Recently, I Made Wiryana, an information technology (IT) lecturer of Gunadarma University in Depok, West Java, who also worked as an IT advisor for various institutions, such as the National Police, the Finance Ministry’s Directorate General of Customs and Excise, the Health Ministry and the Indonesia National Single Window, told The Jakarta Post that various national institutions had already migrated to open source database management software.

“Oracle is very expensive, because you have to pay the license for the various microservices it comprises. Also, you cannot just install your database management system on a single computer to avoid operational disruption; you have to install it across many computers. Imagine buying 35 different licenses for 35 computers,” he said.

Contacted separately, Julyanto Sutandang, the chief executive officer of IT Solution Provider Equnix Business Solutions, said clients could get the open source database management software for free; while paying only for a consultant who helps them install, administer, fix and troubleshoot the system.

“The agile nature of the open source database management system allows corporate clients to be highly flexible in procuring it. For instance, when they need to procure the software rapidly, they do not need to use their capital expenditure funds; they can just use their operational expenditure instead to accelerate the procurement process,” Julyanto said.

The proprietary nature of conventional database management software like Oracle will naturally require companies to use capital expenditure, a type of spending used to purchase expensive products, such as printing machines, cars and IT infrastructure. Meanwhile, the IT consultancy provided by open source specialists, could easily be classified under the operational expenditure category.

Julyanto added that the economic consequences of the COVID-19 pandemic, which had forced many businesses to tighten their budgets, could also prompt more individuals to rent open source database management software instead of buying the expensive conventional software licenses.

“By paying only for the support services that the IT consultants give to run the free-of-charge software, these companies end up paying a far more affordable price with the open source system,” Julyanto said.

Yet the open source software has been quite controversial among users, with some people questioning its security integrity.

The question has been raised again recently, after someone leaked the private data of writer and avid social media user Denny Siregar. The data theft was allegedly committed by an outsourced worker who, as reported by tempo.co, was working for state-owned provider Telkomsel.

According to ICT Institute executive director Heru Sutadi, cloud-based open source software will indeed allow clients to enjoy lower maintenance costs. However, he warned, open source database management system could be vulnerable to security threats due to the employment of third-party IT consultants to administer the system.

“When you buy conventional database management software, you already have the entire software package, you can just administer and modify the system independently without involving any external consultants, thus maintaining data secrecy, be it of our company or individuals,” Heru said.

“Once a third-party consultant accesses our software, he or she will learn our username and password. Although we can always change our username and password upon a maintenance session, there is always possibility that an outsourced consultant has infiltrated our data system with some backdoor attacks or malware,” he continued.

IT analysts define backdoor attacks as incidences where authorized or unauthorized parties manage to bypass typical security measures to tamper with someone’s computer system, network or software application.

Cases of doxxing, whereby a person has his or her data accessed and leaked to the public in cases that have often befallen famous (and infamous) public names, such as Denny in the most recent high-profile incident, are examples of such backdoor infiltration.

These security threats do not mean that we need to throw the baby out with the bathwater concerning open source database management software like PostgreSQL. Yet, Heru said, users have to do their due diligence before deciding to use the cloud-based system.

“For instance, you might want to set up an internal team in your organization that you task with installing, administering and controling the use of the open source software. Therefore, you have to also have deep knowledge on the compatibility of such software with your system and what features they have,” he advised.

I Made, meanwhile, said that the National Standardization Agency (SNI) made it compulsory for information technology software to be open to governmental institutions to comprehensive audits to ensure their security.

“The United States military, for instance, has implemented this. Unfortunately, Indonesia is yet to have a ministerial regulation to set this SNI requirement in stone,” he said.