Is Source Code Escrow Worth It?

With Digital transformation at the forefront of many organisations around the world, they are becoming increasingly reliant on software applications to assist with the day-to-day running of their businesses. With this increased uptake, there also comes an increased pressure on these organisations to mitigate against risks involved when adopting a more digital approach. Implementing a future proof business continuity plan will provide these organisations with the reassurance that if the worse happens, they will be able to easily recover their software applications without major disruption.

Current IT Market Trends

There has been a huge shift in cloud and SaaS adoption globally, notably with government, large enterprise and financial institutions. A recent article issued by BMC Software looking at the state of SaaS in 2022 found that:

  • The SaaS market is currently growing by 18% each year. North America is the most mature market in terms of cloud computing services adoption, due to several factors, such as the presence of many enterprises with advanced IT infrastructure, and availability of technical expertise.
  • By the end of 2021, 99% of organisations will be using one or more SaaS solutions
  • Nearly 78% of small businesses have already invested in SaaS options
  • SaaS adoption in the healthcare industry grows at a rate of 20% per year
  • 70% of CIOs claim that agility and scalability are two of the top motivators for using SaaS applications

As a result of the above findings, organisations are having to find suitable, cost effective and easy to deploy solutions to mitigate against the risks associated with modern service delivery methods and the growing responsibility of service providers.

Data breach and ransomware attacks are also at the forefront of the digital and technological corporation world. Circulating the news currently is a vulnerability named Log4Shell. First detected in December and known as a zero-day vulnerability, it is found in the popular Apache Log4j open source logging library which  is used in nearly every enterprise app and service from vendors including Microsoft, Twitter, VMware, Apple and Amazon. This vulnerability enables a remote attacker to take control of the device on the internet if it is running certain versions of log4j. Attackers can easily feed Log4j with malicious commands from the outside and make it download and execute dangerous code from malicious sources, putting organisations around the world at a huge risk.

With an increase of these types of attacks, organisations must look to safeguard themselves from what could be a catastrophic consequence for their IT environment if not protected.

Why is Source Code Escrow Important?

So, what have these current IT trends got to do with source code escrow?

The objective of a source code/software escrow agreement is to provide comfort to the end user that if the software developer is unable or unwilling to support the software, the source code can be released to them and business operations can continue as normal. Source code escrow services include the deposit of the source code of software with a third-party escrow vendor. Source code escrow is, thus typically requested by a party licensing software (the licensee or beneficiary), to ensure maintenance of the software while protecting the IP of the developer.

Types of source code escrow agreements available to organisations are as follows:

SaaS Escrow Agreement – Used when the application is a SaaS hosted in Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) or data centre. This agreement protects both the cloud environment and the customer data. With a SaaS Escrow solution, the developer would typically deposit deployment scripts, containers and databases in addition to source code.

Single Beneficiary Source Code Escrow Agreement – Made up of the depositor, beneficiary and the source code escrow vendor as an independent 3rd party. A source code escrow service agreement of this type is usually used when a client is licensing software from a developer. The agreement clearly outlines the release events and a guideline for the process should a release occur.

Multi Beneficiary Source Code Escrow Agreement – These are used by a developer to provide comfort to their clients that they have a standing source code escrow agreement in place. By having a Multi Beneficiary agreement in place, under a single agreement, the developer is able to add an unlimited number of beneficiaries to the master agreement.

Data Holding Agreements – these are used when a company is using a developer to create a bespoke application and the beneficiary owns the intellectual property.

Source code escrow agreements can also be set up to provide protection from ransomware attackers.

Source Code Escrow Agreement Benefits

Thinking back to the main question of this article, is source code escrow worth it? Well, we definitely think so! Just take a look at the benefits of setting up a source code escrow agreement can get you.

Business Continuity Satisfaction – Think of a source code escrow agreement as taking out a car or house insurance policy – you know you are protected if the worse was going to happen. Ensuring piece of mind if their software provider goes out of business or cannot support the software is what organisations these days are focusing on to minimise a halt to their business operations.  

Highest level of information security and data protection – Source escrow vendors understand that a software developers source code is their “crown jewels” and it should be protected accordingly. Investing in a source code escrow agreement will ensure the highest level of information security and data protection for the software developer. The pain of negotiating software license agreements is understood and a source code escrow vendor will ensure that the process of implementing a source code escrow agreement will be simple and efficient.

Provides accurate and up-to-date source code – A source code escrow agreement will only have value if the source code and deposit materials are up to date and accurate. Investing in a source code escrow vendor who can introduce automated deposits as standard within all their agreements will provide extra benefits to an organisation. Being in the know that they have safe and regular back-ups of their source code which can be released to them if needed, will result in having their business operations running continuously.  

To learn more about who should pay for a source code escrow agreement read our recent blog here.

To view all of our recent articles click here



About Escrow London
Escrow London is a global software escrow vendor with offices located in Atlanta, USA, London, United Kingdom and Sydney, Australia.

We have invested considerable resources into innovation to reinvent software escrow for a SaaS world. Escrow London provides a range of SaaS Continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud Platform hosted SaaS applications. We support a wide range of clients includes major banks, central banks, insurance firms, technology companies and government.