I'm a regular user of R and RStudio for both my work and studies. I work in a large corporation and am trying to get our IT to build a package for R, RTools and RStudio as I think it could really help improve some of our work-flows, reporting and more importantly our analysis. Once the packages have been created it will allow users to request the software can be installed on their PCs remotely
IT are pretty resistant to this stating that the software is open source and therefore may be subject to some vulnerabilities to hackers more than the applications they pay for (i think the reasoning is a bit suspect) but I believe the escalation and more prominent targets last year with hacking incidents is probably influencing their thinking.
I mentioned the RConsortium and the fact that Microsoft develop packages for the eco-system but I need probably something a little more tangible for them.
Their main concerns seem to stem from security so they want to know how R and Rstudio are patched and kept up to date.
Can anyone help me with arguments to try and push it as a safe to use at work tool
There are a lot of interesting conversations that come up when discussing R in the enterprise. Industry aversion to open source is definitely eroding, though (i.e. linux is becoming the de-facto standard for server infrastructure in many places).
In any case, this article does a good job of articulating an approach to "bringing R through the front door" of an org (even though R is prone to come through the back door)
I think you are right to point out the suspect reasoning that "open source = vulnerable." There is a lot of conversation to work through there.
Also, if you are thinking about security, it might be worth taking a look at RStudio's pro products if you haven't already, which are designed to integrate into enterprise security infrastructure without sacrificing the ability to play nicely with the open source R community.
Finally, I definitely advocate for building internal R packages to support your infrastructure. There is no reason that such a package needs to be "open source." In fact, I believe it is common for organizations to have "internal" R packages that are withheld from the open source community and make R data science easier internally.
Thanks for all the help and feedback. After supplying the R-FDA document and mentioning more on how bigger companies are using the tools including a blog post from revolutions, I have convinced the IT department to install R
So glad to hear that! Well done marshaling that discussion.
Hopefully that is a discussion that will be increasingly unnecessary in months and years to come. However, if you or others have need, I thought of another resource that might be useful. It's a list of customer spotlights from RStudio.
The list of customers (it scrolls intermittently) includes some big names, and the spotlights are specific stories of how R and RStudio have been used successfully by those customers. I find it ironic that name dropping has such success with IT/IT security people (i.e. dropping the "Microsoft" card) - perhaps it just disarms some subtly held biases.
