Ignore the myths.
Open source security technology is an affordable and robust
option for small and medium-sized businesses (SMBs).While some buyers might think security is best left to vendors
of proprietary software like Symantec or SonicWall , experts says
open source software can give SMBs the protection they seek.
 | | | | | I like open source,
man.
Dan Nickason
IT managerGenesis Physicians
Group |
| | | | | |
| |
|
"I think there is some sort of ingrained bias [against open source
security technology] because there is still this myth that
open source is not as robust," said
Alex Fletcher,
lead technology analyst at Entiva Group, a research firm that
specialises in open source technology. "There is reluctance to
put open source up against proprietary software because it is
thought they are just not capable."
Nick Selby, senior analyst at New York-based research firm The
451 Group, said at the C-level, at least, there definitely is a
bias. "The problem with
open source security is the same problem
that open source had in the mid-1990s: Executives can't
understand the revenue model. If you believe that your security
is beholden to the good will of unnamed, faceless hippies that
might update the software if they feel like, chances are they'll
buy a proprietary product."
The market for open source security products is nascent, said
Selby, who's also director of The 451 Group's enterprise security
practice. However, the open source industry in general is
growing.
Earlier this year, research firm IDC found that the open source
software market reached
$1.8 billion last year. It predicted that the
market would reach $5.8 billion in 2011.
Open source security software is in its early stages with just a
few vendors, Fletcher said. But SMBs would do well to try the
products.
Dan Nickason, an IT manager at Genesis Physicians Group in
Dallas, became a believer after he started using a network security
appliance from Untangle, a supplier of open source security
technology. Untangle bundles more than a dozen open source security
applications, which it offers for free. It sells support and
services for the technology and also sells servers with the
software preinstalled.
"I like open source, man," Nickason said. "I did not realise the
power of it prior to Untangle."
Nickason said the appliance and two years of support for the 38
users in his company cost the same as his Symantec
antivirus software. And with the Untangle
appliance, he gets more than antivirus protection. The Untangle
Gateway Platform includes spam, spyware and phishing blockers;
virus protection; a Web filter; protocol control; intrusion
prevention; a firewall; a VPN; and several other
applications.
"The biggest value is the overall protection it provides for the
cost," Nickason said. "You get so many different types of
protection for a really low cost."
Fletcher said, "From a technological perspective, I think the
fact that [Untangle] embraces open source gives them a lot more
diversity in terms of what they're able to integrate into their
offering. They've been able to leverage some pretty solid open
source components that are very much stable and as capable as
anything in the proprietary market."
Selby said open source products are in many ways more secure
than commercial software.
"The interesting thing is that most open source products out
there are inherently more secure in the sense that open source
products tend to get fished at a lot more," Selby said. "They get
fished by security researchers far more thoroughly than proprietary
products, because the code is free and available to the
public."
Despite the presence of Untangle and other vendors that offer
open source products with proprietary extras, such as SourceFire,
the market for open source security products is still small.
"There is a relative paucity of commercial support options for
open source security products," Selby said.
When Nickason became IT manager at Genesis, the company had a Cisco
Systems firewall and some basic antivirus protection. For
Nickason, this wasn't enough. Genesis is a business services firm
that acts as a go-between for doctors and medical insurance
companies. The company handles a lot of patient data, so data
security is paramount.
"When I came over here, all we had was the firewall," he said.
"With my experience with Untangle I knew it could definitely secure
our network, especially for dealing with HIPAA requirements and
things like that. It was very cost-effective and it provided a lot
of functionality for a low cost."
Nickason said he still has the Cisco firewall in place, as well
some other proprietary security software that predated his adoption
of Untangle.
"We still have everything we had before," he said. "We run it
all. This is just an added level. It plays well with
everybody."
Nickason said he never really had a bias against using open
source security technology.
"The only bias I had was my ability to understand it," he said.
"When Linux first came out the only thing that made it unpopular
was that it was not very user friendly. As it has grown more user
friendly, it has grown quite popular."