SaaS Escrow for AWS Hosted Software
Automated Git Deposits
Escrow Solutions for AWS Hosted Applications
Protecting AWS Applications and Data 24/7
Escrow London is leading the way in creating innovative AWS Escrow solutions that provide actual, ‘real-time’ business continuity in the event of a release. Escrow London maintains a team of AWS certified solution architects who have intimate knowledge of AWS services and are experts in creating replicated AWS environments for recovery. The Enterprise SaaS Continuity Escrow solution provides the Beneficiary with the assurance that in the event of a release, Escrow London will be on hand to keep the lights on and provide a continuity of service for a period of up to 90 days.
The AWS Escrow Solution For An Application Hosted Within AWS Would Typically Include All Or Some Of The Following Components:
Source Code Deposits
Source code of the SaaS application may be deposited manually or automatically directly from the SaaS vendor’s Git repository (GitHub, Bitbucket, GitLab, Azure DevOps and more).
Escrow London can step in and pay AWS on behalf of the Beneficiary to ensure continuity if the SaaS vendor is unable to make payments due to a bankruptcy or insolvency event.
An AWS CloudFormation template deposited in escrow allows for the rapid deployment of an AWS environment. CloudFormation allows the SaaS vendor to model their entire infrastructure in a text file.
Escrow London provides the option to maintain a dedicated AWS account that contains a working replicated environment of the SaaS vendor. This would provide the Beneficiary with an immediate continuity solution in the event of a “lights out” scenario.
For SaaS vendors using Amazon RDS for their database instances, Escrow London is able to provision a dedicated AWS account that contains the replicated RDS database instances for each Beneficiary. Vendors also have the opportunity to deposit database backups or snapshots to Escrow London on a scheduled basis.
Under the SaaS Access Continuity service, the SaaS vendor is required to deposit and update the access credentials on a quarterly basis or more frequently if required. These credentials will allow full access to the AWS console and the production environment.
Diagram of Enterprise SaaS Continuity solution hosted within AWS
Verification for SaaS Escrow Services
Escrow London offers a range of Verification services to provide comfort to the Beneficiary of the usability of the escrow in the event of a release. Our Verification services for applications hosted within AWS include:
Cloud Deployment Verification – Provides the assurance that all information, files and source materials including deployment scripts required to build the software have been deposited into escrow and verified for completeness and useability. An Escrow London consultant observes the Depositor performing a compilation/deployment and documents the process. This includes:
- Capturing the deployment process using screenshots;
- Asking questions to clarify the deployment process;
- Identify and document any third-party dependencies.
A final report will be issued covering the verification process including screenshots confirming the product deployment.
Cloud Deployment Verification with Code Quality Audit – Provides the Beneficiary with Independent assurance that in addition to the deployment process, as included in a Cloud Deployment Verification, an Escrow London consultant will perform a deep dive into the quality of the source code materials deposited as part of the escrow agreement. This exercise will provide assurance that the deposit contains source code for all components of the software and that the source code may be modified and that variables, functions, etc appear to be defined clearly and explicitly. This additional process is designed so that a third-party developer could continue to maintain the source code if ever required.
SaaS Release Verification – This test is performed as part of the Enterprise SaaS Continuity Escrow solution to simulate a release condition of a SaaS environment. This process is to ensure that the application is functioning and that the data is accessible by the end user.
Access Credentials Verification – Full test conducted on a scheduled basis to ensure that the AWS accounts are accessible using the deposited access credentials. A report will be produced following each test. Both parties will be alerted should Escrow London be unable to access the individual instances with the supplied credentials.
Mobile App Compilation Verification – This test is performed to verify that the deposited source code for a mobile app may be used to build and run a functioning version of the app for both Android and IOS on a local machine.
Comprehensive Build Verification of Source Code – Full test of the deposited source code to ensure that it can be re-built into a working application. One of our experienced developers oversees the build process to ensure that all the files and documentation required to compile the system are included within the escrow deposit.
Static Application Security Test (SAST) – This service is a recommended verification which analyses and identifies security vulnerabilities contained within software source code (for web and mobile applications). As part of an escrow agreement, this service provides additional assurance that potential vulnerabilities can be identified and remedied. Escrow London will produce a detailed report which will be provided to both the Depositor and Beneficiary.
What happens in the event of a release?
In the event of a release situation, there are several options available to the Beneficiary to ensure business continuity:
- Enterprise SaaS Continuity Escrow – The AWS instances under the management of Escrow London will be placed into a live state and logon access credentials will be provided to the beneficiary. This option allows the beneficiary to continue to work on the platform for an interim period until a replacement solution is found. At any time during the post-release period, the Beneficiary may request for the escrow AWS account to be assigned to them.
- Software Escrow for SaaS – All the deposit materials including source code, deployment scripts and databases are transferred to the Beneficiary.
- SaaS Access Continuity – Escrow London will transfer the AWS account and access credentials over to the Beneficiary.
SaaS Financial Alerts
In addition to the SaaS Escrow service, we offer a Financial Alert Monitoring service to ensure that the SaaS vendor is up to date with their vendor payments to AWS. Escrow London will be assigned various billing permissions allowing Escrow London to step in and make payments on behalf of the Beneficiary.
AWS CloudFormation templates deposited in escrow can greatly assist in the speed of recovery in the event of a release situation. To learn more about AWS CloudFormation watch the video.
Looking to implement a secure software escrow solution?
Leading Companies Trust Escrow London
YES! I want a free quote
If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.