The Hidden Costs of Open-Source Promises in State IT Projects

When it comes to information technology (IT) projects, one of the first and most important decisions a state must make is what kind of technology to use. Today, most states choose between open-source solutions and proprietary Software as a Service (SaaS) solutions. While each approach has its benefits and tradeoffs, open-source solutions come with increased uncertainty in terms of both expenses and operations, and these uncertainties and hidden costs make open-source options particularly risky for state agencies.  

If states are unaware of these drawbacks, they risk being caught off guard by higher-than-expected costs and unreliable operations or compliance. As a result, open-source options often leave states just as dependent on large vendors – without the efficiency, stability, and continuous improvements that proprietary SaaS solutions are designed to provide.  

Open Source vs. Proprietary SaaS: What’s the Difference? 

Open-source solutions offer publicly accessible source code that can be used, adopted, and shared freely, generally without charge. As such, open-source options require little upfront investment in terms of price or vendor collaboration. Instead, they require states to customize and maintain the solution themselves, with experts on staff who are responsible for ensuring the system remains secure and operational.Proprietary SaaS solutions are vendor-maintained, with source code that is configurable for each state but ultimately managed and owned by the vendor. States typically pay a subscription fee, and the vendor handles configurations, maintenance, security, and compliance. This requires more vendor-state collaboration than an open-source approach, but also allows states to benefit from predictable costs, ongoing support, reduced risk and liability, and collaborative enhancements informed by a community of platform users. 

A Note on Custom-Built Solutions: Custom-built solutions are developed from scratch and can be either open-source or proprietary. While they promise a perfect fit, they can be costly, extremely slow to implement, and hard to maintain or update over time. As such, they’ve become unpopular with state IT projects, and we don’t discuss them further in this blog. For most states, the choice today is between open source and proprietary SaaS. (You can read more about the custom-built approach here.) 

The Hidden Costs of Open-Source Software 

Open-source solutions may sound empowering. They’re marketed as low cost, flexible, and community-driven, offering greater state autonomy. But below the surface, these solutions often mask hidden dependencies, ongoing security risks, and generic platforms that don’t quite fit the unique needs of state programs. We explore these drawbacks here. 

1. Greater autonomy brings heightened responsibilities and hidden risks.
   While open-source solutions give states more control, they also shift the burden of system configuration, operations, security, and compliance onto the state. States must maintain staff who can fix defects, manage updates, adapt the system to policy changes, and handle vulnerabilities. States also assume responsibility for any resources and risks involved in these processes. Staffing vacancies and hiring delays can present serious issues, and because open-source code is accessible to all – including malicious actors who may use it to identify and exploit vulnerabilities – security risks are heightened. 
2. Unpredictable, ongoing expenses can easily outweigh initial savings.
   Managing an open-source system not only requires states to hire and retain expensive consultants or in-house experts for customization, maintenance, and support – it can also lead to unpredictable expenses related to integrating and scaling the system and ensuring security and ongoing compliance. Over time, these costs can add up and, in many cases, offset the initial savings associated with open-source options. 
3. License complexities may create legal hurdles and maintenance headaches.
   Open-source software comes with a range of license types, and some may conflict with each other or have strict, unexpected clauses. For example, some licenses require users to go through the open-source vendor for things like updates and patches, and others require all platforms using the open-source code to operate in a similarly open-source manner. Ensuring compliance can require significant coordination with the vendor as well as legal and administrative resources, especially when juggling multiple licenses.  
4. Support is unpredictable and not guaranteed.
   Open-source solutions are often praised for their extensive communities of support, but while this community-driven support may be robust at times, it isn’t contractually guaranteed. Help may therefore be inconsistent or absent when needed most, leading to costly delays, unresolved problems, and the need to acquire additional resources.  

What States Should Look For 

Given the potential risks of open-source solutions, it’s essential for states to be strategic when choosing technology. States should set a high bar for any IT solution, insisting on predictability, accountability, and ongoing support. In practice, these qualities require significant investment and oversight in open-source solutions, making proprietary SaaS solutions a better, more reliable choice for most state projects. Key factors to consider: 

• Predictable, Performance-Based Costs: With all the current and ongoing policy changes, proprietary SaaS solutions offer pricing options that are easy to predict and plan around. Additionally, choosing vendors who tie contract costs to outcomes ensures that states only pay for the outcomes that are met. 
• Built-In Flexibility, Support, and Client Collaboration: SaaS vendors that proactively adapt to state needs and policy changes and regularly update and upgrade their solutions offer states enhanced reliability and reduce the work required to manage program shifts. SaaS vendors that provide opportunities for client collaboration also tend to offer advantages in adaptability and innovation.  
• Security and Accountability: Because state programs deal with a considerable amount of protected and confidential information, it’s crucial that states select technology partners who take responsibility for security management and compliance. Proprietary SaaS solutions mean less risk and liability for the state both today and in the future, as the vendor takes responsibility for managing these aspects of the solution. 

Final Thoughts: Making the Right Choice

In practice, open source isn’t always as open, easy, or cost-effective as it seems, and it often comes with surprise drawbacks that can pose serious issues for state agencies. It’s important for states to be aware of this as they make decisions about what kinds of technology solutions to procure.  

While proprietary SaaS solutions may require more vendor coordination and upfront costs, they are also more likely to provide the predictability, performance, and reliability that states need – especially in the face of shifting policy and compliance requirements. As states embark on IT projects, choosing solutions that deliver transparency, accountability, and dependable support will be critical for long-term success. 

For More Information: 

• Read about the success of one of our longest state IT partners: Your Health Idaho. 

• Learn about performance-based contracts and how they benefit states. 

• Check out our approach to privacy and security at GetInsured.