Favorite Social Media Timesink
When you take a break from work, where are you going?
Video clips on TikTok/YouTube
X, Bluesky, Mastodon et al...
Web surfing
I do not get distracted by petty amusements
Data / Open Source / Security

Vetting an Open Source Database? 5 Green Flags to Look for

It’s important to scrutinize your options carefully — your mission-critical applications depend on it.
Jun 9th, 2023 11:25am by
Featued image for: Vetting an Open Source Database? 5 Green Flags to Look for

By now, the vast majority of companies (90%, according to a report from GitHub) use open source in some way. The benefits are undeniable: Open source is cost-effective, accelerates innovation, allows for faster iteration, features robust community-driven support and can be a magnet for attracting talent.

While unsupported open source is free, most companies choose to invest in some type of supported open source solution to make their implementation of this technology robust enough to operate at enterprise scale. These solutions provide a sweet spot between the challenges of managing open source oneself and the vendor lock-in associated with proprietary software.

Given open source’s massive popularity, it’s no surprise that a plethora of supported open source solutions exist, but not all open source solutions and providers are created equally. It’s important to vet your options carefully — your mission-critical applications depend on it.

Here are five green flags to look for.

1. The Solution Offers Resiliency

Nobody wants to deal with application downtime: At best, it’s inconvenient and, at worst, it cuts into revenue and can cause reputational damage to a business. So, what happens if you experience a failure in your infrastructure or data center provider? How do you minimize the impact of planned maintenance?

Open source products, more specifically, open source databases, seldom have built-in resiliency solutions to address this.

For this reason, resiliency capabilities are the hallmark of solid open source database solutions. Depending on a company’s recovery time objective (RTO), which can range from seconds to days, businesses should look for holistic open source database solutions that offer database high-availability/disaster recovery in the event of unexpected failure and, in some cases, go further to facilitate uninterrupted application uptime during scheduled maintenance. Backup and restore capabilities, too, are an important part of the resiliency equation, so make sure any solution you adopt supports regular backups (that are actually usable!) at appropriate intervals. Backup capabilities to look for are the ability to perform full backups, incremental backups, point-in-time recovery and selective data restoration.

2. The Solution Features Robust Security

In today’s world, where high-profile data breaches are a frequent occurrence, robust security is vital. From a database perspective, supported open source solutions should provide safeguards like encryption while data is in transit and at rest, plus value-add options such as redaction for sensitive information, like credit card data. This is especially crucial for highly regulated industries like financial services, health care and government that handle our most sensitive data.

Capabilities for enhanced auditing are also important for security, as they let organizations see who did what to a given data set, and at what point in time. Additionally, employing fine-grained role-based access control (RBAC) enables companies to establish specific parameters governing data access, ensuring that information is only visible to individuals on a need-to-know basis. These are just some of the capabilities that can denote superior, safe and secure open source database solutions.

3. Your Provider Gives Back to the Community

Organizations should be invested in giving back to the open source projects their solutions support, so keep an eye out for companies who focus on driving innovation for the greater good of the community. Giving back might include things like providing funding, making significant contributions to the code or educating people on/furthering the message of the project. These are all signs of a true open source partner.

The closer a company is to the open source project its solution supports, the more adept it becomes at understanding and solving its customers’ problems. This is the most effective way it can influence the direction of the project to better support customers while simultaneously driving innovation in the community.

4. It’s True, Non-Captive Open Source

There’s an important difference between offerings that are legitimate open source versus open source-compatible. “Captive” open source solutions pose as the original open source solution from which they originated, but in reality, they are merely branches of the original code. This can result in compromised functionality or the inability to access features introduced in newer versions of the true open source solution, as the branching occurred prior to the introduction of those features. “Fake” open source can feature restrictive licensing, a lack of source code availability and a non-transparent development process.

Despite this, these solutions are sometimes still marketed as open source because, technically, the code is open to inspection and contributions are possible. But when it comes down to it, the license is held by a single company, so the degree of freedom is minute compared to that of actual open source. The key is to minimize the gap between the core database and its open source origins.

Choose solutions with licenses that are approved under the Open Source Initiative (OSI), which certifies that they can be freely used, modified and shared. Signs to look for include solutions that are supported by a robust community rather than driven by a single company. Additionally, solutions that frequently release new versions and features are also indicators of a quality provider.

5. The Solution Is Flexible

The database you choose should be flexible and customizable, allowing for different deployment models, integration with other systems and support for different data types and formats. A truly flexible database service can be deployed in various models, including on-premises, cloud-based, or hybrid and multicloud deployments. It also caters to different infrastructure preferences such as bare metal, hypervisor and Kubernetes. This flexibility can extend into support for multiple data models, allowing users to work with relational, document, graph or other data models within a single service to accommodate different application requirements.

Database services with flexible pricing and billing have the added benefit of allowing users to choose the most cost-effective plan based on their usage patterns. Look for solutions that offer various pricing models, such as pay-as-you-go, subscription-based or tiered pricing to maximize value for your investment.

At the end of the day, when it comes to open source database solutions, appearances can be deceiving. It is crucial for companies to invest additional time in thoroughly evaluating these solutions to avoid getting locked into an undesirable situation. When all is said and done, the rewards of effectively harnessing the power of open source are significant. By remaining vigilant and discerning throughout the evaluation process, you can identify the most suitable solution that truly fulfills your requirements. Look for those green flags.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.