By Joseph Marks and Mark Micheli
April 26, 2013
Open source technology is now visible everywhere in government from the basic operating systems that federal computers run on to the blogs, websites and social media tools they use to communicate with the public. Red Hat, which helps companies manage, maintain and secure open source tools, including the operating system Linux, has been at the forefront of much of this adoption.
Nextgov sat down with Red Hat CEO James Whitehurst recently to talk about how open source is changing government, where it’s had the greatest impact and where he sees it going in the future. (The interview has been edited for length and clarity).
Nextgov: Can you tell us a little about open source’s initial path into government?
Whitehurst: Enterprise open source is about 10 years old. When you think broadly about early adopters, it was two main sectors: financial services and the intelligence community. People think of open source now as low cost but the initial interest was because of high performance. The financial community used it because running Linux [the most common open source operating system] was faster for doing trading platforms. Then the major investment banks all moved over and that’s rippled through financial services.
There was a similar dynamic in government. The largest sector for us, both in the U.S. and globally, is the intelligence community and that was primarily around security. We actually partnered with the [National Security Agency] and wrote the security regime that says use enterprise Linux. This would’ve been in the early 2000s. It’s called SE Linux, or security enhanced Linux. So, they deployed it broadly and it went from the Intel community to the military. Now, I think, every Army vehicle has Linux on it on a little server. From there it moved to civilian agencies and that’s more related to cost than performance.
There’s a classic story we tell about joining those two early adopters. We had a collaboration in the mid-2000s with the Navy, which was looking to upgrade its missile defense. When someone shoots a missile at a ship you want to be able to react very quickly. There’s something called a real time kernel you can put in an operating system where you get a guaranteed maximum performance to run an instruction. It’s actually a bunch of changes that say the longest code path possible in the worst-case situation can be no longer than X for this operation. It’s a lot of work to do that. We did that with the Navy for missile defense but it’s now used by every major stock exchange because you also want a real time kernel when you’re running a trading platform so you have a maximum guaranteed time to get a trade done.
Nextgov: If open source is secure enough for NSA where does the anxiety about it come from?
Whitehurst: The biggest confusion is between open source vs. enterprise open source. Open source is a development model. In this development model, the source code is free and open so anybody can download it and use a version. What people get concerned about is ‘am I downloading bugs? Am I downloading something I don't have a license for?’ The simple answer to that is ‘yeah that’s right.’ But that’s the role a company like Red Hat plays. We know the vintage of every line of code and we have strong security. So when you download from Red Hat you know it’s secure. Commercial open source is a very different animal from the free stuff.
Nextgov: How is Red Hat doing with government sales?
Whitehurst: In general we’re growing at 20-ish percent per year for subscription sales and software sales. That's somewhat faster in the government and with budgets basically flat that’s a nice solid growth rate.
Nextgov: Has that changed with sequestration?
Whitehurst: We’ve had a few consulting engagements trimmed on the margins but overall we haven’t seen a major impact yet.
We have two different vectors we sell on. One is innovation. We say "modern architectures are all built on open source so let me tell you about that.” When the economy is going well and budgets are growing, we go in with that message. When times are tough, we go in with value, value, value. We say replace Unix [a standard type of operating system] with Linux and you’re going to free up dollars on day one.
Nextgov: Do you think IT is more sequestration-resistant or recession-resistant?
Whitehurst: That’s always been the theory in IT, that it replaces dollars elsewhere. I don’t think IT will be immune. We have seen new project starts decline, so it can impact the trajectory of growth a little. I don't think it’s as bad in IT, but you can see flat-ish budgets if not down. We’ll have to wait and see how it plays out.
Nexgov: Is government contributing to open source?
Whitehurst: SE Linux and all the work we did with the NSA on that is one prime example. One irony is that Red Hat Enterprise Linux is the most secure open source operating system certified by the Russian military and the reason is because of the SE Linux work the NSA did.
Nextgov: So if the U.S. military and the Russian military both have SE Linux how can it be secure?
Whitehurst: Well it’s secure because people can look at every line and say "we don’t see a way to pierce this." The other security component is the policies about "if I have this password what do I get access to on this system," etc.
The only difference between the U.S. and the Russian versions is that the Russian scientists look at every line of the source code and then we have to compile it on a Russian computer. It’s exactly the same as [the U.S. version] but they want to see it compiled on their system before that source code turns into ones and zeroes to make sure nobody slipped anything in.
Nextgov: What market share does open source have in government?
Whitehurst: It’s hard to really tell. I’d say the government overall looks similar to commercial markets where Red Hat represents about a 20-ish percent share of server operating systems and about half [of all operating systems] are open source now. We’re more heavily weighted in defense and intel and a little underweighted in civilian the same way we’re over-weighted in financial services and under weighted in, say, healthcare.
Nextgov: Will open source ever have 100 percent share?
Whitehurst: It will be approaching some number less than 100. There will always be a need for an IBM mainframe for some very specific applications. Also Outlook only runs on Windows servers and there’s a set of applications that are tied to the Windows franchise.
Nextgov: What do you see in the future for open source?
Whitehurst: When open source was first applied as a development tool people looked at traditional categories of software that had been around for 20 years and open source commoditized things that had gotten older and longer in the tooth. That was why Linux was cheaper than Unix.
But in the past 10 years with the birth of these web 2.0 companies they do everything in open source. All of a sudden, it’s not as much about commoditizing existing categories. It’s that new stuff is happening first in open source. The easy example is big data. It’s tough to name a single propriety innovation in big data. They've all come out of open source.
We’re at an inflection point where more innovation is happening first in open source and we’re going to get to a point where most of it is hanging there. When that happens, we’re going to see fewer vendors building a propriety solution and guessing what customers want and more vendors saying ‘okay what are the technologies that the large factories of the future -- the Googles and Amazons and Facebooks -- are using and then taking that technology and applying it to customers.
There are a lot of implications when we shift to a model where IT is less about inventing intellectual property and selling it and more about sharing intellectual property and adding value on top of it. In the past if you were a [chief information officer] at an agency you sat down with a company and said: "Is this a vision I believe in? Are the financials of this company stable long term? Is this something I want to invest in?"
Now you’ll be saying: "Here’s a technology. How powerful is the community that's using this technology? How stable is that community? Do I want to invest my business in it?" All of a sudden companies become less important to where and how technologies are emerging.
Nextgov: That basically seems like the Red Hat model.
Whitehurst: There are very few companies Red Hat’s size that made it, that didn’t either fail or get gobbled up. One of the reasons we were able to do it is, when we were smaller, part of our sales pitch was ‘you don’t have to trust Red Hat is going to be around. You just have to trust that Linux will be around. We can go away.’
One of our biggest challenges is customers can say: ‘I’m not getting enough value, I’m not going to renew this subscription but I'll keep the code thank you very much.’ But that keeps us on our toes, trying to build a business model where we’re always providing value.
By Joseph Marks and Mark Micheli
April 26, 2013