Commercial open source has a peculiar sales process. Frequently, when a firm decides to buy (license) a specific type of software like a content management system or a wiki engine, they'll find that their company already employs multiple solutions, downloaded for free from the Internet. By some measures, this is dangerous to IT governance, as it bypasses corporate purchasing and operating regulations. On the other hand, open source empowers IT users to make their own decisions early on without having to go through lengthy approval processes, keeping them nimble and speedy. So, is commercial open source good or bad for IT operations and the CIO?
Commercial open source is open source software owned by a commercial entity, i.e. a firm. This commercial open source firm makes money by selling services and support around the open source software. To get the software into customer companies, they provide the software for free as open source software. Done right, the software is supported by an enthusiastic user community and supporting it costs the commercial open source firm very little. Employing open source as a go-to-market strategy gives commercial open source firms the strategic advantage that once evaluation and purchasing time comes around at a customer company, their product already has a foot in the door, as compared to proprietary competitors.
The obvious downside to the customer firm is that employees who install open source software bypass any rules and regulations that the firm may have put in place. Before open source, this rarely happened. While there was software with free trials, these trials were typically limited in time, and because the software wasn't open source, there was little of a community to provide support. Now, with open source, the purchasing process may have become more difficult, as commercial open source firms may gain the "unfair" competitive advantage of already being deployed at a customer firm seeking to standardize a particular type of software.
On the positive side, open source lets employees make their own decisions. This may be good, as despite all good intentions, corporate IT purchasing and operations procedures are frequently slow to work their process and frequently only kick in if some type of software is needed by more then one user. Corporate IT frequently leaves users stranded and struggeling to get software support for their needs.
On the negative side, having employees make decisions about what software to use ignoring broader needs and rules of the customer company is difficult from an governance perspective. An employee's decision is typically not based on a careful evaluation process taking all stakeholders and perspectives into account, but rather follows less rational paths, like what they are using at home or heard about from a friend.
The issue cannot be ignored, because once a specific type of software becomes important to a firm and they want to license it, the customer firm may have to bear the additional cost of migrating away from existing open source solutions. Since open source is software like every other software, the lock-in created by it may be painful to overcome, creating additional costs and resistance in the user base.
My recommendation to resolve this conundrum is to find a middle ground. If some type of software is simply too unimportant to be considered by IT and there is no budget for purchasing it, but some employee or workgroup has a need for it, there should be a point person in IT or elsewhere who guides the workgroup in their selection process. Such guidance must obviously be light on process and helpful to the workgroup rather than heavy and slow. An added benefit of such a point person is that he or she can serve as an early observer of evolving IT needs, giving IT and the CIO early indications about new needs of their user base.