"If you have no service-level agreement, contract, or warranty, you have shouldered the burden of responsibility," Driver says. "If you're able to do self-support, it's an upside, but if you can't, you have created unforeseen risk."
Of all the open-source software NPC uses, Brisbin opted to pay for support only for SpringSource tc Server, which it uses to deploy Web-based applications in an internal cloud. He went that route because the application server deployment is pushing the envelope of common developer knowledge. "We can't go out to a mailing list of 150 developers and ask questions, because not many people are doing this the way we are," Brisbin says. But he says he's happy that the contract didn't require him to purchase a license and that it cost just a couple thousand dollars.
Organizations serious about using open source are also advised to establish policies and governance practices to monitor and control its use. Driver estimates that only 20 percent of organizations using open source have such policies in place, and in the Computerworld survey, most respondents said they didn't measure ROI. Taking such a risk can lead to unforeseen costs; for instance, even if you think you're reaping benefits, with no benchmarking or cost comparison, that could be an illusion, he says.
"People can be getting a negative ROI and firmly believe it's positive because they've gone from a [capital] expense to an [operating] expense," he says. In other words, the savings on license fees could be outdone by the salaries of employees who must spend eight to 10 hours a week updating, testing, and patching the software.
In some cases, companies are realizing savings but can't prove it. "The key to minimizing the potential downside and maximizing the upside is governance," Driver says. "Without that, you're shooting in the dark."
At the New York State Office of Temporary and Disability Assistance, Chan is creating a direct comparison between the cost and performance of the new IT environment and the older one. He cautions that it requires an investment of resources to run tests and create meaningful benchmarks.
And even if you're only planning to use the software internally, it's important to ensure that the legal department understands the numerous types of licenses available, Driver says. "Restrictions vary, sometimes dramatically," he says. "You don't want to get a letter from your lawyer with an injunction because your open-source solution violated someone else's intellectual property."
Fitting open-source technology into your current infrastructure is another thorny issue. Three years ago, Roy Mentkow, director of technology for the city of Roanoke, Va., decided to transition from Microsoft Office to OpenOffice. However, for some users, desktop applications were heavily integrated with Lotus Notes workflows. "We had to ensure OpenOffice worked well with Notes on an application-by-application basis," Mentkow says. "That was something that snuck up on us."
In the end, the city migrated about half of its 900 users, resulting in $140,000 in savings. Still, Mentkow says, the savings won't come all at once but rather when those desktops would have been upgraded to a new version of Microsoft Office.
It's also important to look beyond another widely touted benefit of open-source software: the ready pool of developers who are familiar with the technology and see the prospect of using it as a retention or hiring plus. While it's true that developers are plentiful and eager to work with open source, that expertise can come at a price.