The Open Source Software Threat – Wait, It Gets Worse!
Paul Sagawa / Artur Pylak
203.901.1633 / 203.901.1634
sagawa@ / firstname.lastname@example.org
November 17, 2011
The Open Source Software Threat – Wait, It Gets Worse!
- The direct threat of open source software (OSS) to the flagship products of the major commercial software vendors is accelerating with the growing maturity of the open source movement, even as the impending move to the cloud opens another broad avenue for OSS incursion. We believe that this will be a substantial challenge for commercial software vendors, particularly those whose primary business is in infrastructure, tools and/or middleware software where the threat from OSS is most acute. Applications are less threatened by OSS, except where products are reaching maturity. Successful cloud hosts will be the biggest beneficiaries, with opportunities to drive their own applications as differentiated SaaS offerings.
- OSS, which is defined by open licensing with rights to adapt the underlying source code, is not synonymous with “freeware”. Many open source platforms, such as Android and JAVA, are owned and licensed by commercial entities. Others – Linux, SQL, OpenFlow, etc. – may be available in the public domain, but require commercial support to make them viable enterprise solutions for any but the most sophisticated organizations. Typically, OSS-based solutions are brought to market with licensing and maintenance fees, but at significant savings vs. closed proprietary commercial software.
- Historically, closed software vendors have sold their products on the basis of proprietary functionality and performance advantages vs. open source. Over the past decade, OSS has closed those gaps in many categories, as time yields product maturity. As such, OSS is extending its appeal to less sophisticated IT shops and gaining credibility for mission critical systems. Some large organizations are implementing hybrid solutions and shunting growth to OSS platforms to avoid exceeding seat limits for their expensive closed systems. While not a sea change shift, these subtle changes siphon off growth opportunities and create price pressure for many software companies.
- The impact is heaviest on infrastructure, tools and middleware software, where switching has lower costs on end users and where focus on virtualization and the cloud puts a premium on flexibility. A Gartner survey of 547 global IT organizations showed that nearly 80% were using OSS solutions in at least some areas, with a third using them comprehensively or as a strategic tool to gain competitive advantage. The biggest reason for adoption was to achieve strategic IT goals, such as flexibility, openness, and speed of implementation, followed by cost considerations. The top five areas of OSS use were Data Base Management Systems, Server Operating Systems, Office Suites, Client/Desktop Operating Systems, and Application Development.
- Many leading commercial software vendors have acceded to enterprise demand for OSS by offering open source solutions of their own. For example, Oracle offers MySQL as an alternative data base solution, IBM offers Xen OSS virtualization, and even noted open source hold out Microsoft has pledged support for the emerging Hadoop open standard for business intelligence data analysis software. This strategy allows large enterprise software companies to broaden their product lines to retain business that might otherwise be at risk, but also to use OSS to lever into new areas where they lacked differentiated proprietary products. However, smaller enterprise software vendors may lack the resources to extend into open source and will be all the more vulnerable for it.
- The cloud – software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) is a further catalyst, as the big potential benefits to enterprises drives re-evaluation of software strategies and since cloud hosts, like Amazon, IBM and Google, are inclined to base their own services on self-customized open source platforms. These big, ambitious cloud players are amongst the most sophisticated IT managers in the world, looking to gain competitive advantage via differentiated, internally developed implementations of open source solutions for major infrastructure software categories – SQL data case, Linux OS, Xen virtualization, Hadoop data mining, OpenFlow IP routing, etc. As such, the substantial scale and access benefits of the cloud will greatly squeeze opportunities for both closed and open software sales by independent vendors. As the pendulum swings to the cloud, look for increased concentration of the software market value into the hands of integrated players winning in the cloud hosting and SaaS game.
- As cloud-hosted systems become a prevalent model, the cutting edge technical expertise of these organizations will likely pressure software beyond servers. Modern internet architecture derives performance advantage from distributed data centers that deliver data from the closest possible location. Managing the substantial networking and storage assets that enable this architecture is a substantial point of differentiation for these providers, raising the profile of open source projects for IP networking (OpenFlow) and storage management (OpenFiler). Internal solutions built on OSS threaten integrated software solutions from the likes of Cisco, Juniper, EMC, NetApp and others.
