Open Source Software In Cloud Applications

Open Source Software In Cloud Applications

Open Source Software In Cloud Applications

Providers of cloud-based solutions will bring in more than $241 billion in 2020, according to Forrester Research’s report on “Sizing the Cloud”. Since the emergence of cloud solution providers like Amazon, Rackspace, IBM and Microsoft, software development and deployment is increasingly taking place in the cloud. And, in the next few years, we are likely to see more and more innovative technology companies completely suspended in the cloud.

What makes the cloud particularly attractive to enterprises is that it enables companies to lease access to infrastructure, platforms and software, drastically reducing their overall operating costs. The economies of scale associated with the cloud, costs that accurately reflect usage, elimination of maintenance costs, and increased ability of users to enjoy access to applications across a variety of devices including tablets and smart phones are additional drivers behind adoption of cloud applications.

While enterprises are shifting from legacy solutions towards the cloud, open source software is gaining significant traction for similar reasons. Desirable attributes such as faster time to market, lower development cost, better security, peer-reviewed quality, zero licensing cost, and multiple sources from mostly reputable suppliers have made open source the software of choice for commercial business applications, including cloud-based applications and collaboration solutions. As open source software becomes increasingly available in the cloud, it is important for enterprises to understand how the cloud environment changes open source license obligations.

There are two broad categories of open source licenses – permissive and restrictive. Permissive licenses such as MIT and BSD provide minimal obligations on code use, modification and distribution, enabling developers to incorporate open source code into open source or proprietary software with their choice of license terms. In contrast, restrictive licenses such as the GPL force users of covered code to distribute derivative works under GPL only, and require these users of GPL code to make their source code available to downstream users. This feature of restrictive licenses, with few exceptions, renders it impossible to incorporate open source code into proprietary offerings. Failure to comply with such obligations can lead to severe consequences, including paying damages for license infringement.

In the pre-cloud environment, software vendors made their products available to end users through software distribution, and the reciprocal aspects of GPL ensured that the its creators ideals of software freedom were maintained. With emergence of cloud services, users of SaaS applications technically are not receiving any code as software applications that use GPL in their internals are not distributed, hence the old GPL terms governing distribution of code would not apply.

In order to maintain the software-freedom aspect of GPL when code is deployed in a cloud, Affero GPLv3 (AGPL for short) was created. Under provisions of AGPL, any user of the cloud that uses an application containing AGPL-licensed code must be provided with the source code of the entire application.

In summary, with GPL covered code:

  • If you distribute the software, you must make your code available to users
  • If you offer SaaS through the public or private cloud, you do not have to make your code available to users

With AGPL covered code:

  • If you distribute the software, you must make your code available to users
  • If you offer SaaS through the public or private cloud, you must make your code available to its users

Given the new obligations imposed by the AGPL, it is critical for SaaS providers to take inventory of the open source code embedded in their product offerings, and to ensure that their intellectual property policies are in line with the obligations imposed by the various open source licenses covering their code.

A variety of automated scanning tools generically known as enterprise analyzers are available that can assist SaaS providers to manage open source obligations in the cloud. In addition, a structured Open Source Software Adoption Process (OSSAP) can be used to define acceptable intellectual property license policies for the organization, audit the current software portfolio and incoming code, and ensure compliance through all of the software development and procurement stages. These open source license management solutions are now available in both on-premises and hosted versions. Furthermore, these tools generally offer License Obligations Reporting, for a simplified “bulleted” view of the obligations associated with each open source package that is discovered in the SaaS code.

The emerging cloud-based SaaS model offers immense opportunities but also raises new risks for your organization’s intellectual property. If your organization’s intellectual property policies were developed for the traditional software distribution model, then they need to be re-assessed and updated to meet the distinct obligations associated with the cloud environment.

By Mahshad Koohgoli/Diana Marina Cooper

Mahshad Koohgoli is CEO of Protecode, Inc. (www.protecode.com), a provider of open source license management solutions, based in Canada. He has more than 25 years of experience in the telecommunications industry, specializing in technology start-up businesses, and holds several patents in the computer and communications field.

Diana Marina Cooper is an open source corporate strategy consultant for Protecode (www.protecode.com). Cooper obtained a BA in Politics and Governance, a MA in Globalization Studies, and is currently a JD Candidate (2013), pursuing a concentration in Law and Technology.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
When Sci-Fi Predictions Come To Fruition

When Sci-Fi Predictions Come To Fruition

Evolution of Technologies To paraphrase science fiction author Arthur C. Clark, those who make predictions about the future are either “considered conservative now and mocked later, or mocked now and proved right when they are no longer around to enjoy the acclaim.” The one thing we can be sure about, Clark ventured, is that “[the…

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Inc (FB.O) said on Thursday it had completed a successful test flight of a solar-powered drone that it hopes will help it extend internet connectivity to every corner of the planet. Aquila, Facebook’s lightweight, high-altitude aircraft, flew at a few thousand feet for 96 minutes in Yuma, Arizona, Chief Executive Mark Zuckerberg wrote in…

When Will Women In Tech Become The Norm?

When Will Women In Tech Become The Norm?

Tech Diversity It is well known that the technology industry has been dominated by men, but it is also clear that the industry is working to change that. Diversity in the tech industry, especially where it applies to women in tech, has been a topic of discussion for years. Recently the Washington Technology Industry Association…

Four Keys For Telecoms Competing In A Digital World

Four Keys For Telecoms Competing In A Digital World

Competing in a Digital World Telecoms, otherwise largely known as Communications Service Providers (CSPs), have traditionally made the lion’s share of their revenue from providing pipes and infrastructure. Now CSPs face increased competition, not so much from each other, but with digital service providers (DSPs) like Netflix, Google, Amazon, Facebook, and Apple, all of whom…

Edtech and Virtual Reality – Exciting Learning Environment

Edtech and Virtual Reality – Exciting Learning Environment

Customizing Edutech Customized edtech learning solutions are becoming more commonplace as the education industry recognises their potential and begins transforming the traditional structures so as to incorporate innovative developments. From textbooks to tablets, chalkboards to virtual reality, edtech promises not only dynamic and exciting learning environments but better learning strategies and solutions. Virtual Reality and…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

The Future of M2M Technology & Opportunities

The Future of M2M Technology & Opportunities

The Future Of The Emerging M2M Here at CloudTweaks, most of our coverage is centered around the growing number of exciting and interconnected emerging markets. Wearable, IoT, M2M, Mobile and Cloud computing to name a few. Over the past couple of weeks we’ve talked about Machine to Machine (M2M) such as the differences between IoT and…

Containerization: The Bold Face Of The Cloud In 2016

Containerization: The Bold Face Of The Cloud In 2016

Containerization And The Cloud “Right now, the biggest technology shift in the cloud is a rapid evolution from simple virtual machine (VM) hosting toward containerization’’ says the CTO of Microsoft Azure, Mark Russinovitch, a man who deals with the evolving cloud infrastructure every day. In his words, containerization is “an incredibly efficient, portable, and lightweight…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance  Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into…

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Verizon Cloud Report Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now firmly established as a reliable workhorse for an organization and one that can deliver great value and drive transformation. That’s according to a new report from Verizon entitled “State of the Market: Enterprise Cloud 2016.” which…

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…