Open Source Software: Here's What They’re Not Telling You
The subject of “open source vs closed source” incites a passion in even the most introverted of technologists - both sides are un-wielding in their opinions, however, such debates are insignificant without a context for comparison.
What do I mean by context - I’m referring to a basis for comparison and consideration such as the use case, the business size, the skills of resources to operate the solution or the applicable industry.
There’s no one size fits all with respect to any tool that I have found, software or otherwise - a sledgehammer has its purpose, just as a carpentry hammer has its. Would you use a general purpose carpenter's hammer to knock down a concrete block wall? Or a sledgehammer to knock in nails? The answer is no - you might try if you had no other choice, but neither would do a very good job.
In this post, I want to provide you with a framework to assess “your context” for businesses grappling with this very decision to assist them in analyzing the decision between open source or closed software platform.
All Cards On The Table
Prior to getting into this article, I feel that I should provide you with “my context” for this post.
At the time of writing I am heavily involved from with a SaaS CMS solution - I founded Coredna. I work with many companies and partners that have or are in the process of implementing this platform solution.
But I don't dislike open source; we use open source components in our platform and much of our infrastructure is open source or a commercial version of an open source project, such as MYSQL, PHP, and Apache. I also recommend clients other open source software/platforms when their needs are not well served with our own solution. Likewise, I assisted my brother to move his eCommerce website to Weebly when we figured out that Coredna was not a right fit for hisjewelryy business.
I am software agnostic! I laugh writing this as I have sat in so many meetings with various digital agencies when they have said to me, “We’re software agnostic at ….”.
That aside, I am writing this second post as an update to my original post many years ago. I want to dispel many beliefs that I believe to have been incorrectly perpetuated without any relevant “context”, such as:
- Open source software is completely free
- Open source is more flexible than closed source
- Closed source is expensive
- Open source software is a security risk
- Code ownership is critical to every business
One other last thing that I want to declare is that, in my humble opinion, once you ‘customize’ your open source code - that you are pretty much in the ‘closed source’ camp - We'll get to that later.…
What Are We Talking About
You might have heard or read of many of these terms, yet not fully understood - skip straight on to this section if you have.
CMS is an acronym for Content Management System, which is software that allows a user to create and publish content to the web without code such as HTML or CSS. In its most simplistic form, the goal of a CMS is to provide the user with an easy user interface to manage the:
- Creation and modification of web pages
- Appearance of published web pages
- The structure of a website
- User permissions of the CMS
As of May 1st 2017, the most commonly implemented CMS software is WordPress. Of websites using a CMS (also sometimes referred to as a WCMS - Web Content Management System), 58.9% of those are using WordPress.
Open source software is commonly referred to as providing ‘open’ access to the software’s source code. It allows users to copy and modify parts of the code with no consequence. There are some other ‘technical’ requirements in order to meet the requirements of open source - the full definition of open source can be found on the Open Source Initiatives website.
Well known examples of open source CMS solutions include WordPress, Drupal, Joomla, and Magento.
Closed source, also referred to as ‘proprietary software’ is software source code that is generally not published publicly or that is not redistributable without cost.
There are some types of closed source that provide access to their source code, either publicly or to registered or approved person/bodies/groups, however, there are restrictions on its use, modification, and redistribution.
The evolution of close source has been greatly accelerated with the movement away from large self-managed Enterprise software solutions to SaaS applications.
SaaS is an acronym for Software as a Service and is sometimes referred to as ‘on-demand software’ - it is a licensing and delivery model for software whereby the software is licensed on a subscription basis. The user generally interacts with the application by a web browser and the provider usually maintains the operating and application environment.
“A website is a collection of related web pages, including multimedia content, typically identified with a common domain name and published on at least one web server” as defined by Wikipedia. A website can be a public site accessible on the internet or a private site that is accessible via user credentials on the internet or a private local area network
The 3 Ways To Obtain Technology Software
You have three choices when it comes to creating and managing software. Before you go about choosing one of these options, you must understand the problem that needs to be solved using the software.
Take into account strategic goals, external partners and required systems support. This will tremendously help you decide which approach would best suit your requirements.
You ‘Buy’ The Technology
You pay some company for a platform that has all the functionalities you need, and that’s about it. Everything else is taken care of.
Buying software not only saves you time, but also maximizes your employee resources and lets you customize the platform with a specific functionality to meet your business needs.
Every business has unique requirements. Some are looking for accounting or scheduling, others may just want customer relationship management.
An extreme example is Salesforce.