- The winners – companies that have already established strong bona fides in the cloud business, e.g. Amazon, IBM, Google, Microsoft, Salesforce.com, etc.. The losers – focused infrastructure, middleware, and tools players, e.g. BMC Software, VMware, CA, etc… At risk, long term – OSS vendors that could be squeezed by the cloud, e.g. Red Hat, Citrix, etc. and integrated software, e.g. Cisco, Juniper, EMC, NetApp, etc.. On the bubble – broad software players that have not yet established a strong cloud presence, e.g. Oracle, HP, etc… Unaffected – differentiated applications vendors, e.g. SAP, Concur, etc.
A Long Time Ago, in a Galaxy Far, Far Away – Okay, in New Jersey…
Devotion to the open source software (OSS) movement is a strong and central part of the stereotypical geek ethos, along with unkempt facial hair and collecting Star Wars action figures. Code deserves to run free! However, despite the sometimes humorous (The Big Bang Theory), and occasionally scary (The Anonymous Hacker Collective), manifestations of the stereotype, open source has had a profound impact on the commercial software market and portends to catalyze sea change in the industry over the next several years. The availability of inexpensive, ubiquitously available, and customizable software has loosened the grip of market leaders on their customers, facilitated competitive entry, and hastened the rise of cloud computing.
The OSS movement can be traced to the 1969 creation of the Unix operating system by scientists at AT&T’s Bell Labs, first to be a development environment to build new programs and later, to be a flexible and portable computing environment that could run independently on a wide range of underlying hardware. Because AT&T was prohibited by regulation from entering the computer business, UNIX could not be sold as commercial product and was instead, licensed for free to Government, academic, and eventually, commercial organizations with full rights to adapt the source code. UNIX and the related programming language C spread like wildfire within the academic world, as computer scientists added their own tools to the system and shared them with the community.
With the break-up of AT&T, the company was free to enter the computer industry, and in doing so, attempted to take a stronger role in the evolving UNIX market, forging an alliance with UNIX workstation leader Sun. This in turn, spurred the formation of the Open Software Foundation by several competitors to counteract the AT&T/Sun nexus. These were, of course, the UNIX wars. These internecine conflicts have faded in intensity, but remain as numerous flavors of UNIX vie for prominence in the market today. To counteract the negative consequences of fragmentation, most UNIX vendors adhere to a community agreement for baseline inter-compatibility between implementations. With this governing principle, the market for open source UNIX systems flourishes and stands as a template for open source movements in other parts of the commercial software industry.
Open Source is not always Free
To avoid confusion, it is important to define what is meant by open source software, which has often been misinterpreted as being synonymous with “freeware” or software that is distributed for no fee. Rather, open source software refers to the availability of source code for free and certain other rights reserved for copyright holders under license. Open source is not predicated on no-fee distribution as licensees may pay for the software or not. Charging for software by a value added player increases the economic incentive to modify and enhance the code. As a result, developers and software distributors are allowed and encouraged to charge for the software based on open source code to cover development costs. The caveat is there is no central entity collecting royalties. IBM and Red Hat, two of the most high profile providers of open source software, can charge for their open source based software and services, but, in principle, they do not then pay a royalty fee to the original developers. We note that it is difficult, if not impossible, to secure all intellectual property claims on open source software, leaving risk that holders of patents germane to open source standards may emerge to lay claim to royalties.
There are two major non-profit organizations promoting and defining free and open source software: the Open Source Initiative (OSI) and the Free Software Foundation (FSF). Both have strict definitions governing what is open software. OSI has a list of 10 criteria whether or not software can be considered open source (Exhibit 1).
Under this definition, it is prohibited to place restrictions on software use or distribution by any entity essentially allowing access to all parties involved over the evolution of the software. The FSF prefers to use the term “free” along the lines of constitutional freedoms such as “free speech” to mean that users have four essential freedoms: (1) the freedom to run the software for any purpose, (2) the freedom to study how the program works and modify it to one’s requirements, (3) freedom to redistribute copies, and (4) the freedom to distribute copies of modified versions. FSF goes on further to define it’s concept of free software with access to source code as a precondition.
Essentially, the definitions are similar with slight semantic differences based on interpretation. Both require the open availability of source code, place no restrictions on users or developers around use or distribution, ensure all have rights to modification, and allow re-distribution of original software along with distribution of modified software.
All Grown Up!
