Home > Open Source > IDC Study Suggests Security Drives Open Source Technology Deployment In Asia/Pacific

IDC Study Suggests Security Drives Open Source Technology Deployment In Asia/Pacific

I’m still not sure I’ve fully digested the conclusion that this IDC study suggests and I’m not in a position to currently spend $4500 on the full report to do so.  However, I found the article which summarizes the catalysts of Open Source adoption in APAC countries to be very interesting:

The top most influential factor for deploying open source
technology in Australia, Korea, India and the People’s Republic of
China is better protection against security breaches, according to a
survey by IDC. "The results indicate that organizations perceived open
source technology as providing better security compared to proprietary
products," said Prianka Srinivasan, a software market analyst with IDC

Huh.  Really?  Security is the top reason?  That’s intriguing but makes my right eyebrow curl.

survey results also suggest that organizations in India and the
People’s Republic of China (PRC) deployed open source technology more
than their counterparts in Australia and Korea. Furthermore, as
expected, a larger number of small and medium size businesses (SMBs) in
all four countries were deploying open source technology compared to
large businesses.

The IDC survey measured key factors contributing to the deployment
of open source technology. Top factors cited by respondents include:

  • Provides better protection against security
  • Budget constraints
  • Sufficient support from vendors
  • Availability of required functionalities
  • Better management tools and utilities
  • Recommended by fellow industry peers
  • Preference of open standard adoption compared to proprietary products

"Though cost-efficiency remains a key decision factor, the results
also suggest that organizations look forward to leverage open source
technology to primarily fulfill their requirements for specific
functionalities instead of widespread deployment," said Srinivasan.

When segmenting the data by company size, it emerged that SMBs in
all four countries deployed open source technology primarily to ensure
protection from security threats, which is similar to large
organizations in Australia, India and the PRC. Large organizations from
Korea, however, cited better management tools and utilities as the
leading factor.

I get all that and it sounds reasonable if not somewhat out of order.

The part I’m grappling with is that while security is represented here as the number one reason for adoption, I have this funny feeling that in some of these "developing" nations (from an IT perspective) that the word FREE really is the prime motivator and security, management, features, etc. are gravy.  I can’t really argue with the study since I didn’t conduct it, but it just doesn’t jive for me.

I‘m going to (gasp!) step into the role of agent provocateur here and suggest that I’m not convinced that Open Source security software yields a more secure business, especially in the SMB realm.  SMB’s don’t have security experts, so how is it that these folks who can barely install toner cartridges can perform source code analysis? 

I think that perhaps the thought of having many people’s eyeballs on the source code may deliver an advantage as an extended QA function from a security perspective at which point people "feel" more secure but it’s the monkeys configuring and deploying said software one needs to be worried about.

Let’s be real.  Given a choice to download pre-compiled binaries, ISO’s or virtual appliances versus source code that requires library linking and compiling, which route is an SMB going to take?  Right.

The last paragraph from IDC’s tickler really cements my thinking on this matter:

"IDC believes that open source technology and software will appear
in the higher end of the application stack in the coming years.
Commercial vendors of open source software will need to provide
extensive support and training services, as well as address the issues
of interoperability, in order to take advantage of the addressable
market for open source technology in the region," added Srinivasan.

Um, yep.  I’m willing to bet that Open Source will continue to be deployed in these developing countries with SMB’s as a way to offset operational expenditures — at least at first.  Then the issue of long term vendor support will rare its ugly head.   Sometimes the security of "free" is outweighed by the insecurity of "unsupported."

Using the security market as an example, we’ve obviously seen the success of companies like Sourcefire, Tenable and StillSecure with their Open Source and Open Source derivative licensing and support mechanisms.  I guess I’d really need to understand how IDC is defining Open Source in their study because I feel it may have made a difference as to how I reacted.

As we move along, I reckon we’ll see a burgeoning market for companies whose offerings focus on providing general sets open source software support.  They are around today, but the number and type of applications usually prove to be quite small.

From the opposite angle, I think we’ll also see the proliferation of hosted applications in the SaaS realm which are based on OSS and may have tiered levels of usage and support…sort of like GoogleApps but with Open Source.  If it’s hosted, you’ve got a single neck to choke.

What do you think?  If you were in an SMB’s shoes, would you rank security as the number one reason you’d adopt Open Source? 




