Open Source Software In Cloud Applications

Open Source Software In Cloud Applications

Open Source Software In Cloud Applications

Providers of cloud-based solutions will bring in more than $241 billion in 2020, according to Forrester Research’s report on “Sizing the Cloud”. Since the emergence of cloud solution providers like Amazon, Rackspace, IBM and Microsoft, software development and deployment is increasingly taking place in the cloud. And, in the next few years, we are likely to see more and more innovative technology companies completely suspended in the cloud.

What makes the cloud particularly attractive to enterprises is that it enables companies to lease access to infrastructure, platforms and software, drastically reducing their overall operating costs. The economies of scale associated with the cloud, costs that accurately reflect usage, elimination of maintenance costs, and increased ability of users to enjoy access to applications across a variety of devices including tablets and smart phones are additional drivers behind adoption of cloud applications.

While enterprises are shifting from legacy solutions towards the cloud, open source software is gaining significant traction for similar reasons. Desirable attributes such as faster time to market, lower development cost, better security, peer-reviewed quality, zero licensing cost, and multiple sources from mostly reputable suppliers have made open source the software of choice for commercial business applications, including cloud-based applications and collaboration solutions. As open source software becomes increasingly available in the cloud, it is important for enterprises to understand how the cloud environment changes open source license obligations.

There are two broad categories of open source licenses – permissive and restrictive. Permissive licenses such as MIT and BSD provide minimal obligations on code use, modification and distribution, enabling developers to incorporate open source code into open source or proprietary software with their choice of license terms. In contrast, restrictive licenses such as the GPL force users of covered code to distribute derivative works under GPL only, and require these users of GPL code to make their source code available to downstream users. This feature of restrictive licenses, with few exceptions, renders it impossible to incorporate open source code into proprietary offerings. Failure to comply with such obligations can lead to severe consequences, including paying damages for license infringement.

In the pre-cloud environment, software vendors made their products available to end users through software distribution, and the reciprocal aspects of GPL ensured that the its creators ideals of software freedom were maintained. With emergence of cloud services, users of SaaS applications technically are not receiving any code as software applications that use GPL in their internals are not distributed, hence the old GPL terms governing distribution of code would not apply.

In order to maintain the software-freedom aspect of GPL when code is deployed in a cloud, Affero GPLv3 (AGPL for short) was created. Under provisions of AGPL, any user of the cloud that uses an application containing AGPL-licensed code must be provided with the source code of the entire application.

In summary, with GPL covered code:

  • If you distribute the software, you must make your code available to users
  • If you offer SaaS through the public or private cloud, you do not have to make your code available to users

With AGPL covered code:

  • If you distribute the software, you must make your code available to users
  • If you offer SaaS through the public or private cloud, you must make your code available to its users

Given the new obligations imposed by the AGPL, it is critical for SaaS providers to take inventory of the open source code embedded in their product offerings, and to ensure that their intellectual property policies are in line with the obligations imposed by the various open source licenses covering their code.

A variety of automated scanning tools generically known as enterprise analyzers are available that can assist SaaS providers to manage open source obligations in the cloud. In addition, a structured Open Source Software Adoption Process (OSSAP) can be used to define acceptable intellectual property license policies for the organization, audit the current software portfolio and incoming code, and ensure compliance through all of the software development and procurement stages. These open source license management solutions are now available in both on-premises and hosted versions. Furthermore, these tools generally offer License Obligations Reporting, for a simplified “bulleted” view of the obligations associated with each open source package that is discovered in the SaaS code.

The emerging cloud-based SaaS model offers immense opportunities but also raises new risks for your organization’s intellectual property. If your organization’s intellectual property policies were developed for the traditional software distribution model, then they need to be re-assessed and updated to meet the distinct obligations associated with the cloud environment.

By Mahshad Koohgoli/Diana Marina Cooper

Mahshad Koohgoli is CEO of Protecode, Inc. (www.protecode.com), a provider of open source license management solutions, based in Canada. He has more than 25 years of experience in the telecommunications industry, specializing in technology start-up businesses, and holds several patents in the computer and communications field.

Diana Marina Cooper is an open source corporate strategy consultant for Protecode (www.protecode.com). Cooper obtained a BA in Politics and Governance, a MA in Globalization Studies, and is currently a JD Candidate (2013), pursuing a concentration in Law and Technology.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

The Internet of illness

The Internet of illness

The Internet of illness The number of postings about IoT solutions has continued to rise. It is a wave that hasn’t crested yet. I’ve posted several here on CloudTweaks as have a number of other authors. IoT topics from the industrial use, to what IoT is going to change around the world. It got me…

Who’s Ready For The Cloud, And Can Deliver!

Who’s Ready For The Cloud, And Can Deliver!

Cloud Ready In my article last month, I discussed how the managed service provider (MSP) industry has been continuously urged to embrace the cloud, but in the end, could they? I answered the questions by describing several impediments and challenges that I believe are preventing MSPs from generating significant revenue and successfully fulfilling their client’s…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

Even Companies With A “Cloud First” Strategy Have Lingering Security Concerns

Even Companies With A “Cloud First” Strategy Have Lingering Security Concerns

Lingering Security Concerns Considering the cost and time-to-market advantages of SaaS applications in particular, it’s no surprise that companies are looking to the cloud to meet their business objectives. But what happens when a ‘cloud first’ company must also put security and compliance first? In a recent Bitglass survey report from a cloud access security…

Four Reasons Why CIOs Must Transform IT Into ITaaS To Survive

Four Reasons Why CIOs Must Transform IT Into ITaaS To Survive

CIOs Must Transform IT The emergence of the Cloud and its three delivery models of Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS) has dramatically impacted and forever changed the delivery of IT services. Cloud services have pierced the veil of IT by challenging traditional method’s dominance…

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent The massive AWS re:Invent show this week in Las Vegas is a celebration of cloud computing. What was formerly debatable is now inevitable: the world is moving to cloud. Amazon’s annual cloud revenues of about $7 billion, combined with an estimated $5 billion annual run rate by competitor Microsoft Azure, and the odd…

Are You Sure You Are Ready For The Cloud: Security

Are You Sure You Are Ready For The Cloud: Security

Cloud Security For the last several months, we have been discussing ways to make sure you are ready for the next step in your IT evolution: Cloud. When review the different steps of making sure you are ready, one that I have intentionally avoided was Security. I spoke to you about “Security of Business”, but…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor