When a movement becomes mainstream, managing it demands a strategy. In August 1991, Linus Torvalds, then a 21-year-old student of computer science at the University of Helsinki, casually announced through a Usenet posting: “I'm doing a free operating system, just a hobby, won’t be big and professional like GNU….” As it happened, his hobby resulted in the development of the world’s first free operating system, the Linux kernel, and kickstarted the open source software movement. Exactly three decades later, “open” has become one of the major ways in which software is developed. Companies use open source software extensively, and it’s increasingly shaping enterprise software architectures. Developing and deploying open source software is no longer just a novel idea. It’s a strategic necessity in a fast-changing digital world.

There’s no way around open source software, which can be defined as software that developers can inspect, copy, modify, and redistribute. Proprietary software-providers still dominate the market, but open source software plays an equally important role. For instance, open source Linux powered 75% of the public cloud workload in 2020, and its share is expected to rise to 85% by 2024. Some of the most popular software development stacks – such as the LAMP (Linux, Apache, MySQL, and PHP) and MEAN (MongoDB, Express.js, AngularJS, and Node.js) stacks – are open source software. Last year, around 85% of the world’s smartphones ran on Android, the open source operating system built on the open Linux kernel (See Exhibit 1.) Unsurprisingly, the ability to work with open source software is fast becoming a requirement for all software.

Business use of open source software is soaring. As many as 80% of IT departments plan to increase their use of open source software over the next 12 months, with 95% of IT specialists agreeing that open source has become strategically important (See Sidebar 1.) Software developers and data analysts, the driving forces of digital transformations, rely heavily on the open source community. They often prefer to use open source software, especially as a foundation, because the software selection and screening process is simple and lengthy negotiations are unlikely. That choice therefore allows the rapid roll-out and adoption of innovative applications. In addition to improving the speed to market, using open source software also prevents vendor lock-in and, obviously, reduces costs.

The Future Software Stack Will Increasingly Be Open

Open source software will continue to be popular in the future, with the innovation cycle only reinforcing its status. As open core firms and the community fuel innovation, open source software is likely to play a foundational role in many layers of the enterprise software stack, from operating systems and programming languages to middleware and development tools. (See Exhibit 2.)

Most supercomputers today use an operating system that is based on Linux. It’s stable, inexpensive, and – importantly – modifiable, unlike a proprietary system such as Windows. As a result, it’s easy to create a kernel with only the most essential code, eliminating everything that isn’t vital to improve performance.

Linux is used as an operating system by all kinds of hardware such as servers, desktops, and smartphones for the same reasons, and its share is growing. For instance, Linux’s share of server installations has risen from 68% in 2017 to 75% in 2020. Data management too has gone open source, with firms such as HashiCorp, GitLab, Datadog, Elastic, Confluent, and Databricks entering the market.

Open source software has gained traction in new technologies such as containers and container-orchestration platforms. Along with other technologies, such as Mesos and Docker Swarm, Kubernetes has emerged as one of the standards for container management. It orchestrates over 50% of all the containers in the world, and its share is projected to rise to 85% by 2024.

Smart companies have started identifying the best emerging open source technology for each layer of the enterprise stack—such as Spark for analytics, Kafka for messaging and streaming, PyTorch and TensorFlow for AI.

Smart companies have started identifying the best emerging open source technology for each layer of the enterprise stack – such as Spark for analytics, Kafka for messaging and streaming, PyTorch and TensorFlow for AI, and so on. As a result, closed source stacks are facing a lot of competition, and they have to be the best in class at every layer in order to stand a chance of being chosen.

Software tools, such as those for DevSecOps, are witnessing a similar trend, with source code repositories like Git, library frameworks such as React, and backend application frameworks like Spring edging out proprietary software because of the traction they enjoy with developers. Open source software’s success will trigger a virtuous cycle, with more projects springing up, which will attract more developers, and the use of open source software becoming even more pervasive.

Moreover, companies are learning to tap into the open source community for talent and to upskill themselves. Some have gone beyond reluctantly accepting the use of open source software to encouraging participation by their employees in open projects. CIOs and CTOs are waking up to the fact that they have to rethink their approach and prioritize the development of open source software in order to get ahead of rivals. They’re increasingly wondering: Do we have an open source software strategy for the 2020s?