Categories: Open Source Tags:
  1. Paul
    October 4th, 2007 at 23:42 | #1

    I run a small-scale consulting business in Australia, and despite the fact that i'm a die-hard Free Software advocate (in the GNU sense, not merely Open Source), i think your judgement about cost is fundamentally right. My clients implement FLOSS (Free/Libre and Open Source Software) solutions because they are the only economically feasible way to get the features they want. I would rate flexibility (i.e. ability to tweak the solution to their needs) as the next most important feature, with security and all those other things trailing (as you say, they're gravy!).

  2. October 5th, 2007 at 04:22 | #2

    Chris- interesting article. I am having Dean Drako, CEO of Barracuda on the podcast next week and we will be discussing this very issue. I will be sure to dig in deep on this! Will let you know when it posts

  3. October 5th, 2007 at 04:34 | #3

    Cool, Alan.
    I would think that you and Mitchell would have opinions on this, too.
    It's an interesting discussion in regards to security products, but I'm really interested in other catagories such as office suites. I can't see how "security" is more of a driver than features here.
    At any rate, it's interesting. Please do ask Dean about it. Also, I have a ton of questions regarding the NetContinuum deal with Barracuda…

  4. Walter Williams
    October 5th, 2007 at 12:27 | #4

    Open source allows discovery of backdoors, trojan code and logic bombs much faster than closed source. I reference you to the presentation given at this year's blackhat by Chris Wysopal. https://www.blackhat.com/presentations/bh-usa-07/
    and https://www.blackhat.com/presentations/bh-usa-07/

  5. October 5th, 2007 at 13:22 | #5

    I mentioned that already in my post above, but I question the relevance of this point within the context of an SMB customer.
    Please demonstrate how the HR Manager who also happens to be
    responsible for configuring the UTM appliance purchased from
    Best Buy is in any way capable of performing code analysis…
    it doesn't. It relies on someone much more skilled to do so
    with some reason to do it.
    I maintain again that in terms of the SMB, the average reaction to OSS being more "secure" is a "feeling" propagated by the OSS community which would suggest that thousands of people have
    supposedly reviewed the php script that someone just copy/pasted
    or downloaded prior to uploading it to the company website…
    Again, I *agree* with the premise that exposure should provide
    better defect reduction and one could argue that it has. I
    still don't see how folks suggested that security was THE #1
    reason for investing in OSS. I understand it's important,
    but #1?

  6. October 8th, 2007 at 06:54 | #6

    I come from a 3rd world country and free is not a differentiating factor. The rate of piracy in the 3rd world is so high that commercial software could actually end up having a lower TCO if it is copied 4 times. In fact in Africa Linux is not as widely used as it should be despite promises from Government to promote it and interested parties such as Shuttleworth and Ubuntu trying to push it out.

  7. October 8th, 2007 at 06:59 | #7

    I think that, especially in China, "Security" means "No Secret American Backdoors" more than "Less Vulnerabilities".

  8. October 8th, 2007 at 08:58 | #8

    Allen, those are both very good points, thanks. I suppose that what one might take away from your first comment is that it's just "easier" to copy COTS OS's/Applications and leverage the ubiquity of the support infrastructure than it is to invest in the skills necessary to support a new choice (albeit "free") ?

  9. October 8th, 2007 at 12:53 | #9

    "As we move along, I reckon we'll see a burgeoning market for companies whose offerings focus on providing general sets open source software support."
    Hi Hoff, 1999 called and they want their business model back. True open source one-stop support shops didn't survive the dotcom crash for the most part because if customers were clueful enough to put FLOSS somewhere, they were also clueful enough to run it.
    Support is still a business model, but it's a different focus than before, and there *might* be the install base out there to support general open-source providers.
    Now think about the areas where FLOSS is growing: typically they have an abundance of manpower and a shortage of cash. There is an old saying that Linux is free only if you don't value your time, and I think it applies here.

  10. October 8th, 2007 at 14:05 | #10

    Ah, 1999…
    I understand your comment, but methinks you're not mindful of a couple of important points within the context of the discussion:
    1) We're talking about the SMB here, so the "channel" is likely to soak this up. I wasn't suggesting that we'll have a shop that does nothing but support for OSS but rather it will become a focal point of differentiation.
    2) As we move to SaaS, you'll see built-in support for the applications being hosted, which will also drive the need for service and support — even if it's in the form of a virtual appliance…in fact, one might suggest that really what the customer pays for up-front is the "platform" and the service is really the "rental" and support of the apps.
    Your last statement seems a little contradictory to the story here…SMB's are generally neither flush with cash OR people…

  11. December 28th, 2007 at 03:22 | #11

    IDC Study Suggests Security Drives Open Source Tec…

    Bookmarked your post over at Blog Bookmarker.com!

  1. No trackbacks yet.