The odds are good that the LAMP stack is running somewhere inside your company. The acronym refers to the foundational foursome of the open-source movement: the Linux operating system, Apache Web server, MySQL database and, collectively, the Perl, PHP and Python programming languages. Development tools such as Eclipse and application servers such as JBoss have also gained popularity\u2014and trust\u2014especially now that major vendors such as IBM, BEA Systems and Borland have adopted or supported them commercially. But what about the next step up the software ladder? Is open source ready for ERP, business intelligence or CRM?Ready or not, it\u2019s happening; the first industrial-grade applications in these areas are now emerging. And CIOs will soon need to decide how to approach these fresh options in their enterprise software catalog. As with the adoption of the LAMP players, these new open-source enterprise applications likely will find their way into the enterprise at a departmental or small-project level. As a result, "we don\u2019t see [these applications] on CIOs\u2019 agenda at all," notes Michael Goulde, an open-source senior analyst with Forrester Research. But, he warns, "CIOs should sync up with their development teams to see [where such applications] might have payback to the organization."However, CIOs should tread carefully on such open-source applications, advises Mark Lobel, a partner at PricewaterhouseCoopers who focuses on information security, including security for financial applications. One key concern is that applications tend to reflect and embed business processes and logic, which often are key strategic assets you don\u2019t want to share with others\u2014and open-source licenses can require such sharing if companies aren\u2019t careful. Another issue is the long-term viability of open-source applications for specific functions. Open source depends upon volunteer developers for success, but the more niche a product, the smaller the potential pool of interested contributors. As such, grassroots support for specific apps such as ERP or CRM tools may look more like brigades than the armies now supporting broad open-source infrastructure such as Linux, Apache and MySQL.Still, properly managed open-source applications can save enterprises money and time\u2014as well as reduce dependency on specific vendors.Finding a FitFinancial-services giant Fidelity Investments has used open-source technology for about four years to reduce costs and dependence on vendors. "We started with Linux like everyone else did, but our intent all along was to see how far up the stack we could go," says Charlie Brenner, senior vice president of the Fidelity Center for Applied Technology, Fidelity\u2019s technology incubation group. After Linux, Fidelity adopted Apache and Perl, and then the Struts Web application framework and the Eclipse Foundation\u2019s development environment. Fidelity is now looking at open-source database management systems and assessing what applications might make sense. The advantages of open source include widespread component reuse, better access to underlying code to customize interfaces across applications, and less complex systems to manage. "We\u2019re heavy users of proprietary [software], and that won\u2019t change, but there are times you need a motor scooter, not a truck," Brenner says. Others are less interested in picking the proper vehicle than they are in creating a uniform, inexpensive core on which to hang their IT business. At Midland Memorial Hospital in Texas, "we\u2019re trying to get a complete open-source or public-domain stack rather than be proprietary," says IS Director David Whiles. His organization already uses the LAMP stack and is now deploying a public-domain electronic records system, the Veteran Administration\u2019s Vista, for less than half of what a proprietary system would cost (even with the cost of hiring a consultancy to add features such as billing). Medical industry service provider Athenahealth, meanwhile, is using SugarCRM\u2014an open-source CRM package. CTO Bob Gatewood says he had several reasons to switch from his current CRM provider, Salesforce.com. But he notes that making the change will save about $1 million over three years in per-user licensing fees, even after the cost of development and integration is subtracted. He expects to complete the migration in early 2006.Easy MixingBeyond spending less, Gatewood plans to more closely integrate the SugarCRM code\u2014which he can access directly\u2014into his call-center and other support applications, something not possible with proprietary software where code is tightly held by the vendors. Other IT execs seek the same benefit. "We can take the pieces we need [with open source]," says Bob Hecht, vice president of content strategy at specialized data provider Informa, which is investigating the Alfresco open-source knowledge-management application as an alternative to commercial enterprise content-management tools. Informa is exploring Alfresco because a license for a commercial enterprise content management application for a company of its size would cost millions of dollars and would impose a single content-management model on the company\u2019s array of publishing, training and events businesses. "We just won\u2019t do that," Hecht says. (It also helps that Alfresco was developed in part by former Documentum technologists, giving Hecht more confidence that the application will be enterprise-class.)Starting SmallOpen-source applications can make especially good sense for nonstrategic, fairly generic applications like reporting or sales-force automation. Departments that have unique technology needs and smaller companies with limited budgets are also more likely to consider open-source applications, says Forrester\u2019s Goulde. "Larger companies are not about to rip out SAP. Plus the functionality and the integration are both more complex" for a