FLOSS Governance issues for the enterprise
IT has long been a support to the business. In a digital world, it may well BE the business. The online corporations of tomorrow will bring numerous promises, providing customers and users with 24*7 and personalized services in their everyday life. Agile and responsive, they will form and evolve at the rhythm of perpetually moving business ecosystems in a flat world, where customers and competitors will always be just a click away. The challenges: build information systems agile enough to dynamically align with constantly moving business processes, robust enough to serve the needs of potentially millions of ever-connected customers or citizens, and safe enough to guarantee trust and privacy. Not an easy challenge. By providing robust, flexible, cost-effective, independent building blocks, that can be easily assembled or adapted specifically to each corporation's need, FLOSS will be an essential part of the equation, becoming the backbone of the information systems of the future, and the core of the new generations of enterprise IT, whether directly or embedded (in SAAS, Cloud, ISV or integrator solutions,...). More, FLOSS inspired development methods and tools may be adapted by the enterprise for their own application developments. The risks, from security to cultural challenges, are important. But the promises are high. The enterprises that will succeed will be those that will meet these challenges, and leverage these opportunities.
State of the Art
In 2008, FLOSS is slowly but surely crossing the chasm from early adopter to mainstream deployment. If it was often introduced in SI infrastructures, or peripheral applications a few years ago, it is now established as a proven way to master costs, increase independence from vendors and create robust and flexible applications, including in mission-critical information systems. According to various surveys, more than 85% of enterprises use FLOSS today, in one way or another (including the use in licensed ISV software). Between 15% to 24% use FLOSS vigorously, and this figure is growing rapidly. 92% of these enterprises declare that FLOSS meets and exceeds their expectations, and the use of FLOSS will be widely extended in the years to come. Moreover, FLOSS usage is shifting from infrastructures (OS, DB, middleware...) to applications (BI, ERP, CRM...). In addition, enterprises are beginning to use best practices from FLOSS in their own IT management, from forges to agile development methods. As a result, mainstream CIO is beginning to take a closer look at FLOSS. The question is no more 'Must we use it?' but 'how to leverage it?' This is the case not only in sectors that have an established reputation for using FLOSS, such as public sector, telecoms or media/services, but also in sectors that have the reputation of being more conservative, such as manufacturing and finance. For CIOs, this is currently leading to a profound re-assessment of IT governance strategies, to take FLOSS into account.
Our Vision and predictions
In 2020, the long term evolution of IT towards digital business will arrive at maturity. In a flat, numeric world, IT will not be any more just a way to manage business. It will BE the business. Indeed, the question will no longer be whether CIOs are spending or investing in IT, but how IT will become a source of profit aligned with business strategy. All corporations will have dematerialized most of their activities, from real time supply chain management to customer and user services and billing with ambient computing. As for industrial production, that has in the past often been outsourced to low cost countries in many corporations, many services such as helpdesk, accounting, legal, communication… will be outsourced to services providers. Projects will be formed on a virtual basis, in a transversal way, and form and disband according to business opportunities. Large integrated corporations will increasingly make way for business moving ecosystems, evolving at the pace of market demands and investments.
In this context, IT will enter the virtual enterprise era. SMEs will increasingly tend to host their information systems externally, thanks to SaaS, hosting and virtualization. They will rely on SAAS accounting software and ERP, available free of charge for basic services, and by subscription or on demand for more value added services. They will benefit from online cloud services for marketing, communication, etc. Large corporations will rely on specific, customized ISs, that they will host themselves (including in private clouds) or require facility management / outsourcing providers to host. Information systems will be at the heart of corporations’ dematerialized services (specific applications) or their knowledge capital (customer data…). So applications will NOT be commodities: they will manage the organizations’ ‘core businesses’. CIOs will often be specialized in business applications rather than pure infrastructure (even if mastery of infrastructures is important to optimize the business applications). They will either rely on a core ERP (ISV or FLOSS), customized with a unique set of specific applications, plus BPO applications, linked with SOA to their network of customers, partners and suppliers; or on a totally specific core information system, linked with SOA to their network of customers, partners and suppliers.
