PORTLAND, Ore.-While many financial institutions still ponder the benefits of using open source technology for their coding needs, nascent BankSimple has gone full steam ahead.
The start-up bank, which is testing its product with select customers, uses open source platforms for the development of nearly all of its web and mobile applications as well as the back-end systems that will power the bank when it finally throws the on switch for the 100,000 people who have signed up for its branchless services.
"Our relatively small [development] team has been able to build an enormous amount of functionality in a short time," Alex Payne, co-founder and chief technology officer for BankSimple, told American Banker, an affiliate of Credit Union Journal.
A financial institution doesn't have to be a so-called "bank of the future" to work with open source. Just about every large institution, whether directly or through vendors, uses open source applications and platforms today, experts say. The benefits are substantial: Institutions can potentially save 80% on project costs, which they can complete more quickly, because no one vendor is developing the code.
Not A Panacea
But working in an open source environment isn't a panacea either. In fact, it brings a critical set of management issues to which banks and credit unions need to pay attention. Institutions have to carefully examine licenses for open source code, for example. And they must pay strict attention to upgrades, patches and security. Finding knowledgeable coders can also be an issue, and because open source is based on communities, banks have to learn how to share part or all of the code they are developing.
"There is a critical mass and virtuous cycle for those contributing to an open source community, and you spread the cost of development over time to a broader audience than just your company," said Mark Driver, research analyst and VP of open source and application development for Gartner.
Defining Open Source Software
Open source software is code that is available to the public to use and change, free of charge under an open license. Communities typically develop the software collaboratively. And the theory goes that because so many eyes are on the code, it is more stable and more secure, as opposed to proprietary code where only the project team gets to see it.
Companies using open source must change their way of thinking about code and coding. As opposed to the typical vendor relationship, where the customer can pay the vendor to work on fixes, work in open source communities is collaborative. When there's a problem, the institution has to rely on the community to provide an answer. Users of open source are also expected to contribute code, or something equivalently useful, back to the community.
"There is a supplier-customer relationship that people know how to deal with in the commercial world, but in the open source world, no money exchanges hands, and when someone says, 'I need this feature,' I say, 'Why are you telling me?'" Ian Skerrett, VP-marketing for the Eclipse Foundation, of Ottawa, told American Banker. Eclipse is an open source foundation started by IBM.
70 Licensed Platforms
There are thousands of open source projects, and about 70 platforms licensed by the Open Source Initiative, a nonprofit group overseeing standards and licenses. However, banks only use about half a dozen of those. The most popular platforms include the Linux operating system, Apache's Hadoop MapReduce, useful for analyzing big data sets; Eclipse, which is useful for Java development; Drupal, for content management systems, and JBoss, an application server platform. Well-known consumer applications like the Android operating system for smart phones are also open source.
"Financial institutions are looking at the competitive advantages [from open source] and they are not afraid of getting their fingernails dirty with the code because there is now a very sophisticated and mature development environment," says John Igoe, executive director of cloud solutions for Dell, of Round Rock, Texas. Dell created its own open source platform, called Crowbar, which it released in 2011. Crowbar is a provisioning framework for computer networks.
Bank of America, which has been using open source development since 2005, says the open source market is mature and can save programmers time and money, freeing them from reinventing the wheel on non-critical code. "Open source communities are pushing innovations [like the cloud] and they are no longer relevant solely for delivering alternatives to commodity products," wrote Tim Golden, senior vice president and midrange platform product manager for Bank of America, in an e-mail.
Wells Fargo & Co. started using PERL as a general purpose scripting language about 15 years ago. Today, like a lot of banks, it is turning to Apache's Hadoop for big data analysis applications, and Eclipse for Java design issues that affect online banking, among other things. "We are heavy users of open source in certain application areas...we find some of the tools are best of breed and help us get the job done better, faster, and smarter," says Mark Tiggas, SVP and managing systems architect at Wells Fargo.
Biggest Management Issues
The biggest management issues around using open source have migrated over time, Tiggas says. Initially they were about accountability. As opposed to the traditional vendor relationship, it was hard for Wells Fargo IT staff to know where to go if something went wrong in an open source environment, American Banker reported.
The current issues are more familiar to those using open source. Licensing, for example, has to be handled extremely carefully. Open source licenses can be distributed in one of two ways. The first is called a General Public License, or GPL, which links any code you develop to the open source and makes it available to the community, as opposed to more restrictive licenses that let you maintain more of your code by overlaying it on the open source platform.
About half of all open source code projects are GPL, says Jeffrey Hammond, a principal analyst for Forrester. That creates a competitive issue for FIs that might not want their competitors to see their code. "You have to be very clear about what license the software you use is," Hammond said, advising that FIs also run licenses past internal counsel.
Avoiding Certain Software
That resonates for Wells, which says it is very cautious about the open source technology it introduces, especially since younger developers can be more cavalier about licenses. "Some of the licenses are egregious, and we will not use that software because the licenses do not meet our requirements," Tiggas told American Banker.
Similarly, BofA execs say it's critical to establish a risk policy specific to open source.
"The policy should outline the risks of using [open source], techniques for managing risk, and a method to determine whether or not the anticipated benefits of using [open source] outweigh the overall level of risk," wrote Don D'Angelo, senior vice president and open source product manager at Bank of America in an e-mail.