Rational Survivability

I’m still not sure I’ve fully digested the conclusion that this IDC study suggests and I’m not in a position to currently spend $4500 on the full report to do so.  However, I found the article which summarizes the catalysts of Open Source adoption in APAC countries to be very interesting:

The top most influential factor for deploying open source
technology in Australia, Korea, India and the People’s Republic of
China is better protection against security breaches, according to a
survey by IDC. "The results indicate that organizations perceived open
source technology as providing better security compared to proprietary
products," said Prianka Srinivasan, a software market analyst with IDC
Asia/Pacific.

Huh.  Really?  Security is the top reason?  That’s intriguing but makes my right eyebrow curl.

The
survey results also suggest that organizations in India and the
People’s Republic of China (PRC) deployed open source technology more
than their counterparts in Australia and Korea. Furthermore, as
expected, a larger number of small and medium size businesses (SMBs) in
all four countries were deploying open source technology compared to
large businesses.

The IDC survey measured key factors contributing to the deployment
of open source technology. Top factors cited by respondents include:

• Provides better protection against security
  
• Budget constraints
  
• Sufficient support from vendors
  
• Availability of required functionalities
  
• Better management tools and utilities
  
• Recommended by fellow industry peers
  
• Preference of open standard adoption compared to proprietary products
  

"Though cost-efficiency remains a key decision factor, the results
also suggest that organizations look forward to leverage open source
technology to primarily fulfill their requirements for specific
functionalities instead of widespread deployment," said Srinivasan.

When segmenting the data by company size, it emerged that SMBs in
all four countries deployed open source technology primarily to ensure
protection from security threats, which is similar to large
organizations in Australia, India and the PRC. Large organizations from
Korea, however, cited better management tools and utilities as the
leading factor.

I get all that and it sounds reasonable if not somewhat out of order.

The part I’m grappling with is that while security is represented here as the number one reason for adoption, I have this funny feeling that in some of these "developing" nations (from an IT perspective) that the word FREE really is the prime motivator and security, management, features, etc. are gravy.  I can’t really argue with the study since I didn’t conduct it, but it just doesn’t jive for me.

I‘m going to (gasp!) step into the role of agent provocateur here and suggest that I’m not convinced that Open Source security software yields a more secure business, especially in the SMB realm.  SMB’s don’t have security experts, so how is it that these folks who can barely install toner cartridges can perform source code analysis? 

I think that perhaps the thought of having many people’s eyeballs on the source code may deliver an advantage as an extended QA function from a security perspective at which point people "feel" more secure but it’s the monkeys configuring and deploying said software one needs to be worried about.

Let’s be real.  Given a choice to download pre-compiled binaries, ISO’s or virtual appliances versus source code that requires library linking and compiling, which route is an SMB going to take?  Right.

The last paragraph from IDC’s tickler really cements my thinking on this matter:

"IDC believes that open source technology and software will appear
in the higher end of the application stack in the coming years.
Commercial vendors of open source software will need to provide
extensive support and training services, as well as address the issues
of interoperability, in order to take advantage of the addressable
market for open source technology in the region," added Srinivasan.

Um, yep.  I’m willing to bet that Open Source will continue to be deployed in these developing countries with SMB’s as a way to offset operational expenditures — at least at first.  Then the issue of long term vendor support will rare its ugly head.   Sometimes the security of "free" is outweighed by the insecurity of "unsupported."

Using the security market as an example, we’ve obviously seen the success of companies like Sourcefire, Tenable and StillSecure with their Open Source and Open Source derivative licensing and support mechanisms.  I guess I’d really need to understand how IDC is defining Open Source in their study because I feel it may have made a difference as to how I reacted.

As we move along, I reckon we’ll see a burgeoning market for companies whose offerings focus on providing general sets open source software support.  They are around today, but the number and type of applications usually prove to be quite small.

From the opposite angle, I think we’ll also see the proliferation of hosted applications in the SaaS realm which are based on OSS and may have tiered levels of usage and support…sort of like GoogleApps but with Open Source.  If it’s hosted, you’ve got a single neck to choke.

What do you think?  If you were in an SMB’s shoes, would you rank security as the number one reason you’d adopt Open Source? 

/Hoff

u