The Rise... and Rise... of Open Source Software 

Open source software differs from proprietary software in several ways. Unlike proprietary software, for which business must pay, open source software isn’t owned by anybody. It’s available for use free of charge, but there is no support from the community for it unless, as we describe below, companies license its use from a commercial vendor. Moreover, in contrast to the source code of proprietary software, which vendors keep confidential, open source software is developed publicly, so it can be easily tested, modified, and freely distributed.

Developing and deploying an open source software strategy has become imperative for several reasons. Open source software developers, individually and collectively, look for the optimal solutions to technological problems, which makes the software they create reliable, secure – and free. Because of their incessant efforts, the software becomes better over time. Several foundations, such as the Linux Foundation, which supports open source across several technology domains, the Apache Software Foundation, and the Eclipse Foundation, facilitate the process. In partnership with digital giants such as AWS, Facebook, Google, IBM, Microsoft, Netflix, and SAP, as well as hardware makers such as Cisco, Intel, and Tesla, they set standards. They also create vendor-agnostic homes for projects, provide financial support for infrastructure, help with marketing, and appoint committees to make key decisions about projects.

The first startups catalyzed by open source sprung up three decades ago to offer support, paving the way for a second generation of firms that developed software internally, but released the source code so the community could test and refine it. Firms using this open core model – open source code at the core with proprietary code around it – offer a free product that is limited in features as well as a proprietary, features-rich version for which users must pay a subscription or license fee – essentially, a freemium business model. The extent of the product’s openness ranges from a large, open core with a small, closed crust, which can be called a thin-crust offering, to the other extreme – a small, open core and a large, closed crust, also known as a thick-crust offering.

Building on the open core model, several branded software vendors now mix open source and commercial software and offer it as a licensed cloud-based service, monetizing the support and services they provide. They offer a paid version of the software and a package of bundled services for a subscription fee. Customers receive add-ons such as dashboards and analytics, updates to ensure security and performance, security certifications, and other clearances for regulated industries. The vendors guarantee that they will support key applications even if the software becomes outdated. They also provide software maintenance, coordinate and install updates, and even offer live software support. They often act as consultants about software selection, and train customers’ employees. By using this Software as a Service licensing model, open source commercial vendors, both big and small, have succeeded in gaining ground in the marketplace. (See Sidebar 2.)

The Open Source Software Market is Growing

From the cloud to the edge, open source software is an integral element of many architectures today, and its use could rise in the future. (See Exhibit 3.)

In the cloud, Linux has become the cloud operating system of choice mainly because of its greater flexibility and lower cost compared to proprietary software. It enables the use of containers, which is a must for the building blocks of cloud-native development such as microservices. Due to ever-rising workloads, the Linux operating systems market is expected to grow at the rate of 7% a year, reaching $9.7 billion by 2024. While 70% of workloads will run in the cloud in 2024, as compared to 50% in 2020, 82% of paid Linux users are expected to run workloads on multi-cloud environments in 2024 – up from 72% in 2020. The adoption of hybrid cloud architectures – the parallel use of on-premise and public cloud infrastructure – is also rising, with over 95% of enterprises deploying them last year.

Paid Linux-providers generated revenues of around $3.3 billion in 2020, according to our market research. Still, the total addressable market – which includes the shares of other operating systems such as Windows, Unix, and free Linux deployments – is over twice that, at around $7.5 billion. As most new applications and workloads will run on Linux, and existing Windows and Unix applications will probably migrate to it, enterprise Linux providers will gain market share. They’re likely to grow at around 12% per annum over the next three-and-a-half years, so their combined revenues will cross $5.2 billion by 2024.

Within the enterprise, open source container management software and software-defined storage are most popular. Around 90% of companies that use containers deploy a platform to manage containers. Atop Kubernetes, the open source software that’s emerging as the industry standard for managing containers, firms such as Red Hat, VMware, SUSE Rancher, and Cloud Providers offer packaged solutions, add-ons, and user-friendly interfaces as well as services such as updates and maintenance. They’re targeting an addressable market of around $2.2 billion, which will grow about 35% per annum to reach $7.5 billion by 2024. While the serviceable market – excluding containers deployed in the hyper-scalers’ internal infrastructure – was around $0.7 billion in 2020, it will grow faster than the total market at 53% a year, hitting $4 billion by 2024.

