Evaluating Strategic Information Technology Investment: An Appraisal of Software Alternatives for Small to Medium Enterprises
Written By: Igor Grubisic
Published On: December 18 2006
The origins of open source and closed source software solutions have different philosophies. The closed source methodology is in most cases practiced by companies which refer to their code as a business secret. In this way they protect their work from piracy and from "copycats." The other crucial distinction is that this software is developed to satisfy market requirements.
Part One of the series Evaluating Strategic Information Technology Investment: An Appraisal of Software Alternatives for Small to Medium Enterprises
On the other hand, the open source movement started with a group or individuals making software for various, non-commercial reasons. They see openness as a benefit. Although open, it does not mean that this software is necessarily free. Thus, in the field of open source software there exists both free and commercial software.
The main advantage of open source products is in their openness. This makes it possible for a third party to see and review the source. This feature is not of great importance to small and medium enterprises (SMEs), unless their core business is application development. Even in these cases, they can view and review the source code by signing a non-disclosure agreement with the software vendor (as Norton did with Microsoft).
Proponents of openness believe that open source software is more secure, because it is much easier to view and fix security flaws when the source can be reviewed by anyone. Although this might be true in most cases, it is also possible for hackers to find and exploit security holes easier, as they can review the whole code.
The proactive security nature of closed source solutions is based on "security through obscurity" (see Wikipedia's entry Security through obscurity, accessed December 2006), unlike the reactive security used by open source solutions. This is founded on the presumption that it is much harder to find any vulnerability in the software if one can not see how it works.
Although this research does not aim to evaluate any concrete package, it does examine operating systems, as there are only two solutions that are viable: Windows (closed source) and Linux (open source).
There is a constant battle between Linux and Windows advocates regarding the security issue. Linux proponents claim that their open source policy is better despite the possibility that cyber criminals can see the source. Windows supporters argue that Linux has a smaller market share, and thus a lower attack rate. Practice has shown that both sides have valid points. Secure design, source code auditing, quality development, and a smooth design process all play into the security of a project, and none of these are directly related to a project being open source or closed source (see Jason Miller's 2004 article Open Source versus Closed Source Security at http://www.securityfocus.com/columnists/269). Accordingly, security-related questions are not an issue when choosing between the two solutions.
Pros and Cons—Free solutions
When addressing the pros and cons of software solutions, the common mistake is the presumption that "open source" means "free." According to this presumption, one may say that the best solution is a free one. However, there are commercial open source solutions, such as Red Hat, Mandrake, SUSE, and Solaris Linux. Furthermore, the retail price only marginally impacts the overall cost of software. The entire cost of a software solution is characterized through a value which is called total cost of ownership (TCO).
Free solutions are often the result of voluntary efforts of individuals or groups. Their main advantage, of course, is that they are free. However, in calculating the overall TCO, these solutions might be pricier than their commercial counterparts. Free solutions are distributed under the General Public License (GPL), which means that one can legally use them, copy them, change them, or even redistribute them. The open source philosophy enables "security through many eyes," and allows users to participate in the project. It is also possible to directly address the developer, who is usually willing to help. Additionally, there is large community support.
On the downside, free software is provided without any kind of warranty, so that SMEs have to use it at their own risk. Moreover, there is no official or properly made documentation, or professional support. The whole project is often at the mercy of one person or a small group, who will work on the issues which they find attractive. This means that any functionality problems will not be addressed unless they are interesting to the development community. If there is any tutorial it is written on a by-hackers-for-hackers basis, so it is not very helpful for common users. On top of it all, if a developer finds that developing the project any further is no longer any fun, it will be abandoned (see Neil Gunton's 2006 article Open source Pros and Cons at http://www.neilgunton.com/open_source_pros_cons/).
Pros and Cons—Proprietary solutions
Alternatively, commercial solutions are always written to satisfy customer needs. There is proper documentation, suitable customer and professional support, and a warranty that the software will perform as stated. Otherwise, the buyer can take legal action against the vendor. Another advantage of commercial solutions is that they are often thoroughly tested before they are brought to market.
While the distinction between free and commercial software is easy to see, things are not so clear between commercial solutions.
At first sight, proprietary solutions differ only through the fact that one is open source and the other closed source. However, things become clearer when it comes to the purpose of the software. It is common practice and opinion that Linux is intended for server use, and Windows for workstation use. This belief is based on the fact that Linux has its roots in Unix, which is a server platform. It is optimized to support multiple and simultaneous user approaches to computer time and resources. Windows, on the other hand, has a workstation-centered approach. It tends to be more graphical and user-friendly, hiding the details that might confuse or hinder users. It is not generally feasible to have multiple user interactions with more than one environment at the same time.
This could lead to the conclusion that SMEs should take Linux for their servers and Windows for their workstations. The problem is that both Linux and Microsoft manufacturers tend to deliver products which fill the gaps in their own solutions. Microsoft already has Windows operating systems oriented towards server platforms (the Windows Server family), and Linux is trying to become more user-friendly through variable graphical interfaces, such as KDE and GNOME. Thus, SMEs now have a tougher choice between Microsoft and Linux. Weighting the relative value of open source and closed source methodologies has become a balancing act between the resources invested and the value of the software once it is learned.
It is important to note that this series does not intend to cover all software uses, but only the most common usage—and for SMEs, an important one. For most SMEs, it is not clear which software solution is optimal for their servers and which is optimal for their workstations. This series will explore the alternatives from the perspective of an analytical hierarchy process (AHP), in order to arrive at an appropriate evaluation of strategic IT investments for SMEs.
The research behind this analysis covers a period of five years, since this is the common practice when projecting an information and communication technology (ICT) network.