Published on the 04/05/2022 | Written by Heather Wright
Security no stumbling block as open source gains on proprietary…
Last December’s highly publicised Log4j vulnerability hasn’t put a damper on open source use in the enterprise, with demand for open source accelerating and IT teams confident in the security aspect.
At least that’s according to The State of Enterprise Open Source report from Red Hat, which as an open source vendor is somewhat invested in the topic. Respondents to the report were, however, unaware of Red Hat’s involvement, the company says.
Enterprise open source is expected to account for 34 percent of deployments in two years – just one percentage point behind proprietary software.
This year’s report found that 80 percent of the 150 APAC IT leaders surveyed, including across Australia and New Zealand, expect to increase their use of enterprise open source software for emerging technologies, in line with the global average of 80 percent from the 1,300 responses.
And it’s a surprisingly rapidly growing segment of the enterprise business – particularly given the notoriously slow moving nature of enterprise software traditionally.
Globally, the report found only 45 percent of software in enterprises surveyed was proprietary, with enterprise open source software accounting for 29 percent and community based open source software coming in at 21 percent. And that’s expected to grow – with enterprise open source expected to jump to 34 percent in two years and community-based open source climbing to 24 percent.
Proprietary software, meanwhile, is expected to drop eight percentage points to just 37 percent – only marginally ahead of enterprise open source’s 34 percent.
In APAC the expected change is even more stark with proprietary software currently accounting for just 43 percent of existing deployments and that figure expected to tumble to 35 percent in two years. Enterprise open source, meanwhile, is expected to climb from 29 percent to 34 percent – just one percentage point behind proprietary software. Community based open source software is expected to jump from 22 percent to 26 percent.
The report notes that IT leaders are more positive in their perceptions of enterprise open source than they were just one year ago. Driving that acceptance appears to be Covid, with 92 percent of IT leaders saying enterprise open source solutions are important to addressing their Covid-related challenges, adapting to remote work, addressing changing customer needs and adding agility in a rapidly changing world.
IT infrastructure modernisation was the top use for enterprise open source in Asia Pacific, followed by digital transformation, in keeping with global trends. But where application development rounded out the top three globally, in APAC it didn’t even feature in the top four use cases with application modernisation (fourth globally) taking third spot and hybrid or multi-cloud management sneaking in for fourth place locally.
Securing open source
Perceptions of open source security is on the up too, with 89 percent of APAC IT leaders saying they believe enterprise open source is as secure or more secure than proprietary software. In fact, 34 percent of APAC respondents cited ‘better security’ as the top benefit of using enterprise open source. Other benefits cited regionally? The ability to safely leverage open source technology, the ability to customise apps and the lower total cost of ownership.
Security has been on the ascendance in previous State of Open Source reports – now in their fourth year – so the high opinion of open source security wasn’t a surprise, Red Hat says.
What was however, were the reasons respondents thought enterprise open source is a benefit in terms of security.
“The obvious historical answer to this question would have been that there are many eyes on the code,” Red Hat says.
“The problem with this answer has always been that there sometimes aren’t many eyes and what eyes there are may not be skilled ones backed by rigorous processes. In a way, this is the counterpoint to the ‘but the bad guys can see the source code’ argument against open source being adequately secure.
“It’s a naive dichotomy that once defined the mostly surface level open source security debate. We perhaps assumed it was still in force more than it apparently is – at least among the IT leaders at mostly larger firms who we surveyed.”
Instead this year’s report found APAC respondents citing were well-documented security patches and the ability to use well-tested open source code in in-house applications – reflecting the increasing use of open source libraries as the building blocks for internal applications – as the top reasons. Quick availability of vulnerability patches was also a winning factor.
The reports echo those of research from cloud-native security company Aqua Security, which found nearly 70 percent of CISOs believe open source security solutions provide a faster way to secure environments, with more than 60 percent of respondents in that US-based survey saying they actively prefer to work with vendors who build open source projects. Red Hat’s report found 82 percent globally, and 77 percent of APAC respondents were more likely to select a vendor who contributed to the open source community.
But while open source might be shining brightly, there are, however, still some issues to overcome, including the ever present lack of internal skills, in this case to manage and support enterprise open source, along with concerns about the level os support and – yes, back to security – concerns about inherent security of code for 32 percent of APAC respondents.