NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
 
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

 


Thu, May 1, 2008 19:02 EDT

The Challenge Open Source Presents to CIOs, Part II: The Solution

Topic: Enterprise Management

Blog: The Open Source

Current Rating: 5 Comments: 3

“The important thing is to plan a strategy, to set guidelines on where and when open source products are to be used. IT shops are scrambling to set open source policies, but almost no one has implemented one with any teeth.”--Mark Driver, Gartner Group

In last week's posting, I discussed the challenge open source presents to CIOs. In it, I analyzed an interaction between Sun CEO Jonathan Schwartz and an unnamed CIO, who professed that no open source was used in her organization and then was surprised when Schwartz noted that 1300 downloads of MySQL had gone into the organization in the previous six months.

I went on to describe the risks this kind of invisible open source use presents. The most obvious -- and the one usually focused on -- is the legal risk: if you don't know you're using open source, how do you know whether you're complying with its license obligations? However, as I said, this is actually a smaller risk compared to the operational risk of having unknown software components inside the company's infrastructure: how do you offer SLAs, ensure proper support coverage, and develop appropriate employee skills when you don't even know what you're running?

I often hear from people that they don't understand why open source should be handled any differently than any other IP. Put another way, this question might be phrased, what about open source causes it to be different than proprietary software? After all, both proprietary and open source software are both copyrighted intellectual property distributed under a license, so they must be the same, right?

The reason open source requires implementing a new set of processes reflects the fact that existing processes are configured around the practices and assumptions of proprietary software, which are not present due to the unique licensing and availability of open source.

Consider the usual flow of obtaining proprietary software:

  • Software engineer recognizes need for new software component
  • Software engineer consults with manager
  • Manager builds business case
  • Manager consults with finance, legal, and procurement
  • Manager obtains budget
  • Procurement creates RFP
  • Company obtains software
  • Engineer implements solution

As you can see, there are many steps and many organizations involved in this process. While the process can require an extended period to execute, it provides the opportunity for the entire organization to become aware that new software is going to enter the company's infrastructure. In other words, this process ensures no surprises, because all affected parties are involved.

By contrast, consider the usual flow of obtaining open source software:

  • Software engineer recognizes need for new software component
  • Engineer downloads open source component
  • Engineer implements solution

The ease of downloading open source addresses one of the major complaints about IT: everything takes too long. Using open source enables IT organizations to be far more nimble and creative. Unfortunately, if you compare this process with the proprietary-focused process, you can see what it lacks: the opportunity for other important groups to become aware that this new software is going to enter the company's infrastructure. That is to say, open source decisions never enter the established process because no permission, and, crucially, no budget is required to obtain it. Since the established processes are typically triggered by the budget process, open source use is essentially invisible to the organization.

Clearly, as the quote from Gartner VP Mark Driver indicates, IT organizations have to put policies in place to

You do not have flash or javascript support.
Average (1 vote)
5
 
 
Mon, May 5, 2008 12:48 EDT
Anonymous user
Posted by: Mike3s
Rating:

You imply that organizations have their act together on non-open source software licensing, but maybe that is not the case either. How many developer licenses are in use in non-developer groups? How many license keys are copied to more than one internal server? How many license violations are taking place within the organization?

This is the same problem IT has faced since the 80's - if the company doesn't purchase an unlimited enterprise license, then you have to manage how all software is installed and deployed.

 
Wed, May 7, 2008 13:05 EDT
Anonymous user
Posted by: Original author
Rating:

Dear Mike3s:

You're absolutely right that tracking proprietary licenses is important and often mishandled, meaning that processes regarding proprietary licenses are important as well. A key difference is that someone, somewhere, will have purchased a proprietary license; the organization has a record somewhere that it owns a license, it just isn't tracking use correctly.

By contrast, open source can be downloaded without anyone other than the downloading employee being aware of the fact, which makes it impossible for someone charged with tracking license use to even be aware of it.

I guess what I'd say is that it's critical for IT orgs to have good processes to track proprietary license use and it's also critical for those processes to be examined and modified to ensure that open source use is tracked as well. That's the theme of the whitepaper I created and mentioned in the original posting.

