Ask the Expert

Is open source security software best for my clients?

Is it better to recommend to clients open source security software such as Snort, which might have lower upfront costs, or proprietary security software that might have better commercial support?

    Requires Free Membership to View

Open source security software can allow value-added resellers (VARs) to solve a customer's problem with little or no upfront cost for the software. However, there are some very important questions that need to be asked and answered honestly before any open source security solution deployment is considered.

First, keep in mind that "open source" does not necessarily indicate a lack of commercial or community support. Some open source security software developers offer free support while others offer fee-based support – some are flat-fee based and others charge on a per-incident basis.

It is important to thoroughly explore the options available to the customer, as there are companies that provide installation and support for open source security software. In fact, this represents a great opportunity for VARs that have the right expertise.

Second, consider the criticality of the service being provided by the solution. Should an issue arise, there is a big difference in business impact of an in-line firewall or IPS product versus an out-of-band IDS or vulnerability assessment product.

Third, what will the customer do if the licensing model changes and the product is no longer available free of charge, or support/development is halted?

Lastly, consider the platform upon which the open source security solution will be deployed. With the advent of virtualization, the availability of complete virtual appliances and the ability to re-use older hardware are additional compelling reasons to consider open source security software.

Investing in the right portfolio of open source products can be a fantastic way to manage security investments and focus dwindling budget allocations on things that matter most.

For VARs, it's all about managing expectations, risk and budget -- open source or otherwise.

This was first published in December 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: