1.
http://www.linkedin.com/news?
viewArticle=&articleID=77700646&gid=51930&srchCat=RCNT&articleURL=http%3A%2F
%2Fredir%2Einternet%2Ecom%2Frss%2Fagroclick%2Fwww%2Eitsmwatch%2Ecom%2Fitil
%2Farticle%2Ephp%2F3843806&urlhash=xeAi
ITIL: Open Source vs. Commercial
October 14, 2009
By Pam Baker
As ITIL continues to gain converts, more and more support software is becoming
available. Which is better open source or commercial? The debate continues.
Open source is once again being hailed as a cheap and efficient bandage for companies
hemorrhaging from a weakened economy and wounded budgets. Open source promises a
big bang for precious few bucks, at least on the front end. But is "cheap" enough of a
reason to ditch commercial ITIL solutions?
The answer extends beyond the philosophical differences of the open source vs. commercial
camps. For one thing, not all open source software is created equal therefore not all open
source products will score the same.
“I could program an ITIL solution in one week and provide it for open source download and
it would be worthless,” said Chris Drake, founder and CEO of FireHost, a hosting company.
The problem lies in the lack of a large community base to support the solution. To gain any
advantage from open source, IT needs to learn the solution on its own, find a service firm to
help, or rely on the community for support, making up-time requirements a prime
consideration.
Another advantage in popular open source solutions: they carry a bucket-load of features,
often exceeding that of commercial offerings. The best solutions, said Drake, provide only
the framework and allow the community to extend the solution. “Nagios is a perfect
example,” he said. “The community has gone wild and has extended the solution more than
any commercial solution available. Hence, they’re the post popular monitoring solution.”
While open source solutions can have as much as 10 times the features of commercial
products, more is not necessarily better. It is relatively easy to get lost in the maze of
features and the customization processes. Alternately, commercial solutions can also be too
huge for recession-pruned IT teams to manage and too stiff to customize for a company’s
exact needs; all leading to waste in terms of cost and time. Customization can be overdone
too. The key kink in the code chain comes from immature ITIL processes.
“Implementing open source software in a case where the ITIL culture is not yet strong
enough may cause an over-customization of the tool and thus cause the main objective of
implementing ITIL to be distorted,” said Alejandro Montini, manager of IT Infrastructure at
Globant. By comparison, a solid commercial software offering can greatly help in
streamlining and speeding the initial implementation of ITIL while avoiding deviations from
the standard, he said. Oddly, even though Globant specializes in using open source
software, Montini said he would “dedicate all efforts to improving the overall quality of the
company's services based on ITIL and I would select a commercial ITIL software to support
this objective."
The biggest differentiator between open source and commercial ITIL solutions remains
security. While commercial applications have their own vulnerabilities “it’s much tougher to
find those holes as the source code isn’t available,” said Drake. With open-source, the
hackers can download the same source code and look for vulnerabilities or poorly written
code from within the inside of the software. Heavily regulated industries will probably steer

2.
clear of open source solutions for fear of heavy penalties should a breach occur. It is hard to
construct a winning court defense when the potential threat is known and well-documented
in advance of deployment.
As ITIL continues to gain converts, more and more support software is becoming
available. Which is better open source or commercial? The debate continues.
However, open source solutions can be secured as part of the customization process. It is
tricky business but it can be done. Drake said that due to the numerous features available
with popular open-source apps and the obvious cost advantages, he would choose “open-
source solutions that are secured over commercial solutions any day.”
Consideration should expand beyond the basic open source argument and the task at hand
and on through execution follow-through, advises Fred Broussard, research director of
Enterprise System Infrastructure Software at IDC. Among the questions he would ask are:
• How is the company that uses open source software within their internal IT
environment going to update and maintain the solution in their environment?
• How "mature" is the open source solution?
• What mission critical applications will be supported by this open source solution?
If the answers are less than satisfactory, then a commercial application would probably be
the better choice.
Although the decision should be based on a variety of factors, Broussard offers the following
table as a quick guide in making the decision.
Open Source:
Pros: Cheaper. Possibly easier to modify in-house.
Cons: Not automatically scalable. Not automatically secure. Where do you go for support if
the software breaks?
Commercial Solutions:
Pros: Reputable company has experience supporting customers. Can pick from multiple
vendors to find solution that best fits your needs.
Cons: Can be expensive. Some solutions use proprietary technology that won't integrate
easily in your IT environment.