Open for business

By Joanne Carew, ITWeb Cape-based contributor.

Johannesburg, 24 Jul 2019

Thomas Lee, Wingu.

A third of global enterprise infrastructure decision-makers see expanding the use of open source as a critical or high priority, according to Forrester Research. And by 2020, 90% of software vendors will have developed an open source software (OSS) strategy to stay relevant to the market, compared with 50% in 2017, notes Gartner.

The digital transformation enabler

For Grant Bennett, from SUSE South Africa and Sub-Saharan Africa, open source differs from old monolithic IT infrastructures that struggle to adapt to changing digitalisation requirements. Open source software can adapt quite easily because it’s:

* not bound to proprietary licence costs

* always up to date and more innovative and progressive than proprietary solutions

* looked after and developed by a community of developers and various manufacturers and completely based on open standards, which ensures that the ‘newest’ and ‘best’ offerings are always incorporated

* more agile and flexible

* easier to find security gaps in because numerous experts are constantly working on the open source code.

Years ago, open source was all about some random guys writing code, says Wingu MD, Thomas Lee. The quality was always great because of the peer review process, but you were left to implement and support it on your own. We’ve since seen a huge shift in the open source space; it’s big business now.

The open source battle and the questions around open source are passé, says Muggie van Staden, MD at Obsidian Systems. Everyone should be using open source principles.

Andy Baker, Absa CTO, agrees. “Open source is everywhere. If you go out and buy a product from a vendor, I guarantee you that 80% of it is open source.

“Open source allows for fast and more effective development. The diversity of input is what makes open source innovative – this really is development on demand. Today, people are developing software in order to find a solution and not just for the sake of developing software,” he says.

The days are long gone when open source was only used by startups and smaller companies, adds Grant Bennett, country manager for SUSE South Africa and Sub-Saharan Africa. In fact, today, it’s being viewed as one of the top engines for innovation and is driving mission-critical applications for many businesses across a wide range of industries. Our perceptions around open source have also changed, he adds.

“In the past, organisations looked at open source as a means to reduce development costs. But modern business leaders now value open source for its flexibility, allowing them to easily customise according to their specific company, or industry, requirements. And with these improvements comes an increase in efficiency, innovation and interoperability with other systems,” continues Bennet.

Upping agility

Open source has become an integral part of any modern business’ strategy. Not only is it cost-effective, it also mitigates business risk, enables flexibility and delivers business agility. These innovations really help in cases where businesses may experience spikes in utilisation, notes Wingu’s Thomas Lee.

“Take e-commerce websites, for example, that have to handle the sudden burdens of widely commercialised holidays like Christmas, Valentine’s Day and Black Friday. On days like these, organisations suddenly need more resources to handle spikes in volume. And when they aren’t agile enough, the results can be catastrophic. Consider a large local online retailer that has either gone down or had its service interrupted or affected, twice, on Black Friday. The retailer has learned from its mistakes, however, and has moved into a public cloud, enabling it to scale up when volumes are high.”

Open enterprises not only have more control of their IT infrastructure, but they’re also able to deploy critical IT services in physical, virtual or cloud environments over highly reliable, scalable and secure server operating systems that deliver increased uptime, better efficiency and accelerated innovation. All of this reduces the risk of technological obsolescence and vendor lock-in.

Avoiding vulnerabilities

Let’s face it, information security remains a huge challenge for network and security administrators no matter what platform you’re using.

But the experts assert that open source is, in general, pretty secure.

Despite the communal nature of open source development, and the fact that source code is visible, Bennett believes that open source development has proven to be effective in reducing the number of ‘bugs’ and vulnerabilities in the code.

How? Well, let’s assume you have a team of five developers who are all searching for vulnerabilities in a line of code. You’d double your likelihood of spotting an issue if you increased the number of developers by five. Now imagine if you doubled the size of the group again. What would happen if you had hundreds of developers working on the code? And in the event that an issue was identified, you’d now have a small army of people putting their heads together to fix the problem. But this does put the onus on the organisation to keep their eye out for any patches that may be available.

Introducing Subatomic

When Absa’s Andy Baker talks about Subatomic – or ‘Subby’ as he terms it – his tone is somewhat paternal. A cloud-based, artificial intelligence offering that gives the bank the ability to build secure, repeatable services that can be delivered quickly across various markets throughout Africa, Subatomic is a step-change in how Absa delivers financial services to its customers. While one might expect the bank to keep all the finer details around Subatomic secret, it’s all open source. “I don’t really believe there’s a big place for proprietary code anymore,” notes Baker. “My view is that either you commercialise something – sharing your ideas with the community at a cost – or you make it available to others.”

The reality is that if you sit with a large team of developers writing code that’s only used by Absa, it’s going to die, he asserts. “You just won’t be able to keep up. Even in Europe, I don’t believe that anyone can compete to the quality and scale that you need to if you’re only going to use your own team to work on your products. You have to accept that you need to work within a community of people.”

The value of open source comes down to sharing ideas, expertise and resources, he says, even for businesses like banks, which one would expect to be quite careful about sharing their code with others. Myths about open source and security are no longer valid, he says. It’s actually much safer. “I know that some people still link open source with a lack of security, but that’s no longer the case.

“In everyday life, we believe that if no one else has the combination to our safe, then we can sleep easily knowing that our valuables are secure. But the minute you hand that combination out to others, you’re putting yourself at risk. Software development doesn’t work like that,” he says.

“In the past, when it came to development, your options were ‘build or buy’, but today, open source offers us a mixture of the two. It’s much faster and results in improved quality and lower costs.”

According to the '2019 Open Source Security and Risk Analysis Report’, an enormous number of identified open source vulnerabilities remain unpatched for 10 years and longer, often because organisations have no idea what open source code they’re using and overlook the need to update their open source code on a regular basis to avoid vulnerabilities that could be exploited.

“With so many developers freely contributing to open source environments, there are also a lot of people fixing the problems. This is not to say that there are no security holes in open source. But the holes get found and fixed quickly,” notes Lee.

According to Forrester Research, many corporate legal teams aren't thrilled about open source. Why? Among other things, they worry about security flaws and the implications that go along with not having a signed legal contract because you’re using ‘free’ code. As any organisation starts their open source journey, it’s critical to be prepared for legal delays and pushback. This is likely to change over time as our perceptions around open source code change – some major global firms like JP Morgan and Walmart have already embraced open source innovation.

Open source communities have become the vanguard of innovation, continues Bennett. What’s more, open source software will continue to play a fundamental role in all the dominant technology trends as it’s increasingly being relied on by enterprise businesses around the globe. The growth of OS can only be expected to increase as services and procedures utilising technologies such as cloud, IoT, AI, big data, DevOps and blockchain begin to gain popularity and streamline workflows.

Traditionally, proprietary software is created by a fixed number of developers who are employed to write, evaluate, audit and improve the code, says Lee. In contrast, open source projects see hundreds, or even thousands, of developers working on the same code. “This gives you unrivalled peer review. It’s at least as good as commercial software. Usually better,” he concludes.