3 Reasons Why Open Source Means Better Security

Olivier Thierry is the chief marketing officer of Zimbra, a maker of open source collaboration software.

The last time you were online, did you click “Remember me” when a website prompted you to save your login information?

The answer is probably yes, and it was likely motivated by convenience. Many U.S. consumers and business professionals think they’re protecting the security of their bank accounts and personally identifiable information, when really their habits of keeping credit cards on file, hosting free email in the cloud and storing passwords on websites or apps are putting this critical data in jeopardy.

In the wake of major security breaches and attacks on businesses and governments in 2014, both sectors in the U.S. and abroad are identifying and cracking down on the security policies that created these issues in the first place.

For example, a recent report by the Ponemon Institute and Zimbra shows that just as many U.S.-based organizations fail to enforce security and data privacy protocols as those succeeding, while 75 percent of business employees frequently use unauthorized messaging and collaboration applications.

While these habits have dire consequences for private and financial industries, risks in governments impact national security, compliance, tax activities and economic espionage.

Protection from these risks is just one reason three in every four U.S. IT professionals trust open source software more than proprietary tools.

Government agencies are now taking heed of the reasons IT pros prefer open source. Below are a few of the valuable lessons they have already learned.

Enlist the Open Source Army

Companies that employ proprietary software limit their resources for identifying new threats, assessing ongoing risks and vulnerability remediation. Taking heed of this roadblock, agencies, such as the Department of Homeland Security, choose to tap into the expertise of the open source community in order to combat threats with new perspectives and constant evaluation.

Security breaches continuously reveal new and adapting examples of cyberwarfare methodology, meaning that security risks for agencies are constantly growing in volume and severity. In the face of these risks, the open source community acts as a veritable army, monitoring issues and developing solutions to prevent them on a daily basis.

More than 10,000 government employees, including professionals at state senates and federal agencies like NASA, are active on GitHub for this reason, among others.

Customize Security with Added Commercial Value

The input of the open source community improves security and privacy for the users it affects, but the practice also helps establish lasting policies that protect a business or government agency as a whole.

Another way to promote this holistic integrity is to employ software with commercial backing. Many open source software providers offer products with traditional open source roots, supported by proprietary add-ons that help extend the software and customize it to meet specific needs.

Introducing such products can help governments ensure their software is free of unexpected vulnerabilities, patches are kept up to date, and added components provide additional security protection by making the software uniquely fit into agency environments.

In the Ponemon survey referenced above, 67 percent of respondents found that commercial backing and code transparency reduce an application’s security risks.

Identify and Solve Pain Points

Certain employee behaviors are simply more likely to pose risks to a business or government’s internal system and must be monitored with elevated caution.

Despite being the primary mode of communication for business and IT pros, email can easily jeopardize PII, sensitive information and more because of its role as a critical business application and its history of security inconsistencies.

File sharing through consumer-centric sync-and-share solutions also creates the potential to compromise this data, as does the use of unauthorized messaging platforms. Government agencies can learn from the way businesses assess their employees’ use of these tools, and provide secure alternatives that avoid sacrificing user experience in order to accommodate employee preferences while allowing IT to maintain control.

The consequences of a security breach on a government agency could prove catastrophic.

By leveraging open source software and establishing best practices to protect this data at an ongoing rate, these agencies can take a cue from the private sector and enjoy a sense of trust in the way they store and collaborate on private data.

(Image via rvlsoft/Shutterstock.com)