Salesforce buys software companies that have the technology they can reuse for its customers. Last year, they purchased Demandware, a cloud ecommerce company, for $2.8 BILLION to help grow their eCommerce offerings.
There are a number of other software companies that offer a buy option for their platforms.
Once you’ve paid for the software, all you need to do is get someone onboard to manage it or train your existing employees to work with the platform.
Just like with any technology, it has its advantages and disadvantages:
Pros of ‘buying’ the technology
- Commercial software is relatively fast to deploy. You can install it as soon as you purchase it, saving you a hell lot of time.
- You can integrate third party software. For example, if you’re using MySQL for your databases, but the new software you bought uses Amazon RDS, the software will make the transition smooth by letting MySQL integrate with the platform.
- They are customizable (to an extent).
- There is a strong community behind every major software to answer your questions in no time.
Cons of ‘buying’ the technology
- Commercial software has an upfront cost.
- More often than not, you end up paying for features you don’t need because they come with the package.
- There are ongoing costs of maintenance and upgrades.
- In case you run into a technical issue, the software provider may charge you extra to fix the problem.
You ‘Build’ The Technology
Build or buy?
A question that haunts every executive.
Think of it as a choice between buying an existing home or building your own.
You will need to employ developers to create the solution. Ask yourself — how important is technology to your business? If you think it’s at the core, go for it.
The level of customization you get with customized software is perhaps the biggest benefit. In the early stages, off-the-shelf software might do the trick. But when you start to grow, your day to day operations may lead to inefficiency and manual processes.
Pros of ‘building’ the technology
- Developers know exactly where to cut the corners based on the requirements and make the product as efficient as possible.
- You get software tailored exactly to your needs, which gives you greater control and a familiar interface that is much easier to use.
- There are no licensing issues.
Cons of ‘building’ the technology
- The team you hire may lack the knowledge and skills to build a sophisticated software from scratch.
- The software could end up having frequent bugs and glitches which may require you to bring in outside consultants costing you time and money.
- The whole process is quite time-consuming.
- It could be difficult to keep up with the evolving technology.
You ‘Borrow’ The Technology
Borrowing software should not be looked as a compromise between buying and building. You get what you pay for. You’re usually billed monthly depending on the plan you choose to use the platform. Continuous updates are automatically installed by the company.
Pros of ‘borrowing’ the technology
- Plug and play. Super-fast implementation.
- Requires zero maintenance.
- It usually has most of the functionalities you need.
- Thanks to the updates. The software keeps getting better overtime. You could always write to the developers in case you have a specific requirement.
Cons of ‘borrowing’ the technology
- You have less control over the product.
- If the product is newly built, you may encounter some bugs. Maturity comes overtime.
- Integrations can be an issue.
- Depending on the vendor you choose, watch out for a “lock-in” period.
The 4 Context Selection Factors
This post is NOT a comprehensive guide to selecting a software or CMS solution; its focus is on providing a framework for considering your organizations the needs and resources in order to achieve the best outcome from any selection process.
In my opinion, the following four factors are the most important in the consideration of open source vs closed source. The paragraphs below will introduce the factors in subsequent sections I will explain why these are the four most important factors.
Open Vs Closed Source Selection Factor #1: IT Resource Availability
What IT resources do your business have that are experienced in managing websites, website applications, and website infrastructure?
If you do have these staff in your employ, what is their availability or ability to offset current responsibilities and priorities?
Open Vs Closed Source Selection Factor #2: Requirement Complexity
What functionality is required on the website(s)?
- Will there be one website or multiple websites?
- Will you need a marketing website, an ecommerce website, an intranet? Do you have private pages or do you have a content approval workflow?
- Will the website require custom code development and/or 3rd party plugins to achieve the requirements?
- How frequently will you update the ‘code’ of the website to improve functionality or design(s)?
Open Vs Closed Source Selection Factor #3: Business Critical
It might sound strange to ask in 2017, but how critical is the website to the success of your business?
- How much revenue would you lose if the website(s) were down for a couple of hours?
- Would your business be negatively impacted if its user database was hacked similar like the poor folks at Mossak Fonseca - a.k.a The Panama Papers
Open Vs Closed Source Selection Factor #4: Budget
Realistically budget can allow a business to mitigate any of these factors. If you don't have it then you gotta do what you gotta do - right? If I only have a sledgehammer & I don’t have money... then look out nail!
In the event that the business has the budget, then the other three factors can be mitigated.
The Selection Matrix
As a general rule of thumb, I have found that the following matrix graph demonstrates the sweet spot for open source, closed source, and the open territory.
Now I already hear a bunch of people thinking “yo whoa, hold up dude”.
