Microsoft UK Public Sector - Efficiency - Debunking open source

If Open Source software promises so much at no cost, why isn’t it in use everywhere? Kim Thomas finds that there are plenty of financial options for IT licensing and services; and both financial and technical specialists need to see the bigger picture to get maximum value out of their purchasing decisions.

There’s no such thing as a free lunch, the economist Milton Friedman once said. And, he might have added, no such thing as a free piece of software.

But is that true? Open source software has attracted a good deal of favourable publicity because its source code is freely available for anyone to look at and update, with no copyright restrictions. Enthusiasts argue that investment in open source could save government departments millions of pounds.

The truth, however, is more complicated. While open source has an important role to play, open source software providers still have to make money. They simply have a different business model from many traditional commercial providers. As Jerry Fishenden, national technology officer for Microsoft, says, “The assumption that open source is cheaper is wrong.”

Government spends a lot of money on IT, but only five percent of that goes on software. A larger chunk is spent on hardware, but the biggest portion (about 55%) goes on services – paying systems integrators to develop bespoke software and applications. So an investment in “free” software reduces the overall budget by a very small amount – and it may not reduce it at all.

Why? Because, in the same way that a cheap car may cost you more to run than an expensive one, the total lifetime cost of software is in general the majority of the expense when compared with the initial price you pay for it. That cost includes training staff to use the software; recruiting IT staff who have expertise in it; and equipping the IT help desk to deal with support calls. Switching from the current operating system to an open source operating system, for example, will require an organisation to adapt any line-of-business applications designed for Windows to work with the new system.

On the other hand, staying with an established supplier like Microsoft can save money in the long run, explains Charles Eales, Head of Public Sector Relations for Microsoft: “We create an ecosystem around our software, whether it’s partners developing specific solutions or professionals with the qualifications to develop and support our technology. That’s obviously something that in the open source world doesn’t exist in the same way. There aren’t the same formal education programmes, or the same number of people. So you have to pay a premium to get quality people who can do the work on open source platforms.”

Organisations that have switched to open source in the expectation of making big savings haven’t always had an easy ride. Central Scotland Police which, after five years of using open source software, decided in 2005 to replace its open source infrastructure with Microsoft technology. The anticipated savings are 30% on IT maintenance costs and 25% of its IT staff’s time. Or Birmingham City Council which, only 18 months after announcing its decision to deploy Linux on 1,500 PCs in the city’s libraries, abandoned the project and decided to upgrade to Windows XP because it was more than £100,000 cheaper.

There are other difficulties with open source. While the idea of being able to tinker with the source code may sound attractive, it brings its own problems, says Fishenden: “Sometimes people do change source code, and if they don’t know what they’re doing they can break some of the interoperability features.” A further difficulty arises, he says, when upgrades are issued: “When the next build comes out, how do you keep in your bespoke enhancements?”

There has been a suggestion that introducing open source technology would enable large-scale IT projects to be split into small modular components, but this could also create problems, adds Fishenden: “The important thing for government to focus on is that if it starts buying in a more modularised way, how does it guarantee that these different elements inter-operate reasonably straightforwardly rather than requiring more bespoke systems in order to enable all the different systems to talk to each other?”

For government, there is also the particularly serious issue of security. Microsoft has worked hard to improve the security of its products and reduce its vulnerabilities. The Trustworthy Computing Initiative, launched by Microsoft in 2002, demonstrated how seriously the company takes its obligations to provide secure, reliable software.

In 2003, Microsoft’s Security Intelligence Report showed that Microsoft software accounted for nine percent of all industry security vulnerability disclosures. The same report for the first half of 2008 shows that Microsoft software accounted for just over three percent of all industry disclosures. “We’ve invested a massive amount of time and effort in training our developers and testers in the security and development lifecycle, and that represents the cradle-to-grave process of building software that meets the needs of the business and doing it securely,” says Stuart Aston, government programmes manager at Microsoft. Microsoft developers, he points out, receive training every six months on improving security and understanding the current threats.

Microsoft also has a standardised methodology for dealing with security problems, adds Aston: “When a vulnerability is discovered, we have a clear, well-defined process to take that vulnerability from being a problem to being a patch available to our customers. We do a ‘Patch Tuesday’ release where, on a regular basis, we make sure our customers are updated with security enhancements, hot fixes or security updates.”

In contrast, Aston says, it is unlikely that all open source providers will have a consistent, replicable process by which all the different flavours of, for example, Linux, will benefit from the updates issued by the different providers.

Like all organisations, government is keen to save money, but simply attempting to cut costs by adopting open source software could prove a false economy. This is a good time to look at how IT investment can save money over the longer term. In some cases, it’s possible to cut costs by deploying software that your organisation may already have bought through an Enterprise Agreement. When the National Offenders Management Service implemented a secure remote working solution that will create savings of £2000 per user per year, it did so by deploying the security features already embedded in Microsoft Exchange Server 2003, and a collaborative solution based on Microsoft Office SharePoint Server.

Fishenden is keen to stress that the open source model can provide a useful alternative to traditional licensing models – CodePlex, Microsoft’s website for hosting open source projects, has proved immensely popular. But it is important, he argues, that decisions about whether to choose the open source licensing model or a more traditional one are based on all the available information: “Purchasers have the freedom to choose whatever’s best for their needs. It’s not an either/or debate – it’s making sure the software ecosystem works to everyone’s benefit.”

Codeplex – Microsoft Open Source

Licensing for Public Sector Organisations

Kim Thomas is a freelance journalist, who specialises in writing about technology, business and education. Her clients include the Financial Times, the Economist Intelligence Unit and The Guardian as well as a number of B2B publications.