Source Code Escrow – Are you just following the herd? A revisit in a SaaS World


After recently reading an article written in 2008 – Source Code Escrow: Are You Just Following the Herd? and with it still being a prominent ‘source code escrow’ search result on Google, it is clear that this article is now not relevant in today’s IT landscape, so why is it still on the first search listing page?

With Digital transformation at the forefront of many businesses around the world they are becoming increasingly reliant on SaaS hosted applications to assist with the day-to-day running of their businesses, with North America being the most mature market in terms of cloud computing services adoption.

With a huge shift in cloud and SaaS adoption globally, it’s time to set the record straight and educate companies today on why they should look to find suitable, cost effective and easy-to-deploy continuity solutions to mitigate against the risks associated with modern cloud service delivery methods and the growing responsibility of service providers. While we are not saying you should follow the herd, let’s at least have a rethink about source code escrow and educate yourself on why using a source code escrow / software escrow vendor can bring benefits to you and your business continuity needs in today’s SaaS world.

What is a Source Code Escrow Agreement?

The objective of a source code/software escrow agreement is to provide comfort to the end user that if the software developer is unable or unwilling to support the software, the source code and other critical deposit materials can be released to them and business operations can continue as normal. Source code escrow services include the deposit of the source code of software with a third-party escrow vendor. Source code escrow is, thus typically requested by a party licensing software (the licensee or beneficiary), to ensure maintenance of the software while protecting the IP of the developer.

The 3 most popular types of SaaS Continuity Escrow solutions available to companies today are as follows:

  • Replicated SaaS Continuity with 90 Days of Live Availability – providing a replicated cloud environment with databases using deployment templates that may be activated in the event of a release situation. In the event of a release, the software escrow vendor will be on hand to keep the lights on and provide a continuity of service for a period of up to 90 days.
  • SaaS Environment Escrow – incorporating a deposit of the cloud environment which may include containers, deployment scripts, templates, automated deposits of databases and source code deposits from Git repositories including relevant documentation.
  • SaaS Access Continuity – including the deposit of the developer’s access credentials to the cloud hosting vendor’s production account. Solutions include the transfer of the access credentials to the Beneficiary and the possibility of the software escrow vendor maintaining the production environment for a 90 day period to ensure continuity post-release event.

Source Code Escrow Benefits

When reading through the article – Source Code Escrow: Are You Just Following the Herd? – it lists reasons why source code escrow is an ineffective and costly mechanism. However, this is just one side of the argument. Over the years, source code escrow vendors such as Escrow London have adapted themselves to improve upon their customers’ overall experience and turn source code escrow into a painless process. To prove this point, here are just a few benefits of source code escrow to bear in mind.

  1. Business Continuity Satisfaction

The article suggests that there are low release rates in escrowed software, and therefore customers often find it easier to find an alternative software provider. Although true, if your critical software vendor enters into bankruptcy, and you don’t have access to your code or data, this could be catastrophic for a company. It’s like saying only a small percentage of houses burn down so it’s not worth having building insurance. The cost of source code escrow is usually a small percentage of the overall cost of an investment in technology.

  1. Automated deposits ensure up-to-date data

“Often source code escrows fail to provide adequate protection because, upon release, the source code is frequently outdated, defective or otherwise fails to meet the customer’s needs.” This quote taken from the article is not the case anymore for companies using Escrow London. Customers are now encouraged to use automated deposits directly from the developer’s git repositories. In addition to this verification testing of the Deposit Materials is recommended to ensure the source code and other Deposit Materials are actually usable.

  1. Correct provisions in place will provide a certain level of assurance

Although the statement “Customers lack expertise to use the released source code” is correct, provisions can be put into place to provide a certain level of assurance for the Beneficiary:

  • Verification testing includes the production of a detailed documentation guide providing a step-by-step process to build the  code and deploy the code for SaaS environments.
  • A SaaS Continuity model provides the customer the re-assurance that in the event of a release, the source code escrow vendor commits to deploying the source code to a cloud environment and spinning up a functioning system.
  • “Especially because many software license agreements prohibit customers from soliciting the vendor’s employees upon termination of the licensing arrangement.” Most release events are caused by the bankruptcy of a developer. Even if a Beneficiary has a non-solicit within a license agreement, if the Developer is no longer around, it will not be enforced. From experience, source code escrow vendors have seen newly unemployed  developers moving from the developer to the Beneficiary to assist with the maintenance of the source code and application.
  1. Significant Delays and Legal Battles Often Accompany a Release – Not in bankruptcy!

Quoting a company called Venics, the article explained about their long release delay and expensive legal battle resulted in a costly investment for them. Although this may be the case some of the time, in the event of bankruptcy, the situation is pretty clear cut and the Developer usually does not have the funds to fight a release event. Still not a reason to not have a source code escrow agreement due to the situation of a potential legal battle. What other alternatives are there?

  1. Utilizing an Escrow can be Expensive – True but take the time to see if it is worth it.

This is a benefit/risk analysis for the Beneficiary to make. The Beneficiary needs to determine:

  1. How critical is the application to the business.
  2. What the cost will be if the developer is no longer around and they lose access to the system and data.
  3. How much are they investing into the technology -for example, if the company in question is looking to invest £10m into a new, mission critical system, £15k per year is insignificant for the assurance a SaaS Continuity escrow provides. However, if the company is only adopting a small internal training system costing £10k per year, it would not make sense to invest in a Continuity Software Escrow solution as the potential downtime of this system would not cause a serious impact to the business.

In conclusion, is source code escrow an ineffective and costly mechanism for today’s businesses? By working with a leading source code escrow vendor, such as Escrow London, who can offer innovative solutions which provide real-time continuity for your business and in the event of a ‘lights out’, can provide seamless disaster recovery is definitely something to look into.

Want to know more? Read our blog – How enterprise companies are ensuring business continuity when adopting SaaS Applications.

#

 

About Escrow London

Escrow London is a global software escrow vendor headquartered in the United Kingdom. Our global coverage is provided across our London office, Escrow London North America Inc in Atlanta, and our Australian office in Sydney.

We have invested considerable resources into innovation to reinvent software escrow for a SaaS world. Escrow London provides a range of SaaS Continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud hosted SaaS applications. We support a wide range of clients includes major law firms, banks, central banks, insurance companies, technology companies and government organisations.