By providing flexible, robust, cost effective and vendor-independent solutions, FLOSS will be instrumental in providing building blocks and tools for these evolutions. They will give CIOS the liberty to design, build and run their information systems at will, with more freedom towards suppliers, and with the possibility of dedicating budgets to real value added functions for the enterprise. The main advantage of FLOSS won't just be to reduce costs, even if it will strongly help to commoditize many software solutions. It will help enterprises regain control of their business and information systems (a power that had been somehow taken by key IT solution providers, dealing directly with CxO, and forcing them to adapt enterprise business to the processes supported by their solutions) with the possibility of tailoring them exactly to their business needs and to the ever increasing pace of IT Transformation that will be driven by business alignment. FLOSS will facilitate the move from monolithic IT to agile IT, adapting and easily recombining the building blocks, creating in the process the DNA for the truly organic IT needed in a digital world. This is a cultural revolution. As with Web 2.0, success will be granted to those who will be able to attract and leverage the collective intelligence of an open world.
To meet these objectives, we suggest the following predictions and recommendations.
1. FLOSS will be instrumental in the evolution of Enterprise IT from an ‘on the shelf” or ‘build’ approach to an Open mix of services, depending on the business logic.
The virtual enterprise era marks a paradigm change. In this world, Enterprise IT will no more be an isolated island, but part of a moving and constantly changing IT business ecosystem, linking suppliers, regulators and customers. Constantly moving, it will dynamically reorganize with business and relationship changes. In this context, IT will DEFINITIVELY MATTER. While infrastructures may be commoditized, applications will not be. Therefore, the preoccupation of IT managers will shift from infrastructure issues to business logic and relationship issues. The challenge: Building and rapidly making evolve business process-centric services, federating (or providing services to) the ecosystem to its advantage. As they are themselves building blocks of a larger IT ecosystem, enterprises will do the same for their own services. Shifting the ‘mashup corporation’ concept to a new level, they will assemble their IT services using a custom mix of online services (ie google map), SaaS ERP functions, CRM tools and custom functions. The key to success: do not reinvent the wheel, but find the right mix of objects and services providing the best value to the ecosystem. FLOSS and SaaS services can be instrumental in this paradigm change, by providing low cost, modular, extensible building blocks that can be easily leveraged and modified in cooperation with partners. For success, however, three key problems must be solved: where to find the components and skills, how to guarantee interoperability, how to certify quality and support. In the old world, the classical answer to this challenge had been to purchase solutions from an established vendor, with an established reputation, and a wide range of solutions. The software market consolidation of the 2000s is the result of this logic: The advantage (get a catalog of integrated solutions) compensated the flaw: price, lack of flexibility, non best-of breed solutions. The ‘object’ orientation of tomorrow’s IS will only be possible if answers are found to these challenges, that may reconcile “best-of-breed” component strategies with seamless integration. Five conditions are necessary for success, and are our recommendations:
Recommendation #1: The development of open directories / marketplaces of components & services is needed for the emergence of the dynamic information systems of the future.
As well as object components, libraries are essential in Object development, service and components directories must be developed to identify key solutions. The development of global players to provide these services is essential. SourceForge, OpenLogic, and others are first steps in this direction today. Company IT departments will need to change their vetting process – from one dependent on vendors to educate and “sell” a component, to one that leverages independent third party data and community information to evaluate and certify open source.
Recommendation #2: FLOSS governance will be a key enabler to allow companies to leverage the benefits of FLOSS.
FLOSS governance will provide the guidelines and processes by which enterprises can safely and successfully use FLOSS. By creating a basic governance foundation, like having a policy on how to control and manage the consumption and contribution to FLOSS, companies will be able to use FLOSS more freely by mitigating legal or operation risks.
Recommendation #3: Interoperability between FLOSS components (and their SaaS counterparts) must become the standard, rather than the exception.
Beyond the respect of open standards, communities must federate projects and define solution frameworks, with interoperable architectures, to facilitate seamless deployment. Solutions ecosystems such as Apache, Eclipse, OSA and OW2, among others, – that federate various players and vendors among common standards - allow this interoperability without monopolistic vendor lock-in.
Recommendation #4: FLOSS communities must agree on a common, automated maturity model and certification quality process.
Without an established brand, quality cannot be claimed. It must be proved. To facilitate adoption, recognized maturity models and CMM-like certifications procedures must be widely available or adapted for FLOSS components, with as much possible automatic testing to reduce certification costs and overheads for developers. The work undertaken in projects such as Qualipso is a step in this (the right) direction.
Recommendation #5: System Integrators should propose service level agreements-like engagements on integrated FLOSS components.
FLOSS is moving the barriers between actors so that system integrators and open-source vendors are now in 'coo-petion' with traditional ISV, and have to address key issues like support, skills and legal requirements that are specific to FLOSS. CxO are looking for bundled services without the specific risk. System integrators will have to leverage various providers (software, service, support, indemnification …) in a coherent and efficient way to respect their engagement.
