The use of open source in the enterprise is blooming as organizations seek to reduce time to implementation and hopefully reduce costs. A 2019 RedHat report on “The State of Enterprise Open Source” said that 95% of respondents found open source “strategically important.”
When looking at the applications of open source in an enterprise setting, however, identity management does not always seem like a natural home. This may be because identity-related services are arguably one of the most complicated systems to design and build. Can open source be used wisely in an identity context and maintain security as well as usability?
8 considerations when choosing open source for identity projects
Thoughts about using open source often turn to fear, uncertainty and doubt (FUD). This is not without reason. The Equifax breach of 2018 is a good example of why FUD persists in open source use. The incident involved cybercriminals using brute-force attacks against the open-source Magento platform.
There are very good reasons to use open source. The choice means that someone else has done the groundwork so your developers don’t have to. In theory, multiple people (the open-source community) have looked at and verified the code. While this may mean the code has passed unit testing, it isn’t the same as functional testing. Therein lies the rub. Identity-led services are often multi-functional systems. The functional testing of these systems, the myriad user journeys and alt pathways can take the code down twists and turns that will open up exploits.