So, I am not arrogant enough to be purporting that this matrix is true in each and every case - however, in my experience it is demonstrated to be true in 98% of cases. So let me explain the graph zones below and then in the following section, I will outline the basis for this representation.
The red zone is fairly representative of MOST small business:
- The complexity of requirements is low, many times they are looking to get a starter marketing website running to establish an online presence. They use social channel as their primary digital marketing tool, a template will do the job and the most complex requirement is a subscriber signup;
- IT resources are low, there is no internal tech staff - there’s a friend or a guy who someone knows that does websites;
- The website is not critical to their business, they don't have high traffic levels, they are not an ecommerce business that is losing money when the site is down or they will not go out of business if their site is hacked & their subscriber list is compromised;
- Every part of the business is needed for budget - they are bootstrapped.
Now, what exactly is a small business? In my travels, I have seen this vary greatly; in Australia, we would say a business with less than 20 employees is small, however, in North America and Europe I would say the count is closer to 50 employees.
The yellow zone represents MOST medium-sized businesses:
- The complexity of requirements increases, the business needs to differentiate itself online from competitors and there are more business systems that require integration;
- While there maybe IT resources, they are spread thin. They don’t have the time or skills to launch and maintain a website, its integrations, and its infrastructure - let alone constant enhancements;
- The website is now a critical part of the businesses marketing and positioning strategies. Downtime has significant impact on revenue and/or reputation and a leak of personal data would be newsworthy for all the wrong reasons;
- Budget for digital marketing has increased, however, not in line with its importance to the business and not to the extent to enable the employment of dedicated internal resources.
Again I would say that in Australia a medium-sized business is between 20 and 150 employees, however, overseas this is much larger, probably between 50 and 400 employees?
The green zone represents MOST large organizations:
- The complexity of requirements is large, there are generally several websites, perhaps several brands. The need for dynamic and personalized content is a key to success and there are a significant number of enterprise business systems that require real-time integration;
- Availability of IT resources can go two ways in large organizations. The advent of outsourcing and the ‘cloud’ has seen a considerable divestment of IT resources. However, in large organizations that truly understand the importance of digital - they often have a dedicated internal team of resources to develop and maintain their digital resources;
- Digital marketing has been critical for some time and downtime has a significant impact on revenue and reputation. A security scandal is front page news, results in inquiries and in people losing their jobs;
- The budget for well-justified, results-orientated digital marketing is unabated.
Large businesses in my calculation are those with more than 150 employees in Australia and more than 400 overseas. There is merit to an argument that there should be another category above ‘large’, perhaps Enterprise, however, most of the factors are very similar between those businesses with respect to content management. In my experience is it the procurement and risk mitigation policies that broaden in these businesses.
The Match Making?
This is very likely to be the point where a bunch of people feel compelled to comment on this post and just how plain wrong, shortsighted, and ill-informed I am. Thank you - all comments to the rear carriage (no seriously the comments section is at the bottom of the post).
My view has been formed by my experiences over 17 years and as such, I welcome new opportunities to learn from others experiences.
Boiling down the above sections into a snapshot looks like this:
So, here goes (deep breath) - this is a generalistic overview of how I believe open & closed source & Saas software are suited to business by size:
The table above outlines my belief that small businesses are suited to open source & the proposition is questionable for closed source software is based on the assumptions that I outlined about small business is the previous section.
That an open source software, hosted on a shared environment, with a cheap non-exclusive ‘template’ design and little or no ongoing maintenance is a MATCH.
Closed source may be appropriate for a small business when:
- Where your needs are so limited that a Squarespace-like SaaS product can fulfill the requirements and the price is incredibly cheap at less than $20 per month.
- If you're an ecommerce business - yes, there is Magento, however, I am quite comfortable to have the debate that Magento, even in its community version, is not a SMALL business software.
- When your website is capturing users personal data and your budget does not enable you to deploy and manage the appropriate security measures.
- If the business has specialized industry requirements that require custom development.
I contend that for medium-sized businesses, closed source solutions (particularly SaaS products), are best matched as a guide. Why/how?
- As functionality requirements increase, in the open source environments this requires either the installation of many 3rd party plugins or the development of custom code. Both of these scenarios should pose cause for concern of a medium sized business and I explain why here;
- The availability and skills of IT resources are not sufficient to maintain a reliable and high performing website.
- Website uptime is critical to revenue and reputation. A closed source SaaS solution mostly provides you with an infrastructure environment that can absorb the unforeseen fluctuations in traffic.