2. Enterprises will adopt FLOSS development practices and tools internally, from agile methods to virtualshore and community sourcing
Tomorrow’s IT will be characterized by new fundamentals: time to market, client and ecosystem centric logic. Up to now, classical development methods often result in long development processes and high failure rates: weeks of specifications, months of development, years of deployment, often ending up in solutions poorly aligned with business needs. Future time to market constraints in a dematerialized world (with the concept of ‘Internet year’ coming back on stage!) will not only lead to the preference for object-oriented solutions or approaches, leading to a focus on business logic and the integration of various existing components and services in a flexible solution mix. It will also favor agile methods, leading to incremental developments. Moreover, the collaborative tools from FLOSS forges, enabling diverse contributions to be made from various teams from all over the word, will offer an essential answer to the challenge of speed, flexibility and innovation. In 2008, many enterprises already apply some FLOSS development methods internally. The year to come will see a rapid development of this principle, moving from the tailoring approach of early development methods to widespread use of the collaborative revolution within enterprises. Beyond that, these methods will be adopted between enterprises and their suppliers, enabling us at last to solve the dilemma that caused IT projects to move constantly back and forth between inshore, nearshore, offshore or rightshore processes.
A more global ‘virtualshore’ approach may reconcile the best of both worlds. Beyond suppliers, many enterprises will also put the FLOSS principle to work in its natural capacity, that is, participating in, or even driving some communities. As well as services such as Swift in the banking industry, Amadeus or Sabre in the Transport industry, etc. have brought organizations together to join forces and create inter-professional communities, FLOSS communities will be developed by end users to create vertical-specific solutions, especially in domains such as telecom, healthcare, e-government, retail, etc. However, this evolution will drive the need for new generation FLOSS forges and development tools, mixing the flexibility of open source with the security and industrialization needs of enterprise IT. Three conditions are necessary for success, and form the basis for our recommendations:
Recommendation #6: New players must develop to provide Application Life cycle Management/FLOSS development services to enterprises.
Forge and ALM/integration tools must get more industrialized and secure, to meet enterprise needs and criteria.The development of specific solutions and service providers, helping enterprises industrialize FLOSS components use (including with legal and IP watch) and integration, and leverage most agile and collaborative development practices, will be essential in this evolution.
Recommendation #7: Tomorrow’s forges must not only be forges: they must also become marketplaces
They will not only be used by developers. They may also be used by various players, vendors, integrators, etc. with various business models. A public body may want to pay integrators to add some components to a FLOSS e-government solution directly on the forge. An enterprise may be ready to pay members of the community to develop some additional module it needs. A user may want to easily locate service providers for support and integration, among the various community members. The addition of global marketplaces functions to forges will be important for the future. Sourceforge.net/marketplace, OpenLogic Exchange and Red Hat Exchange, among others, are first steps in that direction.
Recommendation #8: Enterprises' attitudes towards FLOSS must change, from a pillage approach to a collaborative participation.
Up to now, enterprises too often rely on FLOSS components without giving back to the communities. A change of attitude is necessary to set up a virtuous circle between code producers and users. The level of maturity of a company towards FLOSS should evolve from simple consumer to participant, contributor and finally sponsor. The ultimate level for a company will depend on their FLOSS governance and if it makes business sense to do so.
3. Enterprises will leverage cloud as the next wave of IT. But a FLOSS approach is vital to avoid the risk of vendor lock-in, even worse than with licensed software
With the advent of Cloud Computing, the IT landscape is going through a paradigm change. As has been the case for hundreds of years for energy, IT computing power and some application services may well become a commodity tomorrow like water or electricity. However, this domain is sometimes misunderstood as there will not be one unified cloud, but several cloud services providers (probably including existing players such as Google, Microsoft with Azure, and emerging ones such as Amazon with EC2, large integrators or telecom providers). Some enterprises and public services will even have their own private clouds. Enterprises will select each application or service individually whether it’s based on a cloud or hosted internally. Most SMEs will probably leverage only a mix of cloud services, mashing up services such as Google Apps, a SaaS ERP player, a SaaS e-commerce tool, etc. Larger enterprises will use some cloud services, host some applications externally, but also maintain complete internal control on some applications, to master security issues, and sometimes also cost ones. Despite some preconceived beliefs, hosting a service externally is not always the best solution in terms of cost and performance. Large e-commerce or media providers are well aware of the practise of launching and ramping up a new service externally at the beginning, and then re-internalizing it when it has reached a certain level. In all cases, SaaS and cloud computing will be a key part of the equation. And FLOSS – and its capacity to master complexity - may be essential to provide low cost, very robust infrastructures for clouds, as it is already commonly used to do by Google, Amazon, Yahoo, eBay, etc. However, key aspects will be essential for enterprises: the interfaces cloud offers to develop and host new applications, its management tools, and the possibility for the user to migrate from a cloud provider to another. Indeed, if some (but not all, ie Azure) cloud services rely on FLOSS foundations (Linux, etc.), hosting interfaces (applications, virtual machine infrastructures…) and management tools often remain proprietary. Escaping from the lock-in of software licenses to a lock-in in cloud/hosting services is not a progress. It is a regression in an even worse slavery! The development of open cloud standards and interfaces are essential to avoid this flaw for the future. Four conditions are necessary for success, and are our recommendations:
Recommendation #9: FLOSS communities must not be satisfied with the success of Linux: they must work on the Operating System of the future: the cloud OS.
