This week’s eWeek contains what should be a wake up call for every CIO regarding the pervasiveness and challenge that open source represents to their jobs and organizations. In the midst of an extensive interview with Jonathan Schwartz and Rich Green, Schwartz cites this anecdote, which provides dramatic evidence of the role open source plays in today’s IT landscape. Here is the anecdote in its entirety:“I was with the CIO of a very traditional financial institution recently. At the end of our meeting, I said, “By the way, we’ve just announced the closing of our acquisition of MySQL.” The CIO looked at me, and she said, “Well, that’s nice, but we really don’t use MySQL here. We’re a proprietary software shop.” A very eager Sun sales rep was with me who had checked in with his buddy at MySQL and found out that this organization had downloaded MySQL 1,300 times in the last six months.“[The CIO] was stunned by that. A couple of their technology folks who were also there said, “Actually, it’s the No. 1 database all of us use. It’s just that we don’t have a commercial license because we’ve been told we’re a proprietary vendor shop.”“So now we’re in the midst of negotiating a license, and they’ll wind up saving, like everybody else, $5 million or $10 million. And that, in a slowing economy, is a very helpful thing.” Schwartz recounts this incident as an example of how Sun is going to prosper with its open source strategy, and I’m pleased with their happy outcome, but the true meaning of this incident is far more profound and illustrates what a challenge open source represents to IT organizations’ business-as-usual.In this company, open source is being widely deployed; however, none of the existing processes are tuned to address this fact, and are, in fact, completely blind to the presence of open source in a large number of the company’s IT projects. Think about the risk exposure this represents. Obviously, there are questions regarding whether the company is complying with the license obligations of the open source software, so the company’s attorneys are likely to be concerned. To my mind, though, legal risk is only a small part of the overall risk this CIO faces. The far larger risk is that there is no visibility into the makeup of a significant portion of the company’s IT infrastructure. How can you confidently plan for SLA commitments when you’re not sure of what software you’re running, its maturity, supportability, and so on? Furthermore, as a CIO, you face the very real potential of being unable to adequately map out your workforce skills planning, since you are unaware of what development and operations commitments accompany these invisible software implementations. Finally, it’s hard to attest to important regulatory requirements (if you’re subject to regulations like recoverability and so on, as financial institutions are), when you don’t know what will need to be recovered. The initial response by many CIOs is to ban open source, but it’s far too late to bar that gate. As Gartner has noted, over 90% of all enterprises will be using open source by 2010. Given that, the critical action item for CIOs is to set up policies and processes to manage the use of open source and ensure that its benefits are retained while risks accompanying its use are reduced. The common term for this is “Open Source Governance.” In my next posting I’ll discuss what open source governance is and provide some pointers about how to move forward with it. Related content brandpost Sponsored by SAP Innovative integration drives automotive group to SAP awards Using SAP Build Process Automation, China Grand Automotive Services Group Co., Ltd. accelerated and streamlined processes for its 700+ dealerships, saving time and costs while earning recognition for its innovation. By Tom Caldecott, SAP Contributor Dec 11, 2023 4 mins Digital Transformation news Concerns remain even as the EU reaches a landmark deal to govern AI Experts believe the new regulation would add a significant compliance burden on businesses as some argue it could even stifle the growth of the rapidly developing technology. By Gagandeep Kaur Dec 11, 2023 7 mins Regulation Artificial Intelligence feature CIOs grapple with the ethics of implementing AI With ethical considerations around AI use increasingly top of mind, IT leaders are developing governance frameworks, establishing review boards, and coming to terms with the difficult discussions and decisions ahead. By Esther Shein Dec 11, 2023 13 mins Generative AI Data Governance IT Governance feature Reed Smith turns to AI for lawyer staffing solution The legal firm’s Smart Resourcing tool helps balance workloads and ensure partners find associates with the right skills and experience, while empowering employees to make connections across the firm’s global footprint. By Sarah K. White Dec 11, 2023 8 mins CIO 100 Legal Digital Transformation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe