With its inherent characteristics to significantly reduce costs, free ‘open source’ software (OSS) is growing in popularity with SMEs and start-ups. Free services to replace Microsoft Word and software to manage finances are fast becoming attractive money saving alternatives for SMEs and start-ups. Not only are these OSS products typically free to use, they also offer SMEs the flexibility and scalability they desire. Its open nature gives users the freedom to change the code, tweak it to suit their business needs and give users the capabilities they really want.
But as the saying goes – there is no such thing as a free lunch. And in this case, the cost to an SME could be the loss of the big ideas which make the business profitable in the first place.
This is because whilst OSS is inherently flexible for developers to modify the code, it is also publicly available to cybercriminals and malicious users. This, then, raises concerns when SMEs choose to implement free security OSS into their businesses over closed proprietary applications.
It’s a hotly debated topic, with both sides of the debate arguing their case for how safe OS security software really is. The main case for secure OSS can be summed up in Linus’ Law which says “given enough eyeballs, all bugs are shallow”. In other words, if enough people are aware of what’s being developed, every problem will be obvious and easily patched up. But in my opinion, just because the source code is available doesn’t mean that the code is thoroughly reviewed for weaknesses, especially when one set of those eyeballs could belong to a hacker.
Cybercriminals are very much aware that SMEs often lack adequate security practices and infrastructure given that many don’t have the time, budget and expertise to coordinate an effective security solution.
Yet, with data breaches becoming more common, SMEs need to put security at the forefront of their strategy. If OSS is the route the SME takes, then they need to apply the same security measures required for closed source security products bought off the shelf if they want a secure open source infrastructure. In particular, SMEs need to ensure they carry out procedures such as making sure security solutions are reviewed regularly and kept up to date.
It might be free but SMEs could set themselves up to lose a lot more than the small investment they might make when assessing which security solution best suits their business. Security shouldn’t be an area SMEs skimp on. After all, an SME’s intellectual property is what makes them profitable. It needs to be secure.
This blog post was written by Tim Stone.