(Source – Shutterstock)

How governments can migrate to open-source software databases

Article by Graham Pullen, VP Sales APJ, EDB

For open-source software (OSS) advocates, the good news is that governments around the world recognize the value of OSS. However, the road to implementation can be a challenging process.

In Singapore, the Singapore Government Developer Portal is a one-stop resource hub for government digital products and services. It unsurprisingly has a policy of recommending OSS software, citing advantages such as potential savings, easier adoption, and easily available support, leading to lower barriers for innovations. However, it also recognizes there are costs associated with migration, and how to best implement security measures.

Similarly, the US government has been on a “Cloud First” journey since 2018, when government agencies were urged to migrate to a safe and secure cloud infrastructure. In fact, the Federal Government’s $4.2 Billion IT budget in 2022 lists cloud adoption as one of the top administrative priorities, according to Gartner. Naturally, we at EnterpriseDB (EDB) have seen such implementation at scale through our work with customers, including a large government branch that represents one of EDB’s largest accounts. The challenge is to ensure that agencies can fulfill their mission, and at the same time achieve cost savings and faster services while managing massive amounts of valuable data. Fortunately, these are also some of the main reasons that open-source databases like PostgreSQL, otherwise known as Postgres, have become the standard for digital transformation projects in the enterprise.

open-source

Graham Pullen, VP Sales APJ, EDB

Skepticism about security

US Government agency open source adoption has historically always been met with skepticism around security, a concern that historically has had some merit. With the amount and complexity of data to be managed, agencies do not have the luxury of ignoring that skepticism. Given the stability of an existing legacy system, it is understandable why agencies would be reluctant to migrate to an open-source solution.

Nevertheless, open source is no less secure than any proprietary database. What governments have correctly mandated are federal regulatory requirements and standards. The US for example has the Cybersecurity Maturity Model Certification (CMMC), Federal Risk and Authorization Management Program (FedRAMP), and Federal Information Processing Standards (FIPS) among many others. Singapore has regulations like the Personal Data Protection Act (PDPA), and Multi-Tier Cloud Security (MTCS) Standard for cloud storage.

The good news is that all of the protocols and permissions structures that an agency applies with its current database can be applied to an open-source database like Postgres. Open source has been able to endure for so long because of the strength of the security and exceptional versatility in catering to the myriad of regulations it must fulfill.

It is important that these security concerns are addressed head-on so that the compliance-related features of the open-source solution can be identified and built upon. Above all else, security is a shared responsibility, and a security focus must continue, even in FedRAMP cloud environments.

As with any database, vigilance and adherence to protocols are essential. Developing regular backup and recovery plans are vital. Ensuring that you have complete visibility as to who is accessing what and where data is living must be assured. But a database like Postgres must not hinder your ability to achieve these tenets of security, nor will it undermine your efforts to protect your data.

A gradual implementation process

While many US Government agencies are leaving proprietary legacy databases in favor of open source, others are taking a more gradual approach. This is also understandable, given that legacy databases are major financial investments, and agencies need to demonstrate how they are stretching every dollar when justifying budgets for new technologies.

In fact, introducing any new system itself benefits from a gradual implementation process. User buy-in needs to be generated (by demonstrating practical outcomes, usually with the help of the systems integrator). A business case needs to be presented to decision-makers, and open-source solutions can leverage the open-source community to download the database and begin work on a prototype at no additional cost.

Fortunately, open-source databases like Postgres can seamlessly integrate with your existing architecture, whether you plan on executing a gradual migration over a long period of time or simply using one database for certain purposes and a different one for others. In fact, open source won’t just coexist with your current infrastructure, it may even amplify it.

This flexibility means that you don’t have to take a one-size-fits-all approach to data management. You can always have the right tool for the job at your disposal, seizing on the potential of the new without giving up the solutions that you’ve become comfortable with.

The views in the article is that of the author and may not reflect the view of Tech Wire Asia.