 
Sat, May 31, 2008 18:47 EDT
Anonymous user
Posted by: mike_n_buck
Rating:

I'm not sure that this applies to all IT departments. Indeed, if opensource is procured in the way described in the article then I would suggest that this highlights a discipline problem in the IT department. The implementation of new software should follow a disciplined process that finds the most appropriate tool to deliver business value - it shouldn't matter if this tool is open source, a package or an inhouse development. In each case the same policy should be followed that ensures that value is maximised and risk in minimised.

An organisation should look to bolstering this policy with strict installation guidelines, security reviews and automated software license audit tools. In this way, risk is minimised and innovation can be allowed to flourish

Post new comment

* Subject:
* Username:
* E-mail:
The content of this field is kept private and will not be shown publicly.
Homepage:
* Body:
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <strike> <p> <br>
  • Lines and paragraphs break automatically.
More information about formatting options

* Denotes required field.

About this Blog

News, views and updates from the fast-growing world of enterprise open source software.

Hot Conversations

Take My Windows 7 Please: A Resale Tale

Posted by Shane ONeill in News | 6 comments

Creating a Privacy Policy Part V

Posted by Ariel Silverstone in Best Practices | 1 comments

Start a Conversation
Click to post

Got something to say? We want to hear it! Click the Post button to get started. GO»

EXPERT ADVICE
See our roster of experts.

Advice & Opinion from more than 113 of IT's most insightful thinkers.

  PARTNERS       WEBCASTS    
 

Windows 7 Webcast Series

There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.

Sponsored by Microsoft  Listen to on-demand Recordings »

 

Service Level Management Best Practices Life Cycle Overview - Improve Service Levels

Best practices for Service Level Management (SLM) is a process for consistently meeting customer requirements and delivering on IT's promises. See the steps required to ensure high-quality SLM.

Sponsored by Compuware  Read this White Paper »

 

Keeping Your Members Safe from Online Scams and Predators

In order to keep fraudsters out, romance sites must deploy effective solutions that look at information independent of what is supplied by users. A device fingerprinting solution such as iovation ReputationManager™ provides unique insight into the computers being used to create multiple accounts and exposes hidden device-account relationships that identity-based fraud solutions often miss.

Sponsored by iovation  Read this White Paper »

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

Defend Against Blended Threats: What You Need to Know

Blended Web and email threats are becoming increasingly complex and represent a huge...  View Now »

 

Prescriptive Actions to Reduce Risk

In this Webcast, learn best practices for effective systems management in a heterogeneous environment and keep client systems cost under control.   View Now »

 

Webcast- Vantage 11: Redefining Application Performance Management

Compuware's latest release, Vantage 11, is a major advance in end-to-end application performance management--bringing together proactive issue identification, quantification of business impact and problem resolution into a single solution. Tune in to learn how Vantage 11's top-down approach helps you make better decisions and dramatically lower operations costs.  View Now »

Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

 
NEWSLETTER

Sign-up for the Blogs & Discussion Newsletter

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

See how AT&T can help protect your network.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

Increase UPS efficiency without sacrificing protection.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Interactive Q&A helps you discover key ways to maximize IT assets.

Ready to virtualize tier one applications? Check your virtualization maturity.

Think you can't afford a Cisco Switch? Cisco Catalyst Switches are now more affordable.

Five minute business analytics assessment. Immediate results.

The Case for Investing in Business Analytics Technology. Read white paper.

White Paper: Right-Sizing Your Power Infrastructure

Webcast: Unleashing the Power of Customer Data

White Paper: Managed Security for a Not-So-Secure World

SharePoint - Unchecked growth of content is unsustainable.

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

Five-Step Mobility Management Plan

White Paper: Next Generation Remote Infrastructure Management

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity

World-class trading technology solutions from NYSE Technologies.

If You're Paying for Telecom, You're Paying Too Much. Contact Asentinel Today.

Trade-In your old printer and save up to $1,000 plus free recycling!

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Live Webinar: Applying Business Analytics. Click here to learn more

White Paper: 4 Customer Service Myths

Mobile Security: The Essential Ingredient for Today's Enterprise

White Paper: Improve Agility with Operational Responsiveness

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

Learn How Web Site Performance Impacts Shopper Behavior

IDC White Paper: CCM for IT Compliance and Risk Management

Tolly Group Lab Test Results: Cisco vs. ShoreTel