Hey, CIOs: Open Up!

Making policies to keep out open source? It's already in.

Have you tried to get an open-source project going at your company only to run into a boss who has a "no open source" policy? If so, youve probably fallen back on the standard argument that vendors such as IBM are investing in open source as an enterprise technology, as are many of their corporate customers.

If thats not working, theres a much better example you can point to: your own company. Chances are, it wont take a whole lot of looking to find a large number of open-source-based products running in your company—despite the prevailing no-open-source policy.

Im not talking about stealth Linux boxes and other unapproved implementations. Im talking about big enterprise applications from big vendors that your boss green-lighted and possibly even recommended.

For starters, check out that big enterprise information portal your company just

implemented. Whats it running on? Theres a very good chance its running on the open-source Apache Web server and the Tomcat J2EE application server. In the big portal evaluation I recently did, all six of the products reviewed ran on Apache and Tomcat.

Along with IBMs WebSphere Portal, the portals I reviewed—from ATG, BEA, CleverPath, Plumtree, Sybase and Vignette—are market leaders. And portals are one of the most widely deployed enterprise applications right now—mostly because of their proven ROI. Id argue that open source plays a significant role in providing that return.

Or what about that big hosted customer service system your company uses? It may be built on the open-source PHP scripting language, as is RightNow Technologies eService Center. How about all the powerful enterprise appliances in your server racks? Many are nothing more than streamlined Linux or BSD boxes. The very powerful Google Search Appliance I recently reviewed uses Linux, Apache and the open-source Python scripting language.

Do you have a bunch of advanced security tools, such as vulnerability scanners, sniffers, firewalls and intrusion detection systems? Theres almost a 100 percent guarantee that these systems are based on open-source technology. Most of the leading security tools use open-source technology, as many security researchers release their tools using open-source licensing.

Im pretty sure it would be almost impossible to find a large company in which no open source is being used. Id even be willing to bet a fair amount of cash that a scan through Microsofts internal IT infrastructure would turn up a decent amount of open-source software.

Of course, while all this information might embarrass your anti-open-source boss, it might not change his or her mind. Often when someone has reached a conclusion about technology, hard evidence doesnt matter.

I hear this all the time from analysts and other experts I talk to on a regular basis. When the question of open source in the enterprise comes up, someone is sure to say that open source isnt yet ready for the enterprise. Others will say they havent heard from many companies that are using open source.

I can only shake my head. Open source touches every aspect of most enterprise applications, and yet they cant see it. For these people, open source is hidden in plain view. Unfortunately, their belief that they arent using it fuels a shortsighted vision at their company.

In the meantime, the software theyre getting from companies such as IBM, both directly and under the hood of applications, is only increasing in the amount of open source code being implemented.

For IT workers who want to implement the best solution and not worry about erroneous perceptions, keep up the fight. Maybe your boss will start to realize the benefits of open source. Or maybe your company will get sick of the advantage that your competitors are getting by using open source.

One way or another, open-source software will continue to enter companies, whether they opt to implement it or not. Some enterprises may not think theyre ready to exploit the benefits of open source, but software vendors have no aversion to using it to improve products and gain a competitive edge.

East Coast Technical Director Jim Rapoza is at jim_rapoza@ziffdavis.com.