CIO's
Open-source
Strategy Guide
In an era of multiple / hybrid cloud options, serverless architecture & SAAS; legacy approaches to open source evaluation don't work. Here is your blueprint to unlocking the best of open source and accelerate innovation.
Learn moreOpen source star's
framework for the enterprise
This is the obvious starting point. Mapping of features to business requirements. Between 40-70% match is reasonable, especially if the technology (codebase) is aligned with your current development stack and you already have a team of developers who can be productive right away. The level of fit needs to be adjusted based on several other factors covered below.
Besides functional requirements, here are a few other important items to consider
- For data-related application availability of import, export utilities, APIs, and integrations. Value is in unlocking data across applications.
- For libraries or utilities, performance characteristics across different load conditions.
When evaluating open-source, technology stack is where you and your team will probably spend most of the time. Rightfully so, as this is the most consideration. In many cases, it is better to pick projects that align with your existing development languages, tools, frameworks unless you are trying to get away from them because they are legacy or have been problematic. And if you are in that mode, a look at what others are exploring can provide good insights as a starting point.
When picking up a new technology platform, the size of the community is a good indicator. Look for weekly downloads, followers, stars, open issues v/s total issues, commit history, posts on Stackoverflow, etc. Their recent community growth curve is even more significant but most important however is the availability of talent. The best of the technology without the right team is a non-starter. In a complex enterprise world, it is likely and recommended to have 2-3 dominant technology stacks to de-risk as well as help with integrations which is a reality in a connected world. You need ready availability of the right skills and ability to attract them; something the open source stars have amply demonstrated. How do you get some of the best brains to contribute to your project!
Something else needs to be considered when you have access to the source code. The dependencies, their vulnerabilities, license model, the Readme & documentation; the community communications, and how democratic are they with the project roadmap, and how feature requests are prioritized. These are very important considerations if your team is going to build something strategic for the company and needs that future proof assurance.
While the initial days of open-source were rooted in building free alternatives to proprietary software, in the world of cloud computing it is leading from the front. This is particularly true for a majority of data-centric projects whether it is database apps like PostgreSQL, Mongo, or Big-data technology across Hadoop, Spark, and several others. When it comes to user experience and web frameworks, almost all of the choices are in the open-source realm. Deployment too is dominated by open-source frameworks and a range of alternatives to pick from.
The wide spectrum of tools and frameworks poses another challenge; "a selection problem". Careful selection is important to avoid a cloud lock-in situation. This flexibility with multiple hybrid clouds is perhaps the biggest reason open source adoption has skyrocketed in recent years. Almost all technology startups including SaaS providers are heavily built on open source delivering innovation at an unprecedented pace powered by easy cloud infrastructure. While it is common and often preferred to stick to one cloud ecosystem for startups, for your enterprise IT teams, it means just the opposite; the flexibility to move applications and data across cloud infrastructure.
Beyond the legacy-sounding cloud infrastructure setup of today, a slew of projects and deployment approaches have come up around the serverless construct. For your next project or technology selection, this may well be an important consideration as it means a very different cost and availability model. This is at the cutting edge of today's technology innovation and the OSStars collective is shaping what's coming up tomorrow. Join us for one of the OSStars Next sessions.
Cloud infrastructure provided the initial advantage on cost and time both but to some extent it put a cost back on the complexity of deployment and with that overall cost of delivering enterprise applications. DevOps roles didn't exist a few years ago the way they do today. Many of the complexities arose simply because the applications were developed with a traditional deployment model where release cycles took months. There are a new set of open source applications that are designed ground up for cloud deployment and speed. Speed both in development through opinioned stacks and by design cloud-first avoid the deployment complexities.
Consumer UX v/s Enterprise UX has hardly been a contest. Clunky screens with countless clicks and navigations were just how enterprise applications were characterized because the primary objective was to get the job done. Users (mostly employees) were trained to get the job done and probably inherited from the age of machines which came with instruction manuals and training programs. Somewhere down the line consumer and SaaS applications changed that. Almost zero training and led through intuitive interfaces that users just felt so much more comfortable. For enterprise, that's gain in productivity, though it has been hard to measure that gain to make a case for investment in improving user experience.
The shift to cloud and open source now provides the perfect opportunity to fix that gap. Today user experience is no longer an afterthought but applications are designed with the experience in mind. Thankfully open source is leading the user experience curve and with the right selection of frameworks, widget libraries can deliver the experience at a much-reduced cost. In a competitive world, experience goes a long way in engaging both customers and employees.
There was an explosion of license models and variants at some point in the history of open source, but today largely it has settled down to broadly 3 categories. a) Free to use in any form with or without attribution (Permissive) b) Free to use but not distribute commercial variants with clause of reciprocity. c) Free basic edition with an enterprise grade licensed edition as an option. This is of course an oversimplification of what many consider a thorny issue with open source, but standard patterns have evolved for different classes of applications. For example, SaaS applications that are delivered over the web and have a commercial aspect cannot use certain license models which would be fine with say internal use only enterprise applications.
A related area where OSStars is bringing out a simplification to the license model is to reduce the number of components to a manageable set. Because libraries are freely available and there are many of them to pick from, developers tend to create bloated applications. A large dependency library set means a higher likelihood of vulnerability situations besides incompatible licenses. Our goal is to deliver license audits within the stacks that developers use so that as decision-makers you are always assured of compliance.
You can see the code. So can many others and that delivers a huge advantage for open source. RAS Model (Reliability, availability, security) comes easy when many eyeballs are looking at it and history has demonstrated that reported vulnerabilities get handled much faster in the open-source world than in competitive proprietary alternatives.
With more applications leveraging cloud deployment, the threat factor goes up too. Better security is a function of right selection of technology, testing & live monitoring. The advantage here is to stick with large numbers; a simple lesson that the animal kingdom knows in the African savanna.
In the proprietary world, the supplier vendor covers indemnity because they own all of it. The same is not true for open-source that typically is built on collective contributions from many. These can be code or even libraries they internally depend on. This is kind of the Achilles heel of open source. However, indemnity is important for most enterprise IT teams. While some of the open-source providers have a commercial edition that covers indemnity, there are several others that do not; an important consideration in your evaluation of an open-source project. The question often gets asked is if indemnity is important. Using an open-source editor, deployments may not be critical but core application building blocks may well be.
The open-source world is a vibrant community of people who are involved because they have self-interest and are not necessarily doing a paid job. You may not have the contractual or on-the-paper assurance that a typical proprietary application provides, but for all practical purposes, community support works. Many commercial vendors have adopted it as well. And if your team or organization does require commercial support, you have the option to get the best support from the project's original authors or contributors right here in OSStars.
Support in the context of open source is not just incident-based but the level and depth of documentation, available tutorials, and code examples. A popular trend on GitHub are projects titled awesome-xxx e.g. awesome-vue. These are great resources of related information that can drive your technology selection or even upskill your existing workforce.
We have covered talent briefly in the sections above, but talent needs separate coverage because for enterprise IT, talent is the biggest cost in most cases. Not just what is paid as sales or compensation to developers but lack of the right talent means impact to project timelines and the cascading effect on businesses that your project is expected to deliver for. Ability to attract and retain top talent in many cases is the key decision factor when it comes to technology selection.
Set up a conversation with our open-source stars and see how you can win the talent crunch and continue to drive innovation forward.