This article is a transcript of a talk session by the author during Open Source India 2019 at NIMHANS Convention centre, Bengaluru.
Back in 2013, I had this idea to propose to my management to do open source. And the answer was a bit apprehensive. Because of which we never did it.
Any data or any source code that went out from our network was considered as data breach or data leakage. So, from a security standpoint, it was impossible. We are far from open banking, open API and data and still not there.
There are close to 1.40 lac employees consisting of managers, traders, sales, developers, architects and a lot of SMEs.
The organisation had many layers or silos.
If you combine all of this, you can see that it is not the right time to do open source. So instead of us doing open source, why not bring open source to us?
Inner source vs open source
Inner source is basically just taking the open-source practices and applying them internally, in your company. There are two choices for it: go to the top management to ask for a top-down approach for everyone to do an inner source or bottom-up approach. I chose the latter.
With the help of the Technical Architecture committee, I was able to see all the new projects and review them with my architect peers. After a few weeks, I discovered that there were few projects that were talking about the same technology that they wanted to bring inside the organisation. The new technology at that time was ActivePivot, a real-time data cube. I thought that why not in fact share this technology and learn from each other and maybe collaborate and build something together. So after proposing this idea to the committee, they agreed.
This led to the formation of a community where we met and shared knowledge. After a couple of months, a community member developed the monitoring of the cube. And another member became interested in that and wanted to implement it in another silo by re-doing it from scratch. This was a waste of money and time.
However, they came to me to look for a platform, to collaborate and do some code. We needed a GitHub enterprise that could be incorporated into our network. The challenge was to convince my management to purchase GitHub because it was licence-based. More than that, the challenge was to put GitHub in the middle of the organisation; not only for a specific team, but for the whole society in general. It took me approximately 1 year to convince all the heads of different departments that GitHub was useful for collaborations and inner source. For this, the internal company culture needed to change. We needed to collaborate more and stop wasting money.
After a while, we were able to set it up. That project was implemented by using GitHub to collaborate and many other projects were able to use it. We now have more than 7000 employees using GitHub on a daily basis inside the organisation.
Role of GitHub
In 2014, the brand value of GitHub was very high. Today it is even higher. To attract better talent, you need to propose better tools. This was the way we were able to put the inner source.
Now that we are doing open source, we are building our digital transformation stacks. So common frameworks and common platforms are all incorporated in the inner source. All the companies are collaborating to build our big data, data science auto-machinery, delivery platform and all the stacks and workflows between silos. This was very important behind our success. And we prove that we were able to collaborate. Previously, it was not the case.
Doing top-down approach
Two years after, I went back to my boss and told him to reconsider using open source as it was proven that it brought value to the organisation. He agreed to do it in another way. I earlier did it in a bottom-up approach and so now, I will do it in a top-down approach. For the top-down, when you go to your senior leadership, you need to come up with a strategy. My strategy was divided into 3 parts. The first part was related to using open source. The aim was to use open source not just for my team, but for the entire organisation. For instance, we were running a program to replace something by PostgreSQL.
The second was to contribute back to the community. However, if you present this idea in a way that it seems to be charity work, then the senior management would not accept it. So, you have to contribute back in a more efficient way. How? Whenever there is something missing from RDS or something else, then we take the code from RDS, put it within our network and add the features because we are not able to push it outside our network. We duplicate the framework internally and maintain the codebase by fixing the bugs.
Out of all this codebase, 5 – 10 per cent is ours and 95 – 90 per cent belongs to the open-source community. So, we are maintaining something internally which costs less.
And lastly, attract talent. When I developed something in this company, I wanted to continue developing it somewhere else too. If I have invested myself in this code, then I want to be able to continue investing in this project even afterwards. If you do not provide open-source facilities, then talent will not come to work for you. This made the senior management adopt open source. Now the whole organisation is doing open source.
In 2016, on the basis of those 3 strategy parts, we were able to contribute with our compliance, security department, legal team and communication department. So, it is becoming more and more important in the company and now it is a part of our IT strategy for digital transformation, cloud transformations and continuous delivery and Dev-ops transformations, open sourcing it at the same level.
Successes and challenges
Thanks to open source, we were able to demonstrate how we can collaborate inside the organisation and co-develop common assets for the company. Our digital transformation assets which were Azure workflow, Azure data, Azure continuous delivery, were fully inner sourced. That means that anyone in the company can collaborate and reach those assets and many other projects.
Since March 2019, we have started the Azure open source program office to do open source at scale. We train our employees to securitise everything and how they are able to do open source and contribute back to the community.
As a challenge, we still have many private repositories inside our organisation. So we are doing a lot of communication and lots of hands-on training. There are around 4000 private repositories that we have internally in our GitHub enterprise. These include secret management data, password and key, private projects, open-source ideas. So, there is still room for improvement and a lot of work to do make all repositories public. Another challenge that we are facing right now is that people working on common projects retracted and worked on the project for their manager to gain appreciation. That meant there is still an improvement to be done in the incentive model. As of today, the incentive model is vertical. It is required to be changed to horizontal.
When you have an idea, don’t present it as you would with your friend. Think from the perspective of the people for whom you are going to build, especially your stakeholders and top leadership. Start small. Don’t think that you will change everything overnight. Surround yourself with people who believe in your idea. You will only succeed collectively. And never give up (it took me 5 years).
- Do you think that there is a possibility in the future to have the entire core banking system based on open source? And what are the challenges related to security and data privacy?
Ans. We are leveraging a lot of open source like Docker, Hadoop, Angular JS, React inside our corporate system. We are engaging in digital transformation that means we are trying to leverage as many APIs as possible and be able to communicate internally with our partners. Our APIs are secure thanks to the frameworks that we are using internally. We have our cybersecurity systems so we are not going to put anything sensitive outside the organisation.
2. Companies like Tidelift and Fossa are streamlining licencing for open source and managing their process. Do you think your OSPO would work with companies like that?
Ans. We have worked with a company like that called Linagora in Paris. They helped us in order to compile and build an internal framework to choose licences when we wanted to outbound the project based on some criteria. And we are continuing to work with them.
3. Which are the top open-source projects your company contributes most to?
Ans. Recently we contributed to HBase from Apache and Aqunit, a framework where you are able to set some architectural rules in your code. A Maven plugin doesn’t exist for this framework. So, we developed a plugin for their company.
Note: The talk session has been transcribed by Vinay Prabhakar Minj of EFY editorial team.