This should be an essential preoccupation of all FLOSS communities, around the Linux Foundation.
Recommendation #10: Open cloud computing should bring open technologies into the heart of infrastructures, preserving them from the risk of vendor lock-in, and favoring the emergence of new services.
We therefore need to develop open cloud technologies in open platforms for IT consumers as well as for IT vendors. A company always tries to earn more benefits from technologies for business innovation and competitiveness. Open cloud technologies could help enterprises choose freely the way they want to implement cloud computing technologies, and plan how they will adopt them. They could protect against the risk of lock-in, and keep competition at healthy levels in cloud services.
Recommendation #11: BPM/Management will be the new frontier in FLOSS applications.
Beyond infrastructures and even ERP, the management of the mashup IT and business services of tomorrow will be key to the future. Large communities must develop key initiatives, to build open foundations for these tools, around large multi-vendor communities such as Apache and OW2.
Recommendation #12: Security & privacy will be the N°1 challenge for cloud… and for FLOSS.
Security and privacy are essential domains where FLOSS should bring value and solutions, enabling independence and trust. Paradoxically, the lack of trust in FLOSS is the main inhibitor to FLOSS deployment today! A strong initiative on the part of all players is necessary. This is not only in the interests of FLOSS players. It is in the interests of SaaS players, who will find that lack of trust is also the first inhibitor to SaaS and Cloud for enterprises.
4. Enterprises will evolve from an investment IT purchasing model to a service economy, leveraging FLOSS efforts.
The generalization of FLOSS used by enterprises requires from CIOs new strategies for building and managing their budgets. With FLOSS, they evolve from a principle of hardware and software investments ('depreciation expenses', that have an impact on the enterprise debt ratio) to principles based on the purchase of solutions and services (on demand), directly related to enterprise business development. This approach can lower in the short term the enterprise operating revenue, but offers CEOs and CFOs a return on investment approach to IT costs, that is more in direct relation with the business. With FLOSS, IT departments therefore evolve from being a « cost center» type entity to a « services provider » type entity. The rise in the Cloud Computing model will accelerate this evolution, notably in SMEs. Paradoxically, the generalization (whether intended or not) of FLOSS solutions will drive a move towards a re-internalization (at least partially) of some of the functional and technical competences that were up until now externalized to computer makers, independent software vendors, and even integrators… The budget priority for CIOs will move to the Human Resources budget, with re-investment on value added experts, open, and more oriented towards value creation than the 'button-pushing' consultants trained by traditional IT vendors. Last but not least, a key challenge to the widespread use of FLOSS will be the necessity for enterprises to donate code and contribute to FLOSS ecosystems. When enterprises and CIOs will be confident in the robustness of open solutions and in the true universality of their standards and norms, they shouldn't need to be confronted with inhibitors to do so, especially if accounting or tax mechanisms become incentives. Giving back and contributing to FLOSS code may then become for them a new axis of investment, that will leverage and develop the expertise level of their IT teams, and guarantee the durability of their information system. The only requisite will be to maintain the level of expertise of the IT teams. Two conditions are necessary for success, and are our recommendations:
Recommendation #13: Accounting rules should evolve in order to favor intangible investments iso that enterprises that adopt FLOSS are not penalized.
Recommendation #14: To develop enterprise contributions to FLOSS, the patronage in nature or knowledge should be recognized for tax calculation, for enterprises that will give back to FLOSS communities and foundations,
whether totally or partially, the developments based on FLOSS components. This implies that public authorities should recognize the 'public utility' of communities and foundations. This is the « sponsoring in kind » logic (payment in kind for development resources and human time) that should be a general operating principle among CIOs and enterprises opting for FLOSS.