Likewise, the use of software-defined storage, which allows companies to dynamically control where they store data by pooling their on-premise and cloud storage, has recently risen in importance. While proprietary software systems usually manage storage, open source solutions, such as Ceph, Gluster, and Longhorn, are gaining traction. Cloud-native, container-driven, software-defined storage makes up only a small portion of the total addressable market of $4 billion, which is expected to reach $6.2 billion by 2024. However, the containerization-related sub-segment will grow at a faster 50% per annum, from $80 million in 2020 to $400 million by 2024.

At the edge, companies will generate more data in the future than they do at present. The number of Internet of Things connections, which drive edge computing, will double from 20 billion in 2019 to 41 billion in 2025. Several factors, such as the need for ultralow latency, reliable connectivity, greater security, and cost-savings, will drive the need for computing at the edge.

With edge computing projected to grow at 24% a year between 2020 and 2024, the projected rise in computing expenditure on edge hardware, software, and services will rise sharply from $89 billion in 2020 to as much as $218 billion in 2024. Open source software providers will find opportunities in the platform software and infrastructure software segments, which are expected to grow from $10 billion in 2020 to $24.9 billion in 2024.

These vendors rely a great deal on the open community. In addition to employees, freelance and hobbyist programmers participate in projects, partly to gain credibility for their technical skills and mainly because of their passion for software development. More recently, some corporations have released the codes of features and adaptations they’ve developed, so they can be integrated into more software. In 2020, over 56 million developers worked on the 140 million projects (repositories) listed on GitHub, the leading platform for open source collaboration, making over 1.9 billion contributions. Amazon, Facebook, Google, IBM, Intel, SAP, and Microsoft, none of which are open source companies, are among the biggest contributors on GitHub.

No company is more emblematic of the shift in attitude to open source software than Microsoft, which initially waged a legal battle against it. The digital giant now uses open source software extensively. Most of Microsoft Azure runs on Linux, and it has created a compatibility layer, Windows Subsystem for Linux, to run Linux binary executables natively on Windows. And Microsoft has made open the source code for .NET, the software framework for Windows, Linux, and macOS operating systems, as well as the programming language TypeScript, and PowerShell, its task automation and configuration management framework. The digital giant has joined the Open Source Initiative, acquired GitHub for $7.5 billion in 2018 – then the largest enterprise software acquisition ever – and its employees are heavily engaged with GitHub, with over 5,000 of them contributing to open source projects in 2020.

The Pluses and the Perils

Before drawing up a strategy, companies should develop a nuanced understanding of the merits and demerits of open source software.

The Pluses. There are half a dozen reasons why open source software has become so popular over time.

One, the open source software community is large, technically diverse, and committed to solving problems with digital technologies. Its virtuosity and vibrancy provides an edge, with the community ensuring that applications are developed rapidly. The bigger the problem, the more developers are drawn, like magnets, to work on it.

Two, the community uses a collaborative approach to software development, which helps drive innovation. It’s not an accident that the latest technologies, such as AI and ML, run on open source software. In addition to infrastructure, open source software powers the latest technological leaps such as edge computing for autonomous vehicles. And the next generation of hyperplexed enterprise software, which will enable the use of highly distributed systems, is likely to be open source.

Three, open source software is backed by a large number of developers. For example, over 15,500 developers from around 1,400 companies have contributed to the Linux kernel since 2005, and they add 10,000 lines of code every day, making it the world’s fastest evolving project.

Four, in contrast to closed source software, open source code can be fully accessed and customized. It is usually modular, so vendors can tweak parts of the code or add features to it to customize it for each business. That’s another reason why open source software often works as well as proprietary software at any layer of the enterprise stack for which it’s available.

Five, enterprise-grade open source software faces a lower risk of obsolescence because of the community’s involvement. Companies that rely on proprietary software run the risk of software getting discontinued or having to pay more over time, which is magnified by the fast-changing nature of digital technology.

