Business continuity, quality and control eclipse cost savings as the top reasons IT professionals prefer open source to proprietary software. According to a new study by the Ponemon Institute and Zimbra, more than 75% of IT professionals agree that code transparency increases the trustworthiness of a software application. And two-thirds believe it improves security and reduces privacy risks.
For "The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA", the Ponemon Institute interviewed IT and IT security practitioners about their companies' usage and perceptions of open source messaging and collaboration solutions.
We caught up with Larry Ponemon, the founder and chairman of the Ponemon Institute, to find out more about the study's contents.
TechRadar Pro: The average percentage of commercial open source used in EMEA is 25% and the US it's 30%. What factors are contributing to the slow adoption of open source?
Larry Ponemon: The report didn't explore the reason behind the slow adoption. But we did learn that Zimbra, whose messaging and collaboration solution is open source, was deployed in 40% of US and 30% of EMEA organisations.
Control over the software and ensuring business continuity are the most beneficial aspects of open source, according to the report. Security and privacy were also found to greatly benefit from open source's transparency.
Overall, the perceptions of open source were more positive than those of proprietary software, and more than half of the EMEA and US organisations surveyed are planning to replace their existing solutions with open source ones over the next two years.
TRP: EMEA organisations are more concerned with the privacy consequences of messaging and collaboration while US organisations focus more on security. Why are EMEA organisations more likely to enforce security and data privacy policies than their US counterparts?
LP: The regulatory regimes across EMEA and the US are very different. This is largely a function of the regulatory compliance landscape in the regions, and what the legislation and mandates of each prioritise.
EMEA legislation leads to strict data protection/privacy compliance, regardless of the industry vertical, and encompasses the entire citizenry.
The US has a patchwork of legislation and Executive Orders, which specify industry verticals and largely ignore the implications on citizens' private information.
TRP: What file sharing technologies pose the greatest risk and how are employees putting their organisations at risk?
LP: The report shows that both EMEA and US respondents agree that unencrypted email and cloud file sharing are the riskiest. EMEA respondents also consider home-grown file sharing tools as very risky – more so than unencrypted email.
Given the perception of risk in cloud file sharing, the usage of these solutions is very high. More than 72% and 57% of EMEA and US respondents, respectively, said public cloud file sharing applications are used in their organisation. Additionally, 66% and 37% of US and EMEA respondents, respectively, said free versions of file sharing applications are used.
TRP: Despite the fact that many organisations believe that email is risky for file sharing, it is still the number one way users share files. Why are organisations not changing this behaviour?
LP: Given the percentage (more than 50%) of organisations planning to replace their messaging and collaboration solutions within two years, this could change.
TRP: Although this survey notes a higher awareness of the need for information security in EMEA, US respondents saw the support for encryption of data at rest and the ability to set mobile security policies as critical. What influences this gap in perception?
LP: Largely the BYOD revolution has been led out of the US, as have many of the mobile security solutions. Also, there are some curious privacy implications with those solutions, i.e. if your IT wiped an entire device, including the personal information.
For anything related to cryptography, the preference is likely to off-load cryptography to dedicated systems that can perform encryption and decryption, apply and verify digital signatures, and provide full life cycle management of the associated keys.
TRP: What factors affect the use of messaging and collaboration technologies?
LP: Both regions consider vendor support, open source, improved security and the ability to host or manage a solution in the cloud important. The US respondents also said ease of use was important, whereas the EMEA respondents consider vendor reputation as their most important factor.
Interestingly, a factor just outside the top five factors for EMEA was improved privacy, which was four times more important for EMEA than the US.
TRP: What are the most important features for messaging and collaboration technologies?
LP: Both regions want support for third-party antispam, antivirus and two-factor authentication. Both the US and EMEA respondents consider tightly integrated file sharing and email important or very important – particularly private attachments and fine-grained access control, and permissioning of file attachments and sharing.
TRP: What does the future look like for messaging and collaboration technologies?
LP: Support for mobile and cloud-flexibility were important or very important to both regions, and an integrated file sharing and email solution was high on the list as well. Not to project, but those will heavily influence the direction of messaging and collaboration solutions.