Given the advantages that open-source applications offer in a business environment, it’s no surprise that they’ve been catching on. Being able to download a piece of software and install it without having to deal with the cost of licensing is an obvious plus for startups watching every penny. Using a free open-source application rather than buying a business license for a piece of software that will be used infrequently makes sense for businesses of any size. And an IT team being able to sit down and build something around an open-source database instead of having to convince the C-suite to invest in a proprietary license can keep important projects from stalling out because of in-house bureaucracy or low prioritization.
But because open-source applications are so convenient and in such widespread use, it’s important to understand, perhaps even more so than with a proprietary application, what goes into securing them. By being aware of the following security tools, you and your client can come up with an effective strategy for making sure that open-source applications used across an enterprise stay as secure as the software that your client buys.
Digital Threat Intelligence Platforms
There’s a veritable whirlwind of news out there about emerging cybersecurity threats. Every day, our social media feeds and the front pages of our favorite tech and business publications report the latest and most frightening instances of business data being compromised by hackers. But what open-source exploits does a given business need to look out for at any given time? What open-source applications within a given field are being targeted, and how? What are the real emerging risks that an enterprise should take immediate action to harden a network against, and what is mere fearmongering clickbait?
A good digital threat intelligence platform will answer these questions. Threat intelligence separates the wheat from the chaff and provides businesses with feeds of accurate, targeted, actionable information about emerging threats. Because open-source applications don’t benefit from the kind of support services and upgrades that vendors provide for proprietary software, it’s very important for businesses to have credible information on what threats are impacting open-source applications in the areas that they do business in so that they can patch the holes as necessary.
Open-Source Forums and Communities
Unlike a proprietary software model, in which the vendor pushes security upgrades and patches to clients who pay for them, open-source applications don’t offer this type of support. Information on how to secure particular applications, how to patch security holes, and where to find upgrades is found, rather, in the active forums and communities that open-source developers use in order to discuss, troubleshoot, and support the applications that they code. So it is important for businesses using these applications to understand where these communities are and how to find the information.
But just knowing where to find the communities is only part of the equation. When it comes to open-source software, there’s a third security tool to take note of that a business can’t do without.
The Most Important Tool: People
The most important tool that an enterprise can have in its cybersecurity arsenal for keeping open-source applications secure is well-trained, well-informed, capable IT talent. Being able to interpret the news coming through a threat intelligence feed and having the technical acumen to act on it and secure the affected software is critical, as is having IT staff tasked with proactively digging through open-source forums pertaining to the applications that a company uses in order to find security patches, fixes, and the like.
Whether an individual or a team, someone operating in house or through a managed services provider, it is necessary for an enterprise to have someone managing open-source technology who knows what to look for, where to watch, and what can’t be overlooked. Because there’s no vendor support for open-source applications, it’s up to you and your client to make sure that these free, convenient, and powerful applications are not the Achilles’ heel of your client’s network security.
How have you seen open-source applications effectively secured in enterprise settings?