Six, finding the talent to execute digital transformations is a challenge for most legacy companies, so they can turn to the open source community. It’s an ocean of talent and tools, with a depth unlikely to be found anywhere except in the world’s biggest software firms. Besides, it’s easier to find developers who are familiar with open source software, given its wide applicability, than it is to find people familiar with the specific tools that proprietary software demands.

The Perils. Like everything in life, there are some risks to using open source software. Compared to commercial software, whose owners offer crystal-clear legal agreements for its fees and use, licensing from commercial open source vendors can sometimes be ambiguous.

Some agreements, such as the popular MIT and Apache licenses, contain only the bare minimum requirements about software redistribution. While the MIT license is worded quite simply, the terms in the Apache 2.0 license are more detailed, so the latter is more popular with large open-source projects designed for enterprise-scale deployment such as Docker, Kubernetes, Swift, and TensorFlow.

Other licenses, such as the GNU General Public License (GNU GPL), require the free redistribution of the source code of the modified version. That implies the disclosure of the source code of even proprietary software that has incorporated open source code, which is called copyleft, and will worry business. Companies should keep in mind the cascading consequences of copyleft when using open source software.

As open source software’s business use grows, the biggest risk is that no entity will bear the liability for adverse consequences. The lack of culpability causes legal complications, especially when companies use it to develop mission-critical applications such as, say, controlling the braking system in an automobile. Companies must learn to strike a balance between reaping the benefits of such software and knowing that they will bear legal liability if anything goes wrong.

Open source software is usually secure. The open source code allows many pairs of eyes to review it and ensure it is secure. However, under-funded projects can sometimes have far-reaching security issues. Take, for instance, OpenSSL, an encryption software library used by web servers, websites, and operating systems to securely process sensitive data such as passwords and credit card details. In 2014, a vulnerability was found in OpenSSL, named Heartbleed, which led to a security-related emergency. Before Heartbleed was patched by the OpenSSL community, one-fifth of the internet’s secure web servers were vulnerable to hackers because of the bug. At that time, only one fulltime person worked on OpenSSL.

Toward an Open Source Software Strategy 

Software developers almost instinctively turn to open source software when they have to deal with technological challenges, so it’s critical to have a strategy in place that governs its use in an organization.

The first step is to clearly articulate the purposes for which employees can – and cannot – use open source software. Doing so will help employees figure out in which domains they’re allowed to leverage such software and how to select tools, so the organizational risks of using open source software are tolerable. The key factors that will shape those decisions are the software’s popularity, maintenance costs, and its degree of security.

Every company needs to set up governance, legal, and risk structures for using open source software. It must stipulate whether it prefers a standard license or would like to draw up its own license, and how comfortable it is with the copyleft provision. Although the latter may be most equitable, most companies avoid licenses that contain the copyleft requirement.

Depending on their appetite for it, corporations must develop the capabilities to manage open software’s use. Most of them set up program offices that act as one-stop shops for open source-related activities. They coordinate internal activities around legal, technical, and security issues as well as outward-looking activities such as marketing and communications.

Other companies have established open communities of excellence. They identify the open source software each department in the organization uses, and foster collaboration as well as best practice sharing. Catalyzing exchanges between enthusiasts and getting the various functions to share success stories help companies realize the full potential of open source software.

Finally, businesses should decide if employees can contribute to open source initiatives, either as part of their jobs or in their own time. Much will depend on the company’s ambitions, but it’s not as much of a stretch as it may appear. In recent times, Walmart has released an open source cloud-management system, ExxonMobil has unveiled a developer toolkit to help energy companies adopt standard data formats, and JPMorgan and Wells Fargo have invested in Hyperledger, an open source software suite for enterprise-grade blockchain deployment.

Smart companies will follow in their footsteps by identifying the range of benefits they seek from open source, from attracting talent to growing revenues. They will then decide how to operationalize their objectives by, say, using the software, contributing to projects, or participating in the activities of the foundations. They can start by participating in small projects, such as contributing fixes, and scale their involvement over time. Importantly, companies can influence the development of emerging technology standards by building open source ecosystems. For instance, in 2014, Google launched an open-source container orchestration system, Kubernetes, which is becoming the de facto standard for container management.