Can my organisation use closed source software?
If you are the CEO of a company or the head of an organisation you should probably ask yourself the questions below before deciding if you can risk using a closed source software products and services.
- Do I need to be able to keep secrets from competitors?
- Do I have a legal obligation to protect the privacy of my customers data?
- Will providing privacy for my customers data produce a competitive advantage?
- Does your organisation deal with national secrets?
Closed source products cannot be audited for security backdoors. Even if a closed source company assures you that there are no current backdoors they cannot prove that to you. And if they do show you current source code you cannot guarantee that a future update will not introduce one.
For most organisations this is not actually a problem. Small business. Non-profits that have a purely local focus. Their private data is probably not that important to them. They can continue to use closed source vendors and service providers with a reasonable certainty that it will not impact them.
But a government department? Or a large corporation like Airbus that has a competitor who is deeply entwined in the security industry of another country? These organisations cannot use a close sourced product or service without facing accusations of incompetence.
What are the alternatives for organisations that require privacy from foreign governments? Not many. All data stored outside of their own data centres has to be encrypted. But more than that. They have to run their own IT infrastructure, and all software they use has to be written by them from scratch or compiled by them from open source.
Maybe new businesses will arise that help share IT costs between companies while still providing security for their data. Hard to see what it might look like. But it will have to provide extra ordinary transparency to work.
This position might sound extreme, but it is logically the only way to be sure. Anything else involves a tradeoff between cost, privacy, and simplicity. And I think there are a number of organisations out there that cannot compromise on privacy at all.
UPDATE: One of the recent leaks of information from the NSA was caused by their use of closed source products and external IT providers. Delicous.Follow @hanseldunlop