large company than open-source apps currently can handle, he adds.For example, open-source tools "are not going to take the business-intelligence market because they are not yet competitive with commercial software," says Eric Rogge, research director for BI and performance management at Ventana. For example, open-source BI applications don\u2019t yet offer a comprehensive platform with reporting, ad-hoc analysis, online analytical processing (OLAP) connectivity, alerting, dashboards and workflow. Nor do they offer aids for developing user-interface controls, ad-hoc analysis against relational data sources or scorecard functionality with strategy maps, metrics management and collaboration features, he says. But Rogge does expect open-source applications to eventually make inroads in the BI reporting tool segment, since there are a variety of uses for basic reporting tools in an organization where a costly, complex BI tool isn\u2019t needed.Furthermore, increased adoption of open-source databases should encourage the development of open-source reporting tools that take advantage of them, says Don DePalma, an analyst at the consultancy Common Sense Advisory. "Most database activity is about reporting, analyzing and crunching the data, so [open-source reporting tools] would seem a natural development. Companies, universities or governments using open-source operating systems and databases would be a great audience for such software," he says. DePalma doesn\u2019t expect a popular reporting tool like BusinessObjects\u2019 Crystal Reports, for example, to support open-source databases because of the vendor\u2019s relationships with proprietary database developers such as IBM, Microsoft and Oracle. That provides an opportunity for the open-source community to create a Crystal Reports\u2013like reporting tool, he says.Open-source applications also make sense when there are regulations or other requirements common to an industry, where having a mutually supported tool would benefit everyone and not put anyone in the position of losing a competitive advantage, Goulde says. Analysts most often cite the health-care and financial-services industries as candidates for these kinds of tools, though liability concerns surrounding legal requirements make it critical that potential users understand the possible risks, notes Fidelity\u2019s Brenner. It is also possible to imagine a large player in a specific industry making an open-source application viable, perhaps for some supply-chain management functions, much as Wal-Mart has done for RFID, notes Forrester Research ERP Analyst Ray Wang.Gauging Open Source\u2019s RisksBut using open-source applications does carry risks. One is that staff developers unfamiliar with the competitive value of various components might accidentally embed strategic business logic or processes into code that is then provided back to the open-source community, neutralizing a competitive advantage. But CIOs should be able to manage their strategic assets while still choosing open-source applications, says Eric Link, Diabetech\u2019s CTO. Business logic, for example, should not reside in modified open-source code but in your internal rules base or in-house applications that call the open-source tools, as is common in commercial ERP systems, he says. "It does require careful thought to know what is strategic," but any IT development effort should make such an assessment, whether it involves commercial, homegrown or open-source code, Link says.CIOs should also be able to distinguish between applications and platforms and the issues that surround each, Brenner adds. Reporting tools and CRM are two examples of platforms that are often marketed as applications, he notes. The difference is that platforms typically don\u2019t encapsulate specific business processes or logic, making them well-suited for open-source efforts\u2014and less risky for the companies that use them, as companies using such tools will be less tempted to insert their own business logic into the products and unwittingly release it to the world. A reporting tool, for instance, might act on a company\u2019s data, but it would never incorporate that data into its own code\u2014and thus a company would never be required by the license to release the data as open source. (Another alternative is to go pseudo open source as in the Avalanche Corporate Technology Cooperative, which openly shares code on a variety of projects, but only among subscribed members. (See "But Is It Really Free?" Page 26.)Beyond intellectual property concerns, another significant risk is an application\u2019s long-term viability. Open source has worked well for widely distributed tools such as those in the LAMP stack that are typically run as-is and don\u2019t need to be customized at each location. But for niche applications, the community of developers is necessarily smaller than for a piece of infrastructure, reducing the resources that contribute to the application\u2019s development, maintenance and support. This could make it difficult for many projects to muster sufficient developer support to stay viable. The diversity of applications will be a difficult issue for the open-source community, says PricewaterhouseCoopers\u2019 Lobel.This limitation is exacerbated if companies don\u2019t share their developments with the community for fear of releasing competitive business logic. "I can\u2019t see it going very long if companies aren\u2019t contributing back. An open system works only when it\u2019s open," Lobel says. Diabetech\u2019s Link, however, believes that argument is overstated, since companies are typically happy to share infrastructure code with others, thus moving the application forward even while keeping their business-specific code to themselves.Despite these issues, even cautious observers concede that open-source applications can make sense beyond the LAMP stack: And sensible CIOs should start paying attention.