SpikeSource's Polese cites open source complexities

CEO also comments on Java, outsourcing

Kim Polese, CEO of open source services provider SpikeSource since 2004, is perhaps one of the better known IT executives. Prior to joining SpikeSource, she became one of the industry's first female chief executives as co-founder, president, and CEO of push technology vendor Marimba, which was acquired by BMC Software in 2004. Earlier, while at Sun Microsystems, Polese was the first product manager for Java. InfoWorld editors Paul Krill and Neil McAllister spoke with Polese last week about a range of topics, including SpikeSource, open source, outsourcing, and Java.

InfoWorld: Why do people need an open source infrastructure company like SpikeSource?

Polese: It fundamentally boils down to the challenges around interoperability. One of the biggest challenges that we find enterprises have and companies of all sizes [have when] they’re using open source is keeping all of the moving parts working together on a continual basis. [These are] the "what-works-with-what" problems, which [are] compounded when you have dozens of components in a stack. This is very typical for an enterprise that’s running open source applications. And those components are changing on an ongoing basis, whether it’s updates, patches, new features, security vulnerabilities.

To give you some numbers, in 2005 alone there were 490 combinations of PHP (Hypertext Preprocessor) Apache and MySQL that were released.  And then if you add 21 releases of OpenLDAP, you get over 10,000 combinations just for that one subset of the stack. And if you multiply that by Linux kernel versions and updates and distributions and then add patches on top of that, it becomes a very complex problem. There’s a lot of overhead involved in managing open source infrastructure. It’s the ongoing patch management, lifecycle management that becomes the cost, frankly, and it adds risk [and] overhead to enterprises that are using open source.

Could you discuss briefly the type of services you provide for open source users?

2006_300.xml
InfoWorld:

Polese: We provide, first of all, the stacks themselves for free for download from our site, so you can choose a variety of different components. We certify over 100 components across six operating systems, six language runtimes, and have tested very large combinations of those components. So you can download the stacks for free.

The service that we provide is an update service, and it’s basically what we call SpikeNet. It’s a patch management update service that provides the ongoing lifecycle management for that stack, and the updates are targeted for a configuration that’s running at the endpoint. The service includes regular alerts and notifications. And then there’s a high-stakes vulnerability or security alerts. We deploy a patch that’s been tested and validated against that configuration in 24 hours or less.

So that’s basically what SpikeNet is, that’s the update service. And then the other part of the offering is technical support, which is one phone call for support for the entire stack. We have partnerships with companies like MySQL and JBoss. We sell third-level support from those companies and we also have many experts here internally at the company who are knowledgeable about different components in the stack.

InfoWorld: So you only sell services, you don’t sell any software at all?

Polese: Correct. And the services, in the form of SaaS [software as a service], it’s not the traditional professional services organization. This really is software in the form of updates. We don’t sell traditional enterprise licensed software products, but we do sell software in the form of ongoing updates and patch management. So it’s similar to a Norton-style model. The service is really the bits delivered that are tested, certified, validated to work with that configuration at the endpoint at the customer site.

InfoWorld: Is SpikeSource involved in intellectual property protection services?

Polese: We don’t do that ourselves, but we are partnered with the leading companies. We have, for example, a relationship with Black Duck. We created an integration between our asset management tool, called the Spike Asset Manager. Together with Black Duck, we integrated that with their licensed calculator that basically reports on what the open source licenses are that are related to those components. So it’s a very natural marriage of the two companies' products and services.

InfoWorld: What’s the installed base of SpikeSource?

Polese: We’re not yet talking about the numbers of customers at this point. You can expect to see some announcements over the next several months about additional customers. A bank based in London was one of our first customers. Another customer is Business Objects, an ISV in this case, that’s using SpikeSource to basically standardize on a common stack so their customer base has been moved to an open source environment. So I can’t give you numbers right now of customers, but I can tell you that the pipeline is big, the demand is strong, and we’re [closing] business every day.

InfoWorld: Are there any parallels between SpikeSource and your previous venture, Marimba?

Polese: Well I think [there is] one very, very strong parallel, and one of the things that attracted me to this company is this model of SaaS. And specifically, in the case of Marimba, it was a licensed model that we were using, so we were delivering our product in the form of software -- the free software product management environment that companies could run behind their firewall. In this case, we’re actually delivering the updates over the Net as a service, but the common theme is making it much easier and cheaper to run complex software within the enterprise.  So removing cost and complexity [from] software lifecycle management, that’s definitely a common theme between the two companies.

InfoWorld: Are you seeing more enterprises looking first for free, or so-called free, open source software rather than looking to buy software these days?

Polese: One thing that I’ve noticed, just in the last year or so, is a change in attitude on the part of enterprises, and they’re moving from kind of kicking the tires with open source to realizing that open source has already been at their enterprise, and they need help in the form of third parties basically managing and maintaining that open source software. So it’s becoming, first of all, acknowledged open source, that is acknowledged as mainstream within the enterprise.