Open source is also well-matched for a medium-sized business when:
- When the business has the available IT/technical skills to self-manage the maintenance of the application and operating environment + monitor the website’s performance 24 x 7, without significant opportunity cost to the business.
- When the business has the budget to pay a provider to monitor and maintain the website including the patching/updating of the operating environment, application, and any custom code/3rd party plugins.
- When the business is a predominantly offline business and its digital marketing needs have not grown in line with its size.
Here I believe that both solutions are appropriate and that ultimately the structure and focus of the business determine the best solution.
The pros and cons of open and closed source in the large organization need its own post - for the purposes of this post, let’s call it a closely fought draw. The reasoning behind not going into further detail here is that large organizations are far more experienced with making technology decisions and the digital marketing technology environment.
The Caveats & Assumptions
There are exceptions to every rule and above I have gone to all lengths to identify that I am generalizing. However, I should note that with respect to closed source, I’m referencing SaaS solutions in the comparisons. Effectively there are four ways that you can deploy a software solution:
The 4 Types of Software Deployment
There are essentially four ways to deploy (install, launch & manage) a software application, they are:
Software Deployment Type #1: Self-Hosted
You create the infrastructure environment, install the applications, manage the ongoing maintenance and updates of both devices and applications and monitor the performance of the systems. Generally, for a software, the infrastructure will be placed into a leased space in a data center.
This method can apply to both open source and closed source solutions. In either case, it is generally up to you to install version updates and service patches.
Software Deployment Type #2: Third-Party Hosted
You pay a third party to take care of all of the above, they source and maintain the infrastructure, they install and manage to applications and operating systems.
Again this method can apply to both solutions and contracts can include maintenance of version updates and service patches.
Software Deployment Type #3: Hybrid
A hybrid of self and third-party hosted. Sometimes you might contract the management and monitoring of the infrastructure, whilst you install and maintain the application.
Software Deployment Type #4: SaaS
This model generally applies to closed source solutions, however, it could be argued that SaaS - auto scaling, security, uptime monitoring, patch maintenance, and ongoing innovation are provided as a black box and you pay for either through features or consumption.
SaaS - A Different Way of Thinking?
Every growing business will stumble upon the buy vs build thinking at some point in time.
Needless to say, one policy cannot fit all situations, and for an average Joe, it creates confusion when more options are available. There is no right or wrong for either camp.
Let’s take a look at the disruption IKEA had on the furniture industry. What does IKEA do?
It offers pre-packaged and tested products in a wide range of colors and finishes. This leaves little room for customization and you also need to put the product together yourself.
On the other hand, we have furniture stores where you can design your very own pieces from scratch – completely customized. The best part? You don’t even need to assemble anything.
Depending on your requirements, both these approaches have their pros and cons. Both the industries exist because different customers have different needs. If you’re the kind of person who wants to design every aspect of your furniture, right from color to design to shape, there is no reason for you to go to IKEA.
SaaS is doing to the software industry what IKEA did to furniture industry. Over the past couple of years, we have seen the number of SaaS solutions explode.
The Perpetuation of False Myths
When it comes to the key battle grounds there are a bunch of myths that people spread in aid of their causes. There are also a bunch of items that never get discussed. I’m going to explore them to give you a balanced view of the truth in many of these areas.
The Things Everyone's Talking About
When companies want to sell you on the benefits of open source platforms they generally highlight some cornerstone benefits.
False Myth #1: Open Source is Free
Open source doesn't mean you won’t need to spend a single dime ever. Not at all.
Just like there are hidden costs associated with running a website, which vendors usually never mention.
Let’s debunk it, shall we?
- Customization cost: Something that is (easily) overlooked. Even though there are no upfront charges in an open source environment, as soon as you start to customize the platform to meet your individual needs, costs begin to accumulate.
- The cost of updates: Making sure that your web property remains current, up to date, and with the latest features will cost you a pretty penny. For example, every update from Magento (if you wish to upgrade) will cost you a few hours of developers time. Any decent developers will cost you $150 - $250/hr. New updates usually have issues that must be fixed, which you will (again) need to pay for.
- Hosting costs: Unlike SaaS platforms that are fully managed from development to infrastructure, open source platforms require additional hosting and management costs.
- Re-platforming cost: With SaaS platforms, there is no need to redevelop features once there has been an upgrade to the underlying system. But open source re-platforming will cost you considerable time and money. Moving your small-ish ecommerce site from OpenCart to Magento, that’ll take around 10 - 15 hours to migrate.
False Myth #2: Well-Supported
Sure, there is a great community that is ready to help you when things go south, but this is not always the case.
