Much has been made of the fact that Red Hat will be the first billion dollar company using an open source model. Many people say that Red Hat will also be the only company to ever reach a billion dollars based on an open source model. I have written before that I think there is more than one way to skin the open source success story. Companies who use open source don't need to make a billion dollars to be successful. I was reminded of this again this week talking to my friends at Alert Logic.
I do some blogging and other consulting for Alert Logic, mostly on a blog called Secure Cloud Review. I wanted to disclose and make that clear from the outset here. For those of you who don't know the name, Alert Logic is a provider of Security-as-a-Service to enterprises primarily through cloud and hosting providers. They are based down in Houston. The reason I bring them up is that they released their yearly and quarterly financial results today. Alert Logic is a private company, but unlike most private companies they release GAAP financials publicly. You can read the release yourself, but Alert Logic had another record year and cracked the 25 million revenue barrier. Granted not anywhere near a billion dollars, but in a new market such as Security-as-a-Service, a solid accomplishment and their growth trajectory continues upward and onward.
I had a chance to speak with Urvish Vashi, their VP of marketing about it yesterday. Urvish and I go way back to a company called Interliant that we both worked at during the good old days of the first Internet bubble. Urvish and I discussed the fact so much of Alert Logic's infrastructure is based on open source software. That open source base allows Alert Logic to really concentrate on their "special sauce" over and above the base open source foundation.
In the information security space there are some great open source tools and projects which have been developed and are widely used. From the Snort IDS/IPS and ClamAV engine both owned and managed by Sourcefire, to the venerable Nessus vulnerability scanner which though newer versions are not open source, many people still use the older open source versions of. OSSIM, the open source SIM is another great open source security tool. I could go on, but you get the picture. Security is awash in open source projects, many of which represent the cream of the crop in terms of quality.
But open source security is not the only open source tools that have allowed Alert Logic to grow at this prodigous rate. Part of Alert Logic's success is based on thier cloud based grid where they store security event data. Almost the entire grid is built using open source software. Again, Alert Logic is not alone here. How much of the cloud is built on LAMP stacks and use almost primarily open source software?
As a result of all of these open source tools, many companies like Alert Logic have been able to use these foundationally and put their resources into building on top of them. While this is very true in security, it is also true in other markets. By leveraging the open source tools available companies can ramp up quicker and the pace of innovation is accelerated. That is the real key, innovation. Innovation is the lifeblood of the technology business. But ultimately businesses are judged on money, on revenue and profits and losses. In the case of Alert Logic and other companies leveraging open source, the answer to whether or not an open source business model can be successful is being answered affirmatively every day.
So are there successful open source based companies? You bet there are and you would be surprised that you will find them all around you. You just many not realize it.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.