmist reactions against open source are motivated by a hurried panic, rather than rational thinking. And such reactions risk maligning the progress of open-source enterprise technology which can result in businesses losing out on its many benefits. Intrust, if businesses were to abandon open source solutions it would be like throwing the baby out with the bathwater – a grave negligence. So, what should digital leaders do?
The Enterprise Imperatives
In a recent State of Security report, it was discovered that 70% of applications showed evidence of open source security flaws, while 80% of codebase libraries were never updated. And while some would see this as an indictment of open source, we only need to read on to discover the real risk – while 92% of library flaws can be fixed with an update, only 21% of developers update these libraries. Perhaps the problem isn’t open source but the people who use it. For practical businesses in the real world, the real takeaway from the Log4J incident is simple – enterprises must foster greater internal accountability when implementing open-source solutions. As the old saying goes – buyer beware. And while this kind of risk isn’t worth it with most acquisitions, open-source is the clear exception. After all, investing in secure code due diligence and updates is a small price to pay for millions of hours worth of developer innovation to address all types of digital challenges. It’s always been an unsaid truth that enterprises seeking to benefit from free open source solutions need to own the risk and mitigate their usage accordingly. Let’s not forget – even paid solutions are not free from failure and never guarantee 100% security or risk-sharing with the user organization. The most important caveat will always remain the obligation for enterprises to remain vigilant against the potential challenges associated with different solutions when it comes to security. The final fact: the power to make open-source secure lies in the hands of digital business leaders who have the power to ensure the necessary testing, monitoring, and maintenance for secure open-source deployment.