Once you have customized the platform it is no longer a standard one. Any developer will need to spend ample amount of time to get their head around your customized platform in order to fix the issues.
False Myth #3: Lots of Plugins
The infamous plugins. Yes, there are over 40k WordPress plugins to power your site. The question is, how many do you really need? Are they well written without any security lapses?
Would someone support them for free? Highly unlikely.
Things Nobody Wants to Talk About
There are, however, a few things companies don’t want (or scared) to talk about when they’re selling you open source platforms.
What They Should Be Talking About #1: Security
One could argue the case for OSS being more secure by Linus’ law, which states, "Given enough eyeballs, all bugs are shallow".
Looking at this another way; given a large enough beta tester and developer base, almost every problem and fix will be obvious to someone.
However, just because the source code is available for anyone play with doesn’t mean it has been thoroughly reviewed for weaknesses. Coding errors are found due to poor testing. Testers must actively create unexpected conditions to find vulnerabilities.
What They Should Be Talking About #2: Ongoing updates
The platform needs to be updated with patches and updates regularly. To give you some perspective of patches, WordPress 2016 had 3 major version updates (v4.5, v4.6 & v4.7). Also, 6 maintenance and security updates in 2016 plus 4 more in the first four months of 2017.
If you’re on Wordpress, are your plugins compatible with the latest version?
Not to mention Magento 2.0 has over 2000 documented bugs.
It goes without saying this requires someone who has the knowledge of the system to setup a test environment to test all the updates and then apply them to production.
What They Should Be Talking About #3: Support
When your agency or developer(s) make changes to the open source platform to suit your needs, it is no longer open source. It is a customized version of the platform that someone needs to maintain and support.
What They Should Be Talking About #4: Replatforming
Most OSS legacy platforms have a “use-by” date. This is when the developer community stop supporting the old version of the software. For example, Drupal 7 to 8 and Magento to Magento 2.0.
Again, you will have to invest your time and effort to update to new technology even when the older version is working just fine for you.
Why Many Agencies Defer to Open Source?
Agencies make revenue in two ways:
- From projects (site builds, campaigns or marketing initiatives) and,
- By ongoing marketing or technical maintenance.
Projects represent the biggest risk for agencies; matching requirements to a technical outcome is difficult and can be costly.
The way an agency reduces this risk is by creating a technical solution for one customer that they then use as a basis for the next customer. As the customers grow the agency then drives revenue from the maintenance of those custom built sites.
Over time, the technical team becomes familiar with the technology and they are able to get enough support and other extensions to the technology that can then be used for future projects.
So, Why Do Agencies No Longer Make Their Own Systems?
The complexity of websites have significantly increased over the years and maintenance costs are too much for the agencies to handle. The developers who build such systems don’t come cheap either.
Scaling and integrating multiple systems is just another hurdle in the way of making own systems. In this scenario, resorting to an open source platform such as WordPress is the best option.
Why Agencies Want YOU To Use WordPress….
WordPress is the most popular Content Management System (CMS). According to a survey, WordPress now powers 26% websites on the web. On a daily basis, there are over 500 sites being created on WordPress.
It is a technology that is very familiar to the agencies. There is no need for them to sell you on it. Everyone is using it and so should you. You can practically create all sorts of website using WordPress.
There are thousands of templates to choose from and most importantly, it is 99% SEO friendly (or so they said) and has a large community.
Here’s What Your Agency is Telling You That May Not Be True
If you’re an agency and you’re reading this, let me know down in the comment section if you’ve said any of these things to your clients….
- “Anyone can support the final solution, there is no vendor lock-in”: If the solution has plugins and customizations, most agencies will choose to replatform rather than work out what's going on in other people's code.
- “The platform is free”: Maybe free to download, but to maintain, not so much. Security patches cost money.
- “We can solve your needs with plugins”: Sure, it’s possible. But again, you need to ensure that the plugins are well written and maintained.
- “Your platform is supported by the community”: Open source projects follow a traditional software lifecycle with new versions and updates releasing on regular basis. It's impossible to apply changes to all the solutions automatically because no two solutions look the same. It requires considerable work to implement changes, migrate the data and then test the updates before releasing them to production.
So What's The Solution?
As you can see from the above analysis, the whole open source debate is far more complex than just looking at the free software platform.
The key factors in my mind are as follows.
- Is owning the technology a critical component to the business? Is it a differentiator?
- Do we have the technical resources/Partnerships to build and manage the final solution?
- Do we need to recreate something that may have already been built and we can borrow it?
- Do I want to spend our budget building or buying something to meet our needs?
Agree or disagree? Let me know your thoughts below...