News Stay informed about the latest enterprise technology news and product updates.

Open source security OK, experts assure SMBs

Although the vendor field is still sparse, open source technology is a strong option for securing SMBs' networks.

Ignore the myths. Open source security technology is an affordable and robust option for small and medium-sized businesses (SMBs).

While some buyers might think security is best left to vendors of proprietary software like Symantec Corp. or SonicWall Inc., experts says open source software can give SMBs the protection they seek.

I like open source, man.
Dan Nickason
IT managerGenesis Physicians Group
"I think there is some sort of ingrained bias [against open source security technology] because there is still this myth that open source isn't as robust," said Alex Fletcher, lead technology analyst at Entiva Group Inc., a Silver Spring, Md.-based research firm that specializes in open source technology. "There is reluctance to put open source up against proprietary software because it is thought they are just not capable."

Nick Selby, senior analyst at New York-based research firm The 451 Group, said at the C-level, at least, there definitely is a bias. "The problem with open source security is the same problem that open source had in the mid-1990s: Executives can't understand the revenue model. If you believe that your security is beholden to the good will of unnamed, faceless hippies that might update the software if they feel like, chances are they'll buy a proprietary product."

The market for open source security products is nascent, said Selby, who's also director of The 451 Group's enterprise security practice. However, the open source industry in general is growing.

Earlier this summer, Framingham, Mass.-based research firm IDC found that the open source software market reached $1.8 billion last year. It predicted that the market would reach $5.8 billion in 2011.

Open source security software is in its early stages with just a few vendors, Fletcher said. But SMBs would do well to try the products.

Dan Nickason, an IT manager at Genesis Physicians Group Inc. in Dallas, became a believer after he started using a network security appliance from Untangle Inc., a San Mateo, Calif., vendor of open source security technology. Untangle bundles more than a dozen open source security applications, which it offers for free. It sells support and services for the technology and also sells servers with the software preinstalled.

"I like open source, man," Nickason said. "I didn't realize the power of it prior to Untangle."

Nickason said the appliance and two years of support for the 38 users in his company cost the same as his Symantec antivirus software. And with the Untangle appliance, he gets more than antivirus protection. The Untangle Gateway Platform includes spam, spyware and phishing blockers; virus protection; a Web filter; protocol control; intrusion prevention; a firewall; a VPN; and several other applications.

"The biggest value is the overall protection it provides for the cost," Nickason said. "You get so many different types of protection for a really low cost."

Fletcher said, "From a technological perspective, I think the fact that [Untangle] embraces open source gives them a lot more diversity in terms of what they're able to integrate into their offering. They've been able to leverage some pretty solid open source components that are very much stable and as capable as anything in the proprietary market."

Selby said open source products are in many ways more secure than commercial software.

"The interesting thing is that most open source products out there are inherently more secure in the sense that open source products tend to get fished at a lot more," Selby said. "They get fished by security researchers far more thoroughly than proprietary products, because the code is free and available to the public."

Despite the presence of Untangle and other vendors that offer open source products with proprietary extras, such as SourceFire, the market for open source security products is still small.

"There is a relative paucity of commercial support options for open source security products," Selby said.

More on open source tools
Navy CIO OKs open source systems

Open source making way in SMBs

Antivirus Fight Club

And the last AV scanner standing is…
When Nickason became IT manager at Genesis, the company had a Cisco Systems Inc. firewall and some basic antivirus protection. For Nickason, this wasn't enough. Genesis is a business services firm that acts as a go-between for doctors and medical insurance companies. The company handles a lot of patient data, so data security is paramount.

"When I came over here, all we had was the firewall," he said. "With my experience with Untangle I knew it could definitely secure our network, especially for dealing with HIPAA requirements and things like that. It was very cost-effective and it provided a lot of functionality for a low cost."

Nickason said he still has the Cisco firewall in place, as well some other proprietary security software that predated his adoption of Untangle.

"We still have everything we had before," he said. "We run it all. This is just an added level. It plays well with everybody."

Nickason said he never really had a bias against using open source security technology.

"The only bias I had was my ability to understand it," he said. "When Linux first came out the only thing that made it unpopular was that it wasn't very user friendly. As it's grown more user friendly, it's grown quite popular."

Let us know what you think about the story; email: Shamus McGillicuddy, News Writer

Dig Deeper on Small-business infrastructure and operations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.