What Is Software Escrow and Who Needs It?
Developers need a trusted partner to hold their source code and ensure their software users uninterrupted access. To put it simply, software escrow provides developers and users with valuable peace of mind.
If you’re in the business of creating mission-critical software applications, your customers need some kind of assurance that you—or at least your source code—will always be around, in case their software needs maintenance, updating, recompiling or reinstallation. Your reputation may be sterling, but your customers require more than your word when making a major software purchase.
Software escrow is that something extra. It’s a way of mitigating risk when two or more parties negotiate a software license. When you create a software escrow contract, your source code is placed in a secure escrow account held by a trusted independent third party.
That means if in the future you’re not able to support the product for reasons specified in the escrow agreement—such as bankruptcy, obsolescence, merger or acquisition—your licensees will still have access to the source code they need to keep their mission-critical applications up and running.
Software in Store—and So Much More
At Iron Mountain, software is 80 percent of the intellectual property held in escrow for clients. But our clients store many other items as well, such as hardware, firmware, databases, formulas, a cookie recipe, a jet engine and even a genetic sequence. Any type of intellectual property needing ultra-high security is a prime candidate for some kind of escrow.
Successful software escrow provides real-time, Web-based account management and incorporates chain-of-custody best practices. A client knows that any deposit is being safely stored and is easily monitored. Security is key, and it must be part of the entire process, from the storage of the assets to the procedures for access and retrieval. The levels of escrow security include:
- Deposit security, which tracks the chain of custody from the time of receipt to the release of the