The Complete Magazine on Open Source

We have not faced any glitches, as we do the security hardening”

SHARE
/ 1619 0

Ganesh Jayadevan, Chief Technology Officer, Mahindra Comviva

Does open source work in sensitive sectors like telecom, you ask? Well, Ganesh Jayadevan, CTO, Mahindra Comviva says, ‘Yes’ with loads of confidence. Open source technologies form the basis of the tech stack in his company and with some of his key customers too. Jayadevan not only uses them for resolving tech issues, but also recommends them to his customers. Diksha P. Gupta from Open Source For You spoke to him about how he uses open source technologies at Mahindra Comviva. Read on…

There are many CTOs across the country, who are still contemplating the usage of open source technologies and then, there are many, who have pioneered its use. We are talking to one from the latter group. Ganesh Jayadevan, CTO, Mahindra Comviva, has mastered the art of using open source technologies not only within his premises, but also encourages his customers to do the same. And he does this with loads of confidence. He shares his open source tech deployments: “Our company is about 15 years old and since the very beginning, we have been embracing open source. We started with the Linux platform. We have been using Apache for a very long time. MySQL has been my favourite for years now. So, to give you a short and sweet answer, we have been embracing Linux for about 15 years now, right from the time we began our journey. As more and more open source components keep coming up, we add them to our stack, based on our needs. We keep upgrading to open source technologies every now and then.”
Jayadevan uses open source technologies in every possible domain. He informs, “ To elaborate, we use open source on the operating system side. However, we just don’t go out there and pick up a nightly build; we go through Red Hat or a company like that. I think Red Hat is doing a decent job of curating Linux. So, we buy their support. When it comes to using Linux at Mahindra Comviva, we do that at the level of operating systems, Web servers, databases, and on the applications side. We use open source tools in the smallest possible places; like, for image processing, we use an open source tool called OpenCV.”
In a domain in which the use of open source technologies has been considered a risky proposition, we wonder how comfortable Jayadevan is with these technologies and how he manages the risk factor. He answers with a smile, “So far, we haven’t faced any opposition from the customers of our technologies. As long as we take care of the security requirements, they are quite happy. However, there are customers who specify certain things at the time of the agreement. MTN Africa has an agreement with our group, which states that its products should not be shipped with MySQL. They largely prefer Oracle versions. To conclude, we don’t see any perceived threats because of open source and whatever security has to be addressed, we do that. We do our regular audits. We have security professionals coming in and doing audits of our development process, our product processes; and whatever points they highlight, we take care of them. So, open source itself doesn’t hinder us in any way. There is no anxiety around using open source and, with respect to security, we have not faced any glitches because we do the necessary hardening.”
Explaining the details of the security hardening process the company follows, Jayadevan states, “There are two large areas that I can identify for which security hardening is required. One is the operating system hardening itself. There are security tools that we have identified and use for this. Second, on the application side, we see that the threats can largely be internal rather than external. We pick up those loopholes and take necessary care of them. As I said, we have security firms that audit our applications. So before we go for any audit, we test the applications at all levels and fix the loopholes. So there is an operating system level security and then there is an application level security check that we impose.”

The reasons are simple…
We all know the benefits of open source technologies, but it is people like Jayadevan who actually leverage those benefits. He shares, “There are a few reasons why open source technologies are our first choice. There is a commercial side to it – it definitely reduces the TCO, resulting in reduction of customers’ TCO as well. So it results in a win-win situation for us as well as for our customers. What is even more interesting is that the talent that is available is very comfortable with open source technologies. People who come from the universities have used open source tools extensively, and therefore getting the right talent becomes quite easy, unless we’re talking about some really unknown or specialised tool. People these days understand Linux. They understand Apache tools. So the availability of talent is such that we don’t have to struggle to train people on this domain. In addition, open source tools have a large community base. In fact, if you ask me, I am more comfortable with open source tools than the proprietary ones because with open source, I don’ have to worry about lock-ins. So there are multiple reasons why we are comfortable with open source technologies.”
Interestingly, Jayadevan got enough support from his management too. He states, “I faced no opposition from the management’s end. In many ways, we are a technology shop. The company is full of techies, who have a fondness for open source, so the road was clear there. I never really had to fight for open source with my senior management. We prefer open source, unless the customers say that they do not want open source and specify alternate technologies.”
Unlike many other players, the community doesn’t really matter much for Jayadevan’s team. He shares, “Well, the community factor is a not-so-important for us because most of our tools come from Red Hat and other such vendors. Vendors like these have a set of curated versions and they do a terrific job of supporting them. So, in that sense, we have had to go to the community very rarely to get a patch. Open source is sort of a compulsion for a company like ours, as we operate mainly in the developing markets. We operate largely in India and South East Asia. A big part of our revenue comes from Africa. These are all price-sensitive markets. We have never had a challenge with open source and that is a fact.”