October 1, 2024 7 min read
Purpose-Built vs Open-Source: Is Open-Source Software A Risk for Government Agencies?
Industry:
Solution:
There are hundreds of learning management systems on the market today, with varying features and at vastly different price points. A mix of proprietary, open source, generic, and market specific software, with differing approaches to learning, reporting, security, and many other options to consider.
It can be difficult to weigh each of these data points and determine which is the best for your agency. Should you select a cheap (or even free!), open-source option that will allow your IT department to customize it to suit your needs? Or do you need a solution that already has the functionality you need built in and incorporates robust security features? Does your staff have the experience to mold the solution themselves or will you require extensive customer support and around-the-clock technical assistance?
Generally speaking, it’s safe to say that what is good enough for the general public isn’t typically up to the demands of public safety or government agencies and that the strengths provided by open-source software are rarely the ones government entities or public service agencies need when they choose software. But what are those strengths and why do they need software solutions built specifically with them in mind?
What is open-source software?
At its most basic, open-source software is software with source code that anyone can inspect, modify, and enhance. By accessing the source code, programmers can change the software in a multitude of ways and mold its functionality to suit their specific needs. Open-source software solutions are also often free or offer a lower upfront cost than most proprietary software solutions.
It is important to note that open-source projects and code are wildly used by developers around the world and are often minor (or major) building blocks for commercial software. However, open-source software solutions, such as Linux and Moodle, can also be the foundation of homegrown systems for training and operational management.
So why is open source a good option for some organizations? In addition to its low cost and flexibility, choosing an open-source software solution to build upon does offer other benefits. Open-source software can promote experimentation and innovation by allowing anyone to freely expand upon its base. Agencies utilizing open-source software can also benefit from the collective support and problem-solving ability of a large group as opposed to an individual company or a single person.
However, much like generic software that wasn’t built with the needs of public safety or government entities in mind, there are significant benefits that agencies will miss out on by building their training software around an open-source software solution on their own.
Customer support
Depending on an agency’s size, purpose, overseeing government, budget, and numerous other factors, the agency might not have dedicated technical personnel. Instead, they may borrow them from an overseeing agency or purchase vendor support or outsourced IT services. On the other hand, an agency may employ a full staff of specialized IT experts, all of whom carry specific roles and responsibilities.
When utilizing an open-source software that doesn’t offer robust customer service, users may have access to a community support forum, but in mission-critical and chronically short-staffed industries, there often isn’t time for personnel to spend hours self-educating to fix each individual problem.
The uncertainty of support availability for issues that arise is a leading concern when considering whether to build a system around a free or low-cost open-source program. Some open-source software providers do offer additional packages that incorporate customer support, but these packages cost extra which may offset the advantage of utilizing a low-cost open-source option to begin with.
On the other hand, agencies can choose to engage with a third-party vendor for that additional support or expertise in molding the open-source software. Again, this will incur additional cost and adds an additional layer of complexity when it comes to procurement and managing communication between various teams.
When an emergent issue does eventually occur, the choice between generic software and a purpose-built solution becomes even more critical. Any developer or IT vendor can solve a software issue, but can they do it in a way that meets the security and secrecy standards of the U.S. government? An agency partnered with a vendor that offers purpose-built software has a clear way forward—the vendor will have the expertise to not only solve the issue but do so in a way that is conscientious of the unique requirements of mission-critical industries.
In the case of systems built around open-source software, the road to help is not so well defined. Can an agency’s internal teams fix the issue? How quickly will a third-party vendor respond to and fix an issue, especially if it requires communication with the open-source software developers? How much would it cost to seek help from an outside consultant?
Overall, the uncertainty is a major drawback, given the importance and cost of public safety and government training and the high degree of coordination it requires to deliver and track. When the foundation of a training program goes down, agencies need some assurance that it can quickly be recovered.
Security
Security is also a serious consideration when selecting any software solution, especially for government agencies. Malicious foreign actors will go to extreme lengths in their efforts to compromise the technological systems that house some of our most important and sensitive information; a recent incident where hackers attempted to sneak a vulnerability into an open-source toolkit, is one example of such a dangerous incursion. It is not hard to imagine such attackers submitting compromised code, which can be highly sophisticated and undetectable to all but the most advanced users, in a project that is largely open to contributions from anyone.
Reputable open-source software developers will practice responsible disclosure and provide other guidance to enhance the security of their software’s installations. However, at the end of the day, an agency utilizing open-source software as a basis for a homegrown system must rely on their internal teams to ensure data security.
Beyond just malicious actors, there are also concerns related to data sovereignty and data localization to consider. Software purpose-built for U.S. government and federal entities, like the Acadis® Readiness Suite, is built, hosted, and maintained within the United States and as a result, subject to U.S. data protection laws and regulations.
There’s a reason why the Federal Risk and Authorization Management Program (FedRAMP) exists and why federal agencies must adhere to it when utilizing cloud service providers—they must protect vital data, and they need software that supports that level of security.
Acadis Is Your Security Partner
The Acadis AWS GovCloud-hosted solution not only provides a stringent security environment but is also backed by more devoted resources for better visibility into the global security landscape than most government entities are able to staff to support their local environment. Today’s security needs leave many government employees open to vulnerabilities without the right resources, and getting caught in a cybersecurity issue can cause havoc when it happens.
It is also important to consider the software that is being hosted on these cloud environments. Many software application providers in the industry will attempt to present the AWS/Azure/Google compliance credentials as their own, which is an incorrect approach. It is extremely important that software application providers have their own specific audits on the software application. Within the AWS GovCloud hosting, Acadis as a software application provider is audited annually and approved at the FedRAMP-Moderate level and has been evaluated against CJIS standards.
Government agencies are not-one-size-fits-all
The fact remains that government and public safety agencies have unique needs when compared not only to the private sector, but also to each other. Different agencies will have varying security needs based on the data they handle, as well as differing training requirements related to the duties of their personnel.
Often, agencies will also need to incorporate hands-on or other specialized training that may not be possible to track and deliver through the run-of-the-mill learning management system (LMS). Additionally, they may have extensive reporting and records retention requirements that are beyond the functionality offered by systems not built to meet these needs.
An open-source software or generic program will almost certainly require tweaking to fulfill every requirement of these large, complex, and evolving agencies. In the long run, government agencies can save time, money, and resources by selecting software that has been built from the ground up to meet their support, security, and functional needs.
Learn more about the Acadis® Readiness Suite and how it can support training management and academy automation at your agency.
Request a Demo
Vector Solutions’ suite of industry-leading software solutions includes training management systems, online training courses, live skill evaluations, academy automation, and an early intervention and conduct management system.