5. Open IT needs open minded engineers. Towards IT 3.0, FLOSS will mark a cultural shift in Human Resources Management for enterprise IT departments.
The collaborative revolution, including Web 2.0 and FLOSS, has introduced a paradigm change in IT: open innovation, with the involvement of the user. Instead of relying only on a limited and close-knit team of developers, openness means the IT can enrich the collective intelligence of external contributors. The IT team of the future won’t be just a core of developers placed in the same open space for years to work on the same data center application. It will probably be a set of enterprise business and IT managers plus a temporary set of providers and partners, forming and disbanding dynamically along the way on various projects, working collaboratively from many places, in close relationship with players and users of the enterprise’s ecosystem. To leverage this potential, enterprises must choose to leverage other’s innovations, and to welcome feedback and contributions from partners, and even end users. Ebay or Facebook today are good examples of this best practice. This is not only a cultural challenge. This is also a challenge in execution. The world is full of Open projects that didn’t succeed in attracting and retaining contributors. Nurturing a community requires a special spirit and a long term effort. Before this step, enterprises must develop an open spirit in their own teams. The expertise to leverage FLOSS is not the one of a classical engineer trained in proprietary environments, that means, trained to know which are the right buttons to push in a closed solution. FLOSS requires curiosity, inventiveness, innovative spirit, the ability to search and collaborate with others. The talents are not the same and must be searched for. The new generation of digital natives may naturally have this kind of spirit, but it must be nurtured by the enterprise. Enterprises must therefore develop an open culture of innovation, and a new way to develop talents, either internally, or externally. ‘The Enterprise’s first asset is its people’ has long been a common buzz phrase in HR, and one not always materialized in everyday practice. The future may see it being practised more …, at least in successful enterprises. For success, however, four points are essential, and are our recommendations:
Recommendation #15: Collaborative working and methods must be valued within the enterprise.
Collaborative tools for development such as open forges, social networks development (internal or external) must be encouraged.
Recommendation #16: In a digital economy, knowledge becomes one of the key enterprise assets.
The development of open knowledge management processes and tools will be fundamental in the enterprise, from Enterprise 2.0 tools (wikis, blogs, etc.) to more advanced knowledge management tools.
Recommendation #17: Beyond pure technical expertise, relationship capital will be key in IT.
Enterprises should value and encourage IT managers to network with, and participate in, communities, as a way to increase expertise and inventiveness. Communities and networks such as Apache, Eclipse, Ohloh, OW2, The Linux Foundation...,…should be considered, as well as vertical communities (ADULLACT-OSOR, etc).
Recommendation #18: IT departments must learn to attract external contributions.
As with Web 2.0, tomorrow’s mashup IT won’t be monolithic, but will welcome external contributions and add-ons. IT Managers must set up the conditions – and incentives - to welcome them in a controlled and managed way.
Risks
We identify four main risks:
The development of closed cloud computing and the development of ‘Commercial Open Source’ may lead to another kind of vendor lock-in.
Many Commercial FLOSS vendors develop business models that appear similar to proprietary vendors. To avoid vendor lock-in, companies should ensure that FLOSS components they get from Commercial Vendors embrace open standards. Companies must also understand that the FLOSS market is a competitive market. In most cases, IT departments can choose from a variety of vendors for support and other services. Because the source code is open, they are no longer limited to one vendor. The ability to compare vendors will help to keep prices for commercial support competitive. From a legal perspective, FLOSS licenses will also have to take the SaaS phenomenon into account to avoid cloud computing being taken over by commercial vendors.
The regular absorption of FLOSS leaders like software publishers and main project foundations could create a feeling of "insecurity" and a lack of "credibility" around FLOSS production and its business models.
A large turnover of economic players could present a risk to the technological road map and the economic model built around licenses and maintenance policies. This would erase the idea of differentiation between the proprietary and FLOSS economic industries.
Floss license complexity and a global legal war initiated by the patents generalization supporters (notably in the US) could create legal risks for customers.
This would bring complications like having to make financial provision for risks, which most companies wouldn't like to support. FLOSS vendors should fight the proliferation of FLOSS licenses to avoid having to rework and clarify the legal issues to facilitate adoption.
The evolution towards FLOSS involves a cultural revolution in the enterprise,
not only technical (open environments) but mostly organizational (new financial models, new modes of innovation…) and human (competences, behaviors). FLOSS is a structuring choice and the transition must be managed. This is not an easy task.