And then secondly, it’s becoming increasingly not just another option or a cheaper option, but even a safer choice [than] proprietary software in some cases, particularly in the area of infrastructure where CIOs [and] VPs of IT don’t want to be beholden to one vendor, don’t want to be locked into a particular infrastructure or deal with the silos of the past. So it’s almost becoming a norm that enterprises are moving toward open source, particularly in the area of infrastructure.  And I think over the next year or two, we’ll start to see the application adoption happening as well.

InfoWorld: When you say applications, what kind of applications?  I know there’s SugarCRM, but what are some of the other application options for open source?

Polese: There’s been a whole crop of companies that have emerged over the last six months or so, and they include Alfresco, for content management; Pentaho, for business intelligence; GroundWork for IT management and monitoring.  The list goes on. Funambol, this is mobile applications -- the Java environment for telephones and handhelds, and Compiere, which is an ERP company. So basically, name a category and there are one or more commercial providers of services for open source applications.

InfoWorld: Is open source in fact cheaper or are there a lot of hidden costs? Is it cheaper than commercial software or is it just as expensive once you add up the service, support, and all the other issues?

Polese: Well there’s certainly been a lot of discussion about this topic and [I will] be glad to tell you just how expensive open source can be when it comes to implementation and maintenance and lifecycle management.  In fact, there are significant costs involved in ongoing patch management, testing, certification, and updating of these components, when you’re starting to use more than a handful of them.

So we can make a case that open source software can be as expensive as proprietary if you have the overhead of having to staff the internal team and almost becoming your own vendor just to maintain that open source software. And that’s of course one of the reasons that we were inspired to start this company, Marugan Pal and Ray Lane founded the company back in 2003. They saw that cost rising, they heard some CIOs who were frustrated with what they saw as increasing complexity in using open source, and Marugan saw an opportunity to create technology to eliminate a lot of that overhead for companies.

InfoWorld: Is there anybody else doing anything similar to what SpikeSource is doing, IBM Global Services or anybody like that?

Polese: There are a couple of other companies that are sort of pure-play providers of open source services. We [see] OpenLogic and SourceLabs, but the traditional systems integrators are not providing automated testing in lifecycle management for open source stacks.  They typically have a team of consultants that they bring in and are on-site on an ongoing basis, but there’s not a specific service that I’m aware of from the large SIs that provide what we are providing, which is a wide choice of components across multiple operating systems, including, by the way, Windows. So we do certify on Windows as well as Linux. And then the ongoing maintenance updates, alert [notifications]… that is a unique service. I’m not aware of others, certainly in the systems integrator space, who are offering that. And as far as we know, we provide the greatest breadth of coverage of testing from the open source market today.

InfoWorld: Is SpikeSource profitable at this point?

Polese: Well, we don’t yet discuss [that] and we probably won’t until we become a public company, should that event occur. We don’t reveal information about our financials at this point.

InfoWorld: There’s been talk in the last couple of years about whether commercial software would go away. Do you think there will always be a place for commercial software? You’re not going to have a world where all software is free? You don’t see that happening, do you?

Polese: Well, just to sort of drill down on that word a little bit, there’s commercial and there’s proprietary, and there’s open and there’s closed, and there’s different combinations of all four of those.

InfoWorld: I’m talking about where you pay for the licensing in software.

Polese: I don’t think any one model will be the only model out there in the market, so I do think there will continue to be software that’s priced and sold successfully using the enterprise software license model.  But I think the majority of software over time will move to software-as-a-service subscription or on-demand models simply because the cost savings and ease for the end customer is so compelling. And because the Internet now enables us to deliver with low overhead very high values for an ongoing basis to customers, and that’s what they want.

They ultimately just want the software to work and they want it to perform as promised, and that really requires ongoing maintenance, which is of value and should be a cost that customers are willing to bear, and they are, indeed. So I think the model will, over time, move more and more to software as a service or on-demand, but I don’t think that’ll be 100 percent [of] the market in any case. I think you’ll see a combination of open and closed, proprietary, commercial, enterprise licensed, and SaaS models.

InfoWorld: Do you have any upcoming announcements you want to talk about at this point?

Polese: Not at this point, but we certainly will be over the next several months.

InfoWorld: Can you elaborate at all on that?

Polese: It will be related to our customers that we’re seeing out there in terms of how they’re using the product, and specifically customers as they are willing to be identified. Obviously in the beginning, when you’re starting to sell, it takes a while for customers to be willing to be identified publicly, but that will happen over coming months. So [we will discuss] customers, partners, deployments, how is it really working out there in the world of IT? How are people using our services?

InfoWorld: I was looking at your biographical information on the SpikeSource Web site, and it mentioned you were the original product manager for Java at Sun Microsystems. Do you think after 10 years that Java has met, exceeded, or fallen short of your expectations?

Polese: Well, [this] is a personal opinion, it’s not a SpikeSource opinion, but I’m thrilled with the success of Java. It has exceeded my expectations. It’s a phenomenal number of developers, of devices that are deployed based on Java, enterprises that are using Java.  And I can tell you this anecdotally, in our customer base [when] talking with companies, most of them are using Java. Java is very much mainstream when it comes to enterprise applications and I don’t see that changing any time soon.

1 2 Page 1
Page 1 of 2
How to choose a low-code development platform