Problem solve Get help with specific problems with your technologies, process and projects.

Is open source security software best for my clients?

Learn when it is best to recommend open source security software to your clients as opposed to proprietary security software.

Is it better to recommend to clients open source security software such as Snort, which might have lower upfront costs, or proprietary security software that might have better commercial support?

Open source security software can allow value-added resellers (VARs) to solve a customer's problem with little or no upfront cost for the software. However, there are some very important questions that need to be asked and answered honestly before any open source security solution deployment is considered.

First, keep in mind that "open source" does not necessarily indicate a lack of commercial or community support. Some open source security software developers offer free support while others offer fee-based support – some are flat-fee based and others charge on a per-incident basis.

It is important to thoroughly explore the options available to the customer, as there are companies that provide installation and support for open source security software. In fact, this represents a great opportunity for VARs that have the right expertise.

Second, consider the criticality of the service being provided by the solution. Should an issue arise, there is a big difference in business impact of an in-line firewall or IPS product versus an out-of-band IDS or vulnerability assessment product.

Third, what will the customer do if the licensing model changes and the product is no longer available free of charge, or support/development is halted?

Lastly, consider the platform upon which the open source security solution will be deployed. With the advent of virtualization, the availability of complete virtual appliances and the ability to re-use older hardware are additional compelling reasons to consider open source security software.

Investing in the right portfolio of open source products can be a fantastic way to manage security investments and focus dwindling budget allocations on things that matter most.

For VARs, it's all about managing expectations, risk and budget -- open source or otherwise.

Dig Deeper on Best practices for cybersecurity management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.