CRM and business intelligence from open source? You bet.

The odds are good that the LAMP stack is running somewhere inside your company. The acronym refers to the foundational foursome of the open source movement: the Linux operating system, Apache Web server, MySQL database and, collectively, the Perl, PHP and Python programming languages. Development tools such as Eclipse and application servers such as JBoss have also gained popularity - and trust - especially now that major vendors such as IBM, BEA Systems and Borland have adopted or supported them commercially. But what about the next step up the software ladder? Is open source ready for ERP, business intelligence or CRM?

Ready or not, it's happening; the first industrial-grade applications in these areas are now emerging. And CIOs will soon need to decide how to approach these fresh options in their enterprise software catalogue. As with the adoption of the LAMP players, these new open source enterprise applications likely will find their way into the enterprise at a departmental or small-project level. As a result, "we don't see [these applications] on CIOs' agenda at all", notes Michael Goulde, an open source senior analyst with Forrester Research. But, he warns, "CIOs should sync up with their development teams to see [where such applications] might have payback to the organization".

However, CIOs should tread carefully on such open source applications, advises Mark Lobel, a partner at PricewaterhouseCoopers who focuses on information security, including security for financial applications. One key concern is that applications tend to reflect and embed business processes and logic, which often are key strategic assets you don't want to share with others - and open source licences can require such sharing if companies aren't careful. Another issue is the long-term viability of open source applications for specific functions. Open source depends upon volunteer developers for success, but the more niche a product, the smaller the potential pool of interested contributors. As such, grassroots support for specific apps such as ERP or CRM tools may look more like brigades than the armies now supporting broad open source infrastructure such as Linux, Apache and MySQL.

Still, properly managed open source applications can save enterprises money and time - as well as reduce dependency on specific vendors.

Finding a Fit

Financial-services giant Fidelity Investments has used open source technology for about four years to reduce costs and dependence on vendors. "We started with Linux like everyone else did, but our intent all along was to see how far up the stack we could go," says Charlie Brenner, senior vice president of the Fidelity Centre for Applied Technology, Fidelity's technology incubation group. After Linux, Fidelity adopted Apache and Perl, and then the Struts Web application framework and the Eclipse Foundation's development environment. Fidelity is now looking at open source database management systems and assessing what applications might make sense. The advantages of open source include widespread component reuse, better access to underlying code to customize interfaces across applications, and less complex systems to manage. "We're heavy users of proprietary [software], and that won't change, but there are times you need a motor scooter, not a truck," Brenner says.

Others are less interested in picking the proper vehicle than they are in creating a uniform, inexpensive core on which to hang their IT business. At Midland Memorial Hospital in Texas, "we're trying to get a complete open source or public-domain stack rather than be proprietary", says IS Director David Whiles. His organization already uses the LAMP stack and is now deploying a public-domain electronic records system, the Veteran Administration's Vista, for less than half of what a proprietary system would cost (even with the cost of hiring a consultancy to add features such as billing). Medical industry service provider Athenahealth, meanwhile, is using SugarCRM - an open source CRM package. CTO Bob Gatewood says he had several reasons to switch from his current CRM provider, Salesforce.com. But he notes that making the change will save about $US1 million over three years in per-user licensing fees, even after the cost of development and integration is subtracted. He expects to complete the migration in early 2006.

Easy Mixing

Beyond spending less, Gatewood plans to more closely integrate the SugarCRM code - which he can access directly - into his call-centre and other support applications, something not possible with proprietary software where code is tightly held by the vendors. Other IT execs seek the same benefit. "We can take the pieces we need [with open source]," says Bob Hecht, vice president of content strategy at specialized data provider Informa, which is investigating the Alfresco open source knowledge-management application as an alternative to commercial enterprise content-management tools.

Informa is exploring Alfresco because a licence for a commercial enterprise content management application for a company of its size would cost millions of dollars and would impose a single content-management model on the company's array of publishing, training and events businesses. "We just won't do that," Hecht says. (It also helps that Alfresco was developed in part by former Documentum technologists, giving Hecht more confidence that the application will be enterprise-class.)

Starting Small

Open source applications can make especially good sense for nonstrategic, fairly generic applications like reporting or sales-force automation. Departments that have unique technology needs and smaller companies with limited budgets are also more likely to consider open source applications, says Forrester's Goulde. "Larger companies are not about to rip out SAP. Plus the functionality and the integration are both more complex" for a large company than open source apps currently can handle, he adds.

Open source tools "are not going to take the business-intelligence market because they are not yet competitive with commercial software", says Eric Rogge, research director for BI and performance management at Ventana. For example, open source BI applications don't yet offer a comprehensive platform with reporting, ad hoc analysis, online analytical processing (OLAP) connectivity, alerting, dashboards and workflow. Nor do they offer aids for developing user-interface controls, ad hoc analysis against relational data sources or scorecard functionality with strategy maps, metrics management and collaboration features, he says. But Rogge does expect open source applications to eventually make inroads in the BI reporting tool segment, since there are a variety of uses for basic reporting tools in an organization where a costly, complex BI tool isn't needed.

Furthermore, increased adoption of open source databases should encourage the development of open source reporting tools that take advantage of them, says Don DePalma, an analyst at the consultancy Common Sense Advisory. "Most database activity is about reporting, analyzing and crunching the data, so [open source reporting tools] would seem a natural development. Companies, universities or governments using open source operating systems and databases would be a great audience for such software," he says. DePalma doesn't expect a popular reporting tool like BusinessObjects' Crystal Reports, for example, to support open source databases because of the vendor's relationships with proprietary database developers such as IBM, Microsoft and Oracle. That provides an opportunity for the open source community to create a Crystal Reports-like reporting tool, he says.

