Open source can create new opportunities for businesses, but they must be wary of the challenges around security, support, and scalability.
Open source software has the potential to drive innovation and collaboration across an enterprise, and can transform the way developers work together.
"Open source is now part of the evaluation criteria when deciding on a software platform, so much so that it is expected," said Matt Ingenthron, senior director of engineering at Couchbase. "In this way, open source has somewhat faded into the background in a positive way. Just like no consumer would inquire if a mobile phone had internet access or text messaging, choosing an open source solution is almost always an option."
This trend will likely continue into the future, as more people adopt software with the view that an open source solution can be as trustworthy as a closed one, Ingenthron said. However, many ongoing challenges will likely remain.
SEE: IT pro's guide to working smarter with Linux (Tech Pro Research)
Here are eight hurdles that IT departments must overcome to achieve success with open source.
1. Lack of ongoing support
Unlike commercial suites, open source products lack ongoing support, said Mitchell Kavalsky, director of security governance and risk at Sungard Availability Services.
"Using open source can sometimes be like using proprietary software that has reached its end of life and is no longer supported," said Kavalsky said. "You can still use it, but need to be prepared to handle any issues without a trusty 1-800 number to call for support."
This also means that open source users must continuously update their software, said Jeff Williams, CTO and co-founder of Contrast Security. "You should make a practice of updating open source regularly even if it means changing your code," Williams said.
Open source projects require a lot of documentation, said Jamie Sun, a software engineer on the data infrastructure team at LinkedIn. They must include clear comments in the code, change descriptions of pull requests, links between different issues, and user-friendly wiki documentation, Sun said.
"To allow more people to understand the project and get onboarded, we need to keep better documentation," Sun said. "This does not necessarily mean documenting every detail, however. Documentation might sound easy at first, but it actually requires lots of practice to improve."
3. The overwhelming number of options
With so many options on the market, enterprises should consider the maturity of the open source products they adopt, and choose carefully, Williams said.
You should also take into account the software's track record, Kavalsky said. For example, Linux has a 26-year history, a strong community backing, and a long list of major organizations that use it, including Google, NASA, and the US Department of Defense. "With a resume like that, it poses a much lower risk to your organization," Kavalsky said.
SEE: Vendor relationship management checklist (Tech Pro Research)
While commercial entities exist behind many open source software products, it's important to keep in mind that some products are open sourced only because they did not receive commercial success and are looking to increase market share, said Erik Gfesser, principal architect at SPR Consulting.
"Due diligence should be performed around the adoption of open source for the enterprise just like the adoption of commercial, because there are implications behind every technology choice," Gfesser said.
4. Security challenges
Open source tools are often highly secure, as there are many sets of eyes on the software beyond those of the authors, said Isaac Murchie, director of open source at Sauce Labs.
However, organizations need to make sure that effective security practices are built into everything they do with these tools, said Stuart Scott, security specialist at Cloud Academy.
"It's more secure than you think, but make sure it aligns with your current cybersecurity strategy," said Madhup Mishra, vice president of product management at VoltDB. "Ultimately, you can establish and enforce restrictions around who can access and make changes to the code, so it's important that those rules align with your existing cybersecurity strategy."
5. Hidden costs
While the idea of attaining software that is free and open to modifications is compelling, the actual cost may include a number of added components, said Andriy Zhylenko, CTO of PortaOne Inc. These might include the developer or system administrator's time spent merging their modifications with the latest release.
"When selecting an open source system it is important to consider the true total cost of ownership and importance of agile allocation of engineering resources," Zhylenko said.
Before implementing any open source project, companies should identify a clear owner, and establish roles and responsibilities across team members, Mishra said. "This will help you to quickly determine if you need additional budget for staffing requirements before you take on a project you may not be equipped to manage," Mishra said.
Many open source technologies work well on a small scale, but quickly fall apart when they transition to a production environment with multiple nodes, Mishra said.
"Your open source technology should be flexible to scale from a single server to multiple data centers, so knowing what you need in terms of your equipment and operating environment ensures you have a long-term plan from the beginning," Mishra said. "Don't forget to subscribe to any vendor support for production severity-1 issues that come about with any open source technology."
Open source does not mean free, said Dan Garfield, chief evangelist of Codefresh. While there are many great open source tools and projects out there, many companies assume that because the software is "free," like speech, that it comes at no cost.
"There are costs associated with operating and maintaining open source software and many open source projects are sort of like freemium gateways to a vendor's product," Garfield said.
As such, companies must carefully review open source licenses. "Just because some people can use an open source project without paying for it doesn't mean everyone can," Garfield said. "If you develop a project around open source software that uses GPL then you must be prepared to make that software open source. There are careful guidelines that must be adhered to."
8. Lack of diversity in contributors
Open source can suffer from a general lack of contributors, as well as a lack of diversity among the contributors that do exist, Murchie said. "This is driven by the prevalent idea that open source software should be free and the people who work on it should be driven by passion and sheer will, rather than by a salary," Murchie said. "This means most open source contributors have to code in their free time."
Bringing open source software into your company should only be the first step of the journey, said Kevin Fleming, head of open source community engagement in the office of the CTO at Bloomberg. "Plan for your teams to become active members of the community in order to improve every piece of open source software you use," Fleming said.