From the mobile phone in your pocket (Android) to the web server running almost 30% of the world’s busiest websites (Apache), open source software powers some of the most complex and widely used technologies today. Google, Microsoft, IBM, Mozilla, and ThoughtWorks are but a few of the star open source contributors. Yet, CTOs in the financial services industry seem to have a strong apprehension. “You might be right, but what about…” is a highly common phrase we hear in our meetings. So, as a primer, today, we’ll answer all the ‘what abouts’ around open source tech for BFSI.
Just so we all are reading from the same page, let’s define it first. Open source software is one where the source code is publicly available, free to use / modify / distribute, and developed and maintained by a decentralised community (often, not always, of volunteers). We’ve seen that each of these factors give rise to a ‘what about’. Let’s go one by one.
If the source code is publicly available, what about security?
It’s natural that financial institutions worry about hacking and attacks — they have a lot to lose. If your concern is data security, there is no reason to worry. In open source, it’s the code that’s publicly available, not your data, which is still under your security infrastructure. If your concern is the security of the application itself, they will be safe to the extent to which your enterprise firewall and security devices can protect, whether open source or not.
Collaborative work ensures that security loopholes are identified and addressed swiftly. The wide network of developers and the diversity of workforce ensure peer review, which is fundamental to good product development. Also, development teams can rapidly address any issues arising in open source software, while if you have proprietary tech, you’ll have to raise a ticket and wait for them to install an update / patch.
If it is easily modified, what about integration and compatibility?
Challenges of integration are common among any two products. This is in no way exacerbated by it being open source. On the contrary, open source technology follows open and global standards, making them more interoperable. Open source developers in fintech are especially building ways to integrate seamlessly with banking systems. For instance, the open bank project offers connectors and adaptors for legacy systems. Another example is the manner in which the Mojaloop foundation is leveraging interoperability for financial inclusion in Africa.
If it is a decentralised community, what about the quality of code?
Open source — perhaps blame it on popular culture — is often seen as young developers writing code in the din of their parents’ basement. This is hardly true. In addition to some of the best engineering minds from Google, Microsoft etc. we mentioned above, global banks such as Goldman Sachs, JP Morgan Chase and Deutsche Bank have open sourced their own software. As we evolve towards a future of bitcoins and blockchain, this open / collaborative technology landscape built collectively by a multitude of brilliant minds from across the globe would be significantly more robust than many sheltered proprietary products.
If it is maintained by anybody and everybody, what about reliable support?
Thank god, we’re in 2020! In the early days of open source software, this might have been a problem, because developers needed to wait for the community to respond. This is no longer true. Several companies build on top of open source tech as well as offer managed services — even 24×7 — for open source software.
We, at Exzatech, are a walking-talking example: We build and support open-source software solutions for virtualization, container orchestration, authentication and authorization, active directory, API management, enterprise integration, as well as artificial intelligence and machine learning. In fact, because you don’t rely on a limited resource pool of support folks, you are more likely to get support and fixes quicker.
If it’s shared and created openly, what about compliance and accountability?
Open source software comes with terms, conditions and legal protections just like proprietary software would. In addition to global technology and product development standards, communities like the Fintech Open Source Foundation, Open Banking UK etc. are actively working with the technology and financial services community to create and enforce standards. More importantly, the open source community, by its very nature, encourages collaboration, transparency and collective ownership.
But what about custom solutions?
No sweat! The source code is publicly available for anyone to adapt and build custom solutions for their specific needs. With a good consulting partner, you can adapt any open source framework to meet the needs of your organization, which is nigh impossible with big-company proprietary software.
We implemented Samba Active Directory for Karnataka Bank’s authentication needs for over 12,000 users across the country, delivering nearly 80% cost savings compared to the proprietary software they were using earlier. To say nothing of best-in-class security and scalability — both vertical and horizontal — that Samba AD enables.
In essence, open source isn’t just free software. It’s a way of thinking about your technology that empowers you to prepare for challenges of the future, be it security, scale, or competitive advantage. Not yet convinced? Speak to one of Exzatech’s consultants today and challenge us with your questions. Let us help you.