Initially, open source software carried the reputation of working without a net. Yes, it could be cheap and customized to your needs, but support was thin and compatibility was in question. With the rise of open source dedicated companies like Red Hat and Citrix, and the whole hearted support of old school stalwarts like IBM and HP, this is largely a non-issue today. Instead, proprietary closed software vendors, such as Oracle in databases, VMware in virtualization, and Microsoft in OS and office productivity suites, typically press for a premium vs. OSS on the bases of functionality and performance (Exhibit 2). The communal nature of OSS can make it slow to respond to innovation, as market-leading commercial software vendors add new bells and whistles or boost power and efficiency.
However, over the years, the OSS model has grown more adept at adapting to advances in the state of the art, narrowing the window of advantage enjoyed by closed proprietary solutions. Moreover, as applications grow mature, the incremental value of new functionality and the potential for performance gains wane. This maturity is more likely in infrastructure, middleware and tools categories, as opposed to applications higher up the software stack. Gartner projects that roughly 23.5% of infrastructure software spending in 2013 will be on OSS solutions, vs. roughly 13.5% of application spending (Exhibits 3-4).
As such, a vibrant market for open source server operating systems (UNIX) and data base management systems (SQL) has been established, with open source virtualization (Xen) showing traction. Open source solutions for facilitating links and data sharing amongst applications, a category known as “middleware”, are also finding fertile ground, supported by industry consortia and heavy hitters like IBM and Red Hat. Software tools, for writing, compiling and troubleshooting programming code, are also a fruitful arena for OSS-based solutions.
Applications have tended to be stickier, as end-user familiarity and business-strategic functionality raise opportunities for differentiation by commercial products. Nonetheless, more stable and less strategic applications such as office productivity suites, supply chain management and digital content creation have seen incursion by OSS alternatives, with emerging solutions for business intelligence data analysis (Hadoop) and content management (Alfresco, Magnolia, Nuxeo) showing promise. More complex application and business strategic areas like ERP and CRM have open source alternatives, but flagship commercial applications remain firmly entrenched.
Open source software is present in one form or another in most enterprises and on track to become more widely adopted as found in a Gartner survey of 547 IT leaders in global organizations to determine current and future open source software adoption and usage trends. The results are striking. Of the 547 companies surveyed, 80% have OSS deployed to some extent: 22% were using OSS consistently in all departments of their organizations, 46% were using OSS in some areas, and 11% were using OSS strategically to gain a competitive advantage, leaving about 20% of organizations testing OSS (Exhibit 5). Thus, about a third of surveyed companies have a deep level of OSS adoption. Gartner also notes the number of organizations testing OSS has dropped off significantly since its 2008 survey as organizations have moved beyond testing into adoption of OSS.
The impact of open source is heaviest on infrastructure, tools and middleware software, where switching has lower costs on end users and where focus on virtualization and the cloud puts a premium on flexibility. The survey also detailed the drivers of open source adoption with about 53% of enterprises answering that primary reasons for using OSS were either part of a general business strategy or ROI/cost savings (Exhibit 6). General IT strategy, which includes flexibility, open standards, access to source code, increased innovation, faster procurement of software, and shorter development time, constituted 31% of adoption. 16% of respondents chose OSS because of product maturity: higher quality and more secure OSS.
The survey also examined the utilization of OSS application by level of adoption: as a building block, alternative to proprietary software, replacement of proprietary software, or not used at all (Exhibit 7). As a result of a desire to lower costs and maintain flexibility, OSS markets with the highest levels of adoption include database management systems, server operating systems, office suites, client/desktop operating systems, and application development. Additionally, digital content creation and enterprise content management applications completely replaced commercial software for about 20% of respondents. Server operating systems and database management systems were noted for being popular alternatives to proprietary software. Applications with low OSS utilization were portals, business intelligence, project and portfolio management, supply chain management, and IT operations management: all are obviously expensive applications with high switching costs and low flexibility.
The Old One-Two
The implications of all this for commercial software vendors is obvious. Adoption of OSS solutions means that licenses and seats that will not be captured by closed proprietary alternatives. Even organizations that value the incremental functionality or performance promised by the closed software may choose to segment business areas and users and only offering the higher cost proprietary system to those that can justify it. The existence of significantly lower priced OSS alternatives will also squeeze pricing for closed solutions. OSS has absorbed much of the growth in spending on software with no sign of deceleration. In the short run, companies that are delivering lower cost solutions based on OSS and providing support to enterprises implementing OSS as a primary business will be the main beneficiaries. Companies deriving the bulk of their sales and profits from closed proprietary infrastructure, middleware and tools will face headwinds.
