OpenLogic Blog Open Source Adoption Strategy
October 25, 2019

What Is Your Open Source Strategy?

Open Source
Security

According to Gartner, more than 95% of IT organizations use some form of open source software (OSS) in mission-critical IT workloads. And organizations’ open source footprints are growing annually by 30%. However, more than 50% of open source investments have not resulted in considerable TCO advantages. 

To take advantage of the cost savings, increased agility, and innovative technical capabilities that OSS offers, companies need to create an effective open source strategy. This blog reviews the risks that come with open source adoption, and how to overcome them with an open source strategy based on best practices.

Mitigate Open Source Risks

It is well established that open source software is similar to proprietary software and open core software when it comes to potential risks related to security and software quality. However, the low cost of acquiring and adopting open source software drives rapid adoption of numerous open source technologies as well as an often-overlooked side effect, which is a lack of vendor relationships. Companies in this situation can quickly encounter code-management and code-maintenance issues that slow IT staff efficiency and increase risk.
 
To create a sound open source strategy, first decide whether your organization will:

  1. Take a self-support approach to open source software. 
  2. Or, establish a partner network of vendors for open source services including support.

Option 1: Self-Support 

According to Gartner, at least 75% of OSS policies do not provide any effective results. Why is this? For years, many companies have supported their own open source software, with the help of open source communities and strictly mandated governance process. However as more open source makes its way into IT stacks, successful OSS governance and support requires increased diversity in expertise. Without the right resources and skill sets, OSS governance can quickly drive up overall costs and create a bureaucratic nightmare — blocking the key benefits that the OSS packages were put in place to achieve. 

Option 2: Partner Network 

The alternative and more effective long-term OSS approach is to work with trusted vendors for:

  • Enterprise-level, commercial SLA’s for open source packages.
  • Open core solutions, where the open source technology is commercially packaged with value-added capabilities. 

Both types of solutions help ensure that your OSS security and quality challenges are addressed. However, before you move forward with a commercially provided OSS support solution or open core package, evaluate the benefits of the package’s proprietary extensions and any risk from open-core vendor lock-in. 

Managing Your Open Source Vendors

As you choose your open source partners, consider the following challenges that often arise when working with more than one organization or group:

  1. Inconsistent SLAs: Application stacks are developed by combining many building blocks to work together. Having different SLA’s between interconnecting components such as databases, data-streaming technologies, message queues, and underlying operating systems can delay issue resolution. Any lack of clarity in the responsibilities of the organizations supporting each of your components will exacerbate this challenge — and the associated risks. 
  2. Multi-Vendor Finger Pointing: Production problems may involve multiple packages or be difficult to clearly isolate. Lack of communication between vendors forces IT teams to serve as a mediator, distracting them from addressing the core issues. In addition, vendors, especially smaller niche players, often lack direct communication or escalation channels, which can also slow initial response times.
  3. Disparate Contract Management: As the number of vendors increase, so does the complexity of procurement workflows. Large volumes of contracts — that include widely disparate models for pricing, licensing, legal obligations, and other terms — require significant time to sift through and manage, resulting in backlogs. Working with fewer vendors typically translates into faster procurement and efficiency.  

Improve Your Open Source Strategy With These Best Practices 

If your organization plans to scale its open source footprint, it is essential to keep these best practices in mind when selecting your OSS vendors:

  1. Use the Fewest Number of Vendors to Achieve Your Goals: Minimizing the number of organizations or groups that you work with to achieve your IT goals will always benefit the efficiency of developers, IT administrators, and procurement teams — and lower overall TCO. So, it is critical to choose a single vendor or a small set of vendors that can provide full coverage for your IT stacks as well as the technologies you will need to meet your goals. Another important consideration is checking whether your OSS packages include commercial support, and what the cost is compared with full-OSS-stack enterprise-support offerings. 
  2. Choose the Highest Possible SLA: To avoid delays in resolution, you should confirm whether the vendors you are considering can meet your SLA requirements. Do the vendors have the skills needed to provide guidance, quick diagnostics, and resolutions for your mix of OSS technologies? 
  3. Avoid Lock-In and Favor Flexibility: IT environments are dynamic. Strict vendor lock-in limits development and innovation agility, which slows your ability to meet changing business requirements. Evaluate vendors to see which packages, application stacks, and infrastructure stacks they support, and confirm what level of freedom you have to use interchangeable components. If your business demands a migration from MySQL to Postgres, CentOS to Ubuntu, or Tomcat to WildFly — you want to ensure that you are empowered to make changes, while still getting the support you need. 
  4. Favor Adaptive Services: Innovative vendors that keep evolving their supported open source stacks and services offer an advantage over companies who can’t. For example, let’s say that you implemented a big data stack last year and now you are deploying an infrastructure based on containers that support a data-streaming layer. Can your vendors provide the guidance and support you need to effectively modify your IT using proven best practices?

By following these best practices, you can avoid common OSS-adoption missteps, so that your organization benefits from the freedoms, cost-savings, and technical advantages that open source software offers. 

For more information about open source trends and strategies, read the 2019 Open Source Support Report. 

DOWNLOAD REPORT