Why Open-Source Tech Holds the Key to Modernization

z_wei/istockphoto.com

As “avoid vendor lock-in” eclipses “do more with less,” open source offers freedom to tailor mission-specific solutions and cherry-pick right-sized applications.

It’s mid-2021, and in federal IT, open-source technology remains contentious—even as it’s widely implemented, sometimes unknowingly. After all, one study found that 92% of applications contain open-source components. So why the consternation?

Like many federal quandaries, it’s complicated—interlaced with decades of proprietary technology deals, server-hugging culture and legitimate concerns about security. In reality, open source has come a long way since emerging as a dark horse in federal IT modernization. Now, it might be the best contender.

“Open-source technologies have helped organizations move forward faster. And they can be transformative in how an entity can better deliver services,” Suzette Kent, former federal CIO, said at the Postgres Vision conference June 22. “Just keeping up with the evolving technology landscape is not only a huge effort, but a significant financial investment. Open-source tools and cloud-based services have opened alternative pathways for many entities to unburden themselves from those antiquated environments with heavy hardware and proprietary software.” 

As “avoid vendor lock-in” eclipses “do more with less,” open source offers freedom to tailor mission-specific solutions and cherry-pick right-sized applications, delivering efficiency and savings. And with open source, there’s improved plug-and-play integration with other IT capabilities—regardless of origin.

As promising as these advantages may be, none can be realized at the expense of security or user support. Questions around how to address software defects, who resolves issues and in what timeframe, and how trustworthy and secure the product is are all valid and crucial questions—for both proprietary and open-source solutions. 

Luckily, these are areas central in open source’s meticulously intentional evolution. Today agencies can access open-source applications meeting high federal standards, including Security Technical Implementation Guides approved by the Defense Information Systems Agency and FIPS 140-2 compliance.

And while open-source applications are developed by a global community, that doesn’t mean agencies can’t access the support to which they’re accustomed in “traditional” vendors. Today, many open-source distributors and third-party companies offer support for open-source software—and help integrate with those traditional proprietary systems. 

The Path Ahead in Open Source

Open source, in many instances, can be one answer for the public sector’s digital transformation goals and modernization requirements. But many still question open-source security, and there’s growing pressure on—and protective measures around—safeguarding the supply chain.

Most specifically, President Joe Biden’s recent cybersecurity executive order spotlighted open source in supply chain security. The order directs the National Institute of Standards and Technology to develop guidance “ensuring and attesting, to the extent practicable, to the integrity and provenance of open-source software used within any portion of a product” used by federal agencies. The measure also aims to codify requirements around use of a software bill of materials, or SBOMS, for federal purchasers.

These guidelines are an opportunity to augment and strengthen measures within the open source and broader IT communities. Providers already are bolstering defenses and offering service-level solutions, such as protective modules that fend off malicious code-borne attacks on databases; customizable, granular access controls and anomaly detection; or subscriptions services that scrub, improve and secure code—and offer the U.S. a competitive advantage. 

There are also growing collaborative efforts fostered by tech leaders (Google) and pro-open source consortiums (Open Source Security Foundation) that further underscore how evident it is that securing open source will be a cross-industry undertaking.

Of course, challenges remain. SBOMs and other key measures in the order still need to be defined. Relevant communities still need to come together. Uniform standards, comprehensive best practices, and baseline goals, tactics and targeted security postures all need to be identified along with incremental steps for reaching them. But forward momentum is clear.

If there was ever any doubt, this year’s billion-dollar infusion into the federal Technology Modernization Fund should assuage concerns. The funding will only accelerate progress made so far, including under Kent’s tenure.

“One of the [early] projects funded under this act was a database transformation for GSA to move to open source for a specific legacy database,” Kent said. “The value of the initiative was not just the upgraded legacy systems for a single agency; it was that the agency produced a playbook so that others could use that as they went along the same journey, and we could accelerate that journey at other agencies. … There’s incredible potential for improved outcomes when you partner data and advanced technologies.”

Rick Hill is a solutions engineer at EDB. He’s spent more than 20 years engineering software and databases; he also served nearly nine years in the Army National Guard.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.