Meanwhile, back at the cloud… Most IT departments have begun to plan for an eventual move to the cloud. Certainly, it will take a few years to gain momentum. Certainly, some applications (CRM, Supply Chain Management, etc.) will be easily justified and move quickly, while others (ERP) will prove too costly to move. Nonetheless, we believe most organizations will embrace the cloud for most of their applications, whether SaaS or IaaS by the end of the decade. This will amplify the threat of OSS for closed proprietary commercial software vendors.
First, the successful cloud hosts are, and will be, extraordinarily sophisticated IT managers. Amazon, IBM, Google, and Microsoft are unlikely to seek out commercial software licenses for closed, proprietary software. These companies seek to gain advantage by writing their own differentiated, proprietary implementations of inexpensive open source solutions. They will only use the commercial version if specifically required by a customer. Second, the cloud hosts will have enormous scale, such that even if a customer demands “brand name” software, the host may be in position to demand better terms from the software vendor than the customer could on its own. Third, a move to the cloud may stimulate enterprise IT departments to assess their own software strategy, and open longstanding application license arrangements to new competitive threats. All of this will have the tendency to commoditize enterprise software in general, save for truly differentiated applications.
Again, the implications are clear. In the longer run, cloud hosts with scale economies and differentiated, proprietary OSS-based solutions will prosper. Would-be cloud hosts who have not yet established these economies and who cannot boast of proprietary technical advantage in OSS – i.e. HP and to a lesser extent Oracle – have relatively little time to establish their credentials. Smaller companies selling OSS-based software into the enterprise market will begin to suffer, as the marginal market growth will come entirely from large cloud hosts without need for the support of OSS specialists. Most applications developers face only modest pressure from OSS in either the long or short run, as higher switching costs and opportunities to differentiate on functionality and performance are more apparent.
OSS Threatens Network Software Too!
The move to the cloud, which is already apace in the consumer market, brings additional swaths of software into play. The past five years has seen an enormous concentration of Internet traffic onto a very small number of networks, as the biggest internet players (Google, Facebook, Amazon, Akamai, Microsoft, etc.) extend their hegemony and use their scale to aggregate traffic from cloud customers. Each of these players operates their own network of distributed data centers – a content delivery network (CDN) – to bypass the traditional peer-to-peer Internet backbones. Data is moved to the point closest to the destination where it is then served via the Internet. In traditional Internet architecture, routers are independent actors, each with its own intelligence and authority, communicating with adjacent routers to determine the best forwarding for packets. This method is highly robust to network failures and effective in managing traffic flows across multiple networks, but its inconsistency and inefficiency are a poor match for streaming traffic like video and for heterogeneous network environments like the CDNs. The OSS OpenFlow networking solution moves the intelligence and authority to a central server, allowing for faster and less sophisticated switches to swap in for expensive core routers and yielding better overall traffic control (Exhibit 8).
While in its nascent days, OpenFlow appears to be a clear and present danger for carrier class router vendors like Cisco and Juniper. The situation is somewhat the same in storage management software. Amazon, Google, and Microsoft et al. are unlikely to buy storage management solutions from the likes of EMC, NetApp or Brocade indefinitely. Rather, they will explore the potential of open source solutions like OpenFiler and write their own proprietary implementations.
Winners and Losers
The implications of OSS for the commercial software market will play out over several years (Exhibit 9). In the near term, the risks seem to be primarily on focused software infrastructure, middleware and tools vendors – e.g. BMC, CA, VMware, Informatica, TIBCO and Fortinet – who could be squeezed by successful open source programs, even before the enterprise market moves wholeheartedly toward the cloud. Likewise, the leading cloud based players – e.g. Google, Amazon, IBM, Salesforce.com, Ariba, and Open Text – stand to benefit both near term and longer term. Another group – e.g. Citrix, Adobe, Symantec, CheckPoint and Red Hat – is likely to benefit from enterprise adoption of OSS in the short run, but could be at risk from a move to the cloud, and their proprietary implementations of OSS, in the long term. A fourth group – e.g. Microsoft, Oracle, and HP – is on the bubble. Their businesses are diversified, with some OSS vulnerability, but have the scale and ambition to be cloud-based players in their own right. Of this group, we see Microsoft as best equipped and HP as least prepared, with Oracle in the middle. Finally, there are many application vendors – e.g. SAP, Intuit, Activision, Fiserv, Electronic Arts, Autodesk, and Ansys – who are unlikely to either suffer from or exploit a move to OSS and on to the cloud.