Microsoft eyes hybrid open source approach to public sector work
Software giant says multi-platform environment that includes Linux operating systems and Android have driven it towards use of more open standards in how it provides technologies and services
Microsoft is increasingly looking at a hybrid approach that takes advantage of both proprietary enterprise IT and open source technologies for public sector projects to better meet the needs of customers in a multi-platform technology environment.
Michael Wignall, national technology officer at Microsoft UK, said that despite being a company long associated with proprietary software and technology changing user needs had facilitated a switch towards providing solutions that offer at least some open source components in the area of Android devices and other platforms. One such example is in its work around development of the NHS Choices site.
This so-called hybrid model is expected to be part of a more general approach to “embracing openness” as a company.
Open source software, whereby source code is made available via licence that can be amended and distributed to organisations or individuals for any purpose, is finding itself being used in healthcare and other public sector services.
While a handful of UK health trusts have already moved to incorporate open source technologies, perceptions around security, and the initial need for clearer planning and user involvement in system design are highlighted as potential challenges to best meet the potential benefits.
As part of this focus, Microsoft said it was looking to not only collaborate with suppliers and other companies developing open source solutions, but also to try and contribute to developments within the wider open source community, such as the Powershell Scripting language.
Wignall claimed that Microsoft was moving to remodel itself as a platform company where it can support the work of partners, such as through its cloud-based Azure technology, where a quarter of usage is based around open source developments.
He estimated that from an anecdotal perspective, Microsoft thought that near to one third of its interactions via its cloud platform were now reliant on open source technology.
Despite the potential for service improvements, the company said it had not set out specific directions or targets within the next half decade or so, although the growing adoption of the technologies has meant the company was willing to look at, and most significantly try and profit from the technology. This was regardless of whether its use was via a Windows or Linux operating system.
As part of its hybrid approach, the company pointed to its work undertaken with the NHS Choices website, one of the UK’s most visited online resources. The site makes use of an open source front end service, while the back office functions are based on the company’s proprietary database functions.
With regard to future opportunities for open source adoption, Wignall said that ongoing perceptions about the safety of the technology, whether just perceived issues or actual barriers, were something that needed to be addressed.
He suggested that the development community working around open source software created an environment where potential issues could be notified, informed and addressed by a number of developers and programmers at a quicker pace afforded by a single organisation.
However, there was not seen to be a case where one type of solution was necessarily more secure than the other.
“There is really secure proprietary software out there as well as really secure open source software,” Wignall noted.
Open source in the NHS
One of the notable adopters of open source in the public sector has been in healthcare, for instance London's Moorfields Eye NHS Foundation Trust, which developed an in-house designed Electronic Patient Record (EPR) based on such software.
In moving forward, the trust is in the process of tendering for a new solution, potentially in the form of open source or an off-the shelf option that can be more efficiently scaled up and maintained with an anticipated cost of between £1.5m and £4.5m.
The previous system was no longer viewed as being suitable for its EPR needs as a result of scalability and the required resources needed for continued operation.
The trust also identified key challenges to be addressed around programme management across several sites and ensuring data integrity in a transition from its custom EPR solution. Moorfields maintains that it is open to the possibility of further open source software.
Other providers like IMS Maxims are claiming to be working with a growing number of UK trusts over the course of 2016 to go live with open source electronic patient record (EPR) solutions, with the underlying code uploaded on web-based hosting service Github in June 2014.
Michael Thick, the company’s chief clinical information officer, said that while interest was growing in open source technologies by health care providers, it remained early days for efforts to expand uptake on a wider scale.
However, he noted that the technology, which was once considered a “market disruptor”, was likely to be much more common, especially with a push towards use of more open standards in how the government looks to tackle data and online service design.
Thick accepted that there was presently still some hesitancy around adoption with regards to perceptions in areas such as security, but argued that these perceptions did not in reality limit the potential uses for open source, which has been adopted across Whitehall in different forms.
Natalie Chishick, policy director for the company, said that the pressures for improved interoperability between health and social care also created significant scope for code sharing between different organisations
The age old security debate
Chishick noted that that a community of figures working across the UK health sector that used its open source EPR service already worked to share work and developments on the code.
John Steven, internal chief technology officer for application and software security group Cigital, argued that any ongoing debate over whether open source software or proprietary products were the more secure was now irrelevant as an issue.
“We know both are generally insecure. We also know that far more open source software (OSS) exists, on average, in people's code bases than they expect. OSS can constitute 90% or more of the deployed code without organisations realising it,” he said.
Steven noted that traditionally within the public sector, government agencies that procedure software did so via contractors that may not always provide the sufficient support, configuration and patching to help resolve issues or meet specific needs.
He said that the world had changed with open source software maintainers reaching out for assistance and collaboration to secure their frameworks.
“Culture and security savvy varies by project but I find that, though perhaps uninformed, these maintainers care about security and don't want to be the reason their adopters get owned,” said Steven.
“Many cloud providers and open source software maintainers spend more time on security than the organisations adopting them do their security of their own code. They take steps to harden their code, remove dangerous functions over time, and provide adopting developers security controls that are thought out. And, in this regard, it may behove organisations to ‘use what's available’ rather than trying to roll their own secure frameworks.”