Last year, Singapore's Ministry of Defence stirred the global IT industry with its decision to install open-source software. With plans to install OpenOffice in thousands of desktops, the announcement was considered one of the biggest open-source implementations by any government agency.

CIO Cheok Beng Teck (right) and his team cover all their bases to minimize the risks of adopting open source

Mindef had decided not to upgrade to Microsoft Office 2003, choosing instead to install OpenOffice on 5,000 desktops. By March 2006, 20,000 desktops will be installed with the open-source productivity software.

When the news broke, it made headlines on several Asian and international technology media, and it was heavily discussed in several online forums.

In an interview with CNETAsia, Cheok Beng Teck, director of Mindef's CIO office, revealed the events that led to the landmark project. Together with his two senior IT staff, Cheok shared the decision-making process, the implementation strategy and the lessons learnt.

He also dispelled myths about open source, including concerns about vendor support and staff productivity, and explained it wasn't just about the price tag.

Getting hooked early
Prior to the OpenOffice project and the establishment of the CIO office, Mindef had already been using open-source software (OSS).

"Mindef has been using open source from day one," said Cheok, noting that the Defence Science Technology Agency, for example, was one such user.

The open-source movement in Asia When open source comes marching in Thailand: Finding middle ground Malaysia: Pushing for education Singapore: Mindef's lessons learnt Click here for more updates on open source.

"Back then, it was a very project-centric environment and IT was decentralized," he recalled. "People used open source, and they managed the risks themselves."

It was only after the Mindef CIO Office was formed, almost three years ago, that a decision was made to gain better control over the use of OSS. Cheok's team has put in place an open-source infrastructure that is centrally managed, and backed by support policies.

"I got Chong Chan Meng (Mindef's assistant CIO for planning) to work with a lawyer to study the different licensing agreements so that we know what we can and cannot use," said Cheok. Chong, he said, wrote a policy paper to manage the risks involved in the implementation of OSS, and kept a register of all open-source software used.

"This was necessary because we cannot expose Mindef to unnecessary risks," said Cheok. "With the policy paper, we know what open-source software we can and cannot use."

The allure of open source
Cheok strongly believes that any CIO office, or any company, that is of any significant size should have open source as part of their technical architecture and as part of their overall strategy.

"Open source is a technology that helps better align business requirements to IT from a cost point of view," he noted, adding that he sees open source as "an opportunity to promote organizational transformation".

He believes that an organization that adopts open source sends out certain positive signals. "First, that you're cost-prudent, although some people may say it's not true that open source has a lower TCO (total cost of ownership)," said Cheok. "Second, and most important, we send the message that we're willing to try new technology, and we're willing to take risk."

A company that implements OSS well also sends the signal that it has an IT team capable of managing the risk of moving from one technology to another, he added.

Cheok said the risk of adopting open source is "not the so-called 'viral' nature of open source because that, in my opinion, can be managed very well".

The bigger risk, he said, is in using the wrong software. "If you use the wrong open-source software, your company can come to a standstill. And that's where the costs can be higher, because business is disrupted when we use the wrong technology," he explained.

This makes the lives easier for organizations like Mindef, which have the IT security expertise and resources available in-house. "These organizations can analyze the codes if they choose to, and in theory, mainstream OSS codes are also scrutinized by the global OSS community", Cheok noted. "If you look at the data and statistics of Web sites that have been defaced or attacked, they indicate that Microsoft servers seem more vulnerable. Their vulnerabilities are more publicized, and hackers seem to prefer targeting Microsoft servers," he said.

But, numbers aside, companies that implement OSS must remain vigilant. "One can never be absolutely sure whether OSS is more secure because the source codes do not operate on their own. You need a compiler," Cheok noted. "One may never know what will happen after the codes are compiled. Also, unless we go through every single line of code, we can never be sure that there are no other malicious codes running in other parts of the system."

The OpenOffice story
The CIO office has also been experimenting with StarOffice but eventually decided on OpenOffice, said Jimmy Lee, an assistant CIO with Mindef.

Cheok said it was a "no-brainer" decision to not upgrade from Microsoft Office 97, which is no longer supported by the software vendor. "Mindef has achieved a cost avoidance of at least S$15 million (US$9 million) by not upgrading to Microsoft Office 2003," he said.

After performing environment testing of OpenOffice, Mindef timed the open-source deployment with the desktop productivity suite upgrade. "Mindef is so huge, so we need to align with the overall desktop upgrade program. From the time we started to experiment with StarOffice to the implementation of OpenOffice, it was about 1.5 years."