Open source applications also make sense when there are regulations or other requirements common to an industry, where having a mutually supported tool would benefit everyone and not put anyone in the position of losing a competitive advantage, Goulde says. Analysts most often cite the health-care and financial-services industries as candidates for these kinds of tools, though liability concerns surrounding legal requirements make it critical that potential users understand the possible risks, notes Fidelity's Brenner. It is also possible to imagine a large player in a specific industry making an open source application viable, perhaps for some supply-chain management functions, much as Wal-Mart has done for RFID, notes Forrester Research ERP Analyst Ray Wang.

Gauging Open Source's Risks

But using open source applications does carry risks. One is that staff developers unfamiliar with the competitive value of various components might accidentally embed strategic business logic or processes into code that is then provided back to the open source community, neutralizing a competitive advantage.

But CIOs should be able to manage their strategic assets while still choosing open source applications, says Eric Link, Diabetech's CTO. Business logic, for example, should not reside in modified open source code but in your internal rules base or in-house applications that call the open source tools, as is common in commercial ERP systems, he says. "It does require careful thought to know what is strategic," but any IT development effort should make such an assessment, whether it involves commercial, home-grown or open source code, Link says.

CIOs should also be able to distinguish between applications and platforms and the issues that surround each, Brenner adds. Reporting tools and CRM are two examples of platforms that are often marketed as applications, he notes. The difference is that platforms typically don't encapsulate specific business processes or logic, making them well-suited for open source efforts - and less risky for the companies that use them, as companies using such tools will be less tempted to insert their own business logic into the products and unwittingly release it to the world. A reporting tool, for instance, might act on a company's data, but it would never incorporate that data into its own code - and thus a company would never be required by the licence to release the data as open source. Another alternative is to go pseudo open source as in the Avalanche Corporate Technology Cooperative, which openly shares code on a variety of projects, but only among subscribed members (see "But Is It Really Free?",below).

Beyond intellectual property concerns, another significant risk is an application's long-term viability. Open source has worked well for widely distributed tools such as those in the LAMP stack that are typically run as-is and don't need to be customized at each location. But for niche applications, the community of developers is necessarily smaller than for a piece of infrastructure, reducing the resources that contribute to the application's development, maintenance and support. This could make it difficult for many projects to muster sufficient developer support to stay viable. The diversity of applications will be a difficult issue for the open source community, says PricewaterhouseCoopers' Lobel.

This limitation is exacerbated if companies don't share their developments with the community for fear of releasing competitive business logic. "I can't see it going very long if companies aren't contributing back. An open system works only when it's open," Lobel says. Diabetech's Link, however, believes that argument is overstated, since companies are typically happy to share infrastructure code with others, thus moving the application forward even while keeping their business-specific code to themselves.

Despite these issues, even cautious observers concede that open source applications can make sense beyond the LAMP stack: And sensible CIOs should start paying attention.

For a list of open source development projects, visit www.cio.com/111505.

But Is It Really Free?

It pays to read the fine print on open source licences

Open source applications typically provide free use of the software and access to its source code. But if you plan to distribute the modified application outside your company, open source licences usually require you to return any enhancements to the user community, says Michael Goulde, a senior analyst at Forrester Research. But as the open source model moves up the stack to applications, the term open source is morphing to accommodate corporate needs.

More restrictive licences are emerging with the new class of open source CRM applications. For example, a version of SugarCRM is available under a variation on the standard General Public Licence (GPL). But users of SugarCRM Pro, available under a separate licence from SugarCRM, get a different deal. The SugarCRM licence works much like a proprietary software vendor's licence, with the exception that Sugar provides the source code and lets companies modify it for internal use only. And that modified code belongs to the user company, not to SugarCRM.

This model is becoming common as more companies build businesses around open source software for which they offer both a "pro" version and for-pay support services, says Goulde.

"Their free version is really a marketing tool," says Bob Gatewood, CTO of Athenahealth, a service provider to doctors and a SugarCRM Pro customer. That suits Gatewood just fine, since the SugarCRM licence still lets Athenahealth customize its CRM code easily, without requiring expensive professional services that, for example, a Siebel CRM deployment might require.

Another example is the US Veteran Administration's Vista electronic records software, which is available free as public-domain software. Although the VA has integrated enhancements made by some users in later releases, it still manages the core code development. Private companies have created proprietary extensions and add-ons that they sell to Vista users. They've also customized the Vista code for their clients, but none of these efforts belong to the VA or the Vista community as they would in traditional open source efforts such as Linux, Apache or BSD Unix.

The Avalanche Corporate Technology Cooperative is taking a private open source approach: Enterprises and consultants can join, which provides them access to software developed by the Avalanche members. (The cooperative is just starting its first efforts, including a Sarbanes-Oxley compliance project.) As with open source, the members all contribute technology to various Avalanche efforts, and Avalanche members provide mutual support. Unlike open source, however, only Avalanche members have access to this technology, which its founders believe will ensure development efforts stay focused on members' business priorities. For CIOs, this means that some open source tools might in fact be just partially open source, requiring a careful understanding of the licence and the program's contents. You really need to read the licence," advises Athenahealth's Gatewood.