SaaS Escrow Service 2022-05-03T11:13:16+00:00

Get a Free Quote

SaaS Continuity Escrow

Protect your SaaS Applications and Data

cloud logos
SaaS view 3

SaaS Continuity Escrow Services

SaaS services provide companies with increased efficiency and flexibility often at reduced costs.

Along with the benefits of SaaS applications come increased risks. In most situations, the SaaS vendor maintains control and storage of your data.

The most efficient way to protect your company is to implement a SaaS Escrow solution.

Together with our team of AWS, Microsoft Azure and Google Cloud certified engineers, Escrow London prides itself on providing a range of cost effective, innovative and bespoke solutions depending on individual client requirements. We have a pragmatic approach and the ability and experience to think ‘outside the box’ when it comes to SaaS business continuity solutions.

Our SaaS Continuity Escrow Solutions Include:

Replicated Saas Continuity

Providing 90 days of live continuity hosted by Escrow London in the event of a software vendor failure.

SaaS Environment Escrow

Secure deposit of the cloud assets required to independently rebuild the SaaS environment.

SaaS Access Continuity

Secure access to the cloud production environment in the event of a software vendor failure.

SaaS Command & Control Continuity

Assuring access continuity for SaaS applications hosted within a Beneficiary's own cloud tenant that is managed by the software vendor.

Supported Platforms

Saas Continuity diagram
cloud logos
Solution 1

Replicated SaaS Continuity Escrow

With live continuity hosted by Escrow London 

The Replicated SaaS Continuity Escrow solution provides a redundant operating environment of the SaaS application that can be quickly spun up in the event of a release situation.

How does it work?

This solution typically includes the automated deposit of the following assets from the SaaS vendor:

  • Source code from the developer repos
  • Deployment scripts (IaC) such a Terraform or CloudFormation
  • Containers
  • Virtual Machine images
  • Databases (including up to daily backups)

After implementation, the cloud instances will be maintained in a dormant state with a daily backup of the database.

What happens in an escrow release event?

In the event of an escrow release trigger, the Escrow London cloud account access credentials, and the Deposit Materials can either be transferred directly to the Beneficiary or Escrow London will maintain the SaaS service live for an agreed period of time (usually 90 days).

Included Verification

In order to provide complete assurance of recovery, a SaaS Release Verification is performed by an Escrow London cloud engineer on a quarterly basis to ensure that the system is deployable and operational.

Solution 2

SaaS Environment Escrow

Everything you will need to recover the SaaS environment

The SaaS Environment Escrow incorporates a deposit of all the cloud assets that would be required to build and deploy the SaaS application and cloud environment.

How does it work?

This solution typically includes an automated deposit of the following assets from the SaaS vendor:

  • Source code from the developer’s git repos
  • Deployment scripts (IaC) such a Terraform or CloudFormation
  • Containers
  • Virtual Machine images
  • Optional Database backups
What happens in an escrow release event?
 

In the event of an escrow release trigger, the Deposit Materials will be released to the Beneficiary.

Verification Options

In order to provide additional assurance of recovery, the Beneficiary may request for Escrow London to perform any the following verification tests:

  • SaaS Release Verification to confirm that the deposited cloud assets and source code are deployable to a newly provisioned cloud environment independent of the SaaS vendor. The Escrow London cloud engineers will document in detail the deployment process.
  • Comprehensive Build Verification of source code to provide assurance that the deposited source code is complete and may be used to compile the source code into a working version of the application.
how does SaaS Escrow work?
saas diagram
image of Azure secure environment
Google Cloud icons
SaaS-Access-Continuity
password
Solution 3

SaaS Access Continuity

Verified access credentials to the SaaS production environment

The SaaS Access Continuity service is a cost-effective solution best suited to a single tenanted environment that provides the Beneficiary with the required access credentials and documentation to the cloud production environment.

How does it work?

Under the SaaS Access Continuity service, the SaaS vendor is required to deposit and update the access credentials on a quarterly basis or more frequently if required. These credentials may include administrator usernames, passwords, MFA and keys to allow full access to the cloud hosting provider’s console and all the live instances and databases.

Source code and deployment scripts may be included as an optional add-on to provide an additional layer of protection.

What happens in an escrow release event?
 

In the event of an escrow release trigger, the administrator access credentials to the production environment will be released to the Beneficiary.

Verification Options

In order to provide additional assurance of recovery, the Beneficiary may request for Escrow London to perform any the following verification tests:

  • Monthly or quarterly verification of access credentials.
  • Comprehensive Build Verification of source code.
  • Environment Verification to document the architecture and configuration of the cloud environment.
  • Post-release Verification to test the ability to copy over the cloud assets from the production environment to an Escrow London provisioned cloud account.
Solution 4

SaaS Command & Control Continuity

Continuity for SaaS applications hosted within a Beneficiary’s own cloud tenant 

The SaaS Command & Control Continuity solutions is designed for Beneficiaries who have third party SaaS applications hosted within cloud accounts under their ownership. The SaaS vendor will still manage and maintain the SaaS application but will not possess ownership of the underlying cloud account. 

Beneficiaries may wish to retain ownership of the cloud hosting account as it provides a seamless transition in the event of a trigger of the SaaS escrow agreement following a vendor failure.

How does it work?

The Beneficiary or Escrow London will provision a dedicated cloud account for the specific SaaS application under the legal ownership of the Beneficiary. The root level access credentials and MFA will be reset by Escrow London and stored until a release event.

Source code and deployment scripts may be included as an optional add-on to provide an additional layer of protection.

What happens in an escrow release event? 

In the event of an escrow release trigger, the root level access credentials to the production environment and other cloud assets/documentation will be released to the Beneficiary. As the Beneficiary is already the legal cloud account owner, there will be no need to assign the account ownership from the SaaS vendor to the Beneficiary. The Beneficiary will have the rights to maintain and use the application hosted within the cloud account.

Verification Options

In order to provide additional assurance of recovery, the Beneficiary may request for Escrow London to perform any the following verification tests:

  • Monthly or quarterly update of the access credentials.
  • SaaS Release Verification to confirm that the deposited cloud assets and source code are deployable to the cloud environment independent of the SaaS vendor. The Escrow London cloud engineers will document in detail the deployment process.
  • Environment Verification to document the architecture and configuration of the cloud environment. The Escrow London engineers will work with the SaaS vendor to clearly document the cloud configuration and the procedures required to support and maintain the production environment.
AWS-login
aws billing
Solution 5

Vendor Financial Monitoring

Pre-emptive alerts to the Beneficiary if there are payment irregularities to the cloud hosting provider.

One of the first indications of financial issues within a business is the failure to keep up with supplier payments.

Escrow London provides a financial monitoring service that will provide the Beneficiary with a pre-emptive alert if there appears to be any payment irregularities from their SaaS vendor to the cloud hosting provider.

How does it work?

On a regular basis, your SaaS vendor will be paying subscription and hosting fees for critical third-party services. Under the Vendor Financial Monitoring service, Escrow London will monitor those payments both automatically and manually to ensure that all payments are made on time to the registered suppliers. 

What happens in an escrow release event?

Should a Financial Event of Default be invoked by the beneficiary as specified in the SaaS Escrow Agreement, Escrow London will have the authorisation and rights to pay the vendor invoice(s) on behalf of the beneficiary. This process will ensure a short term ‘lights on’ solution until business continuity decisions are made.

gcloud

G-Cloud 12 Approved

Escrow London Ltd have successfully been approved for the 3rd year in a row to supply their innovative escrow solutions through the latest iteration of the United Kingdom government’s G-Cloud framework.

The framework agreement covers traditional software escrow, verification services and unique SaaS escrow solutions that provide business continuity for SaaS hosted applications within AWS, Microsoft Azure and Google Cloud.

Looking to implement a secure software escrow solution?

Leading Companies Trust Escrow London

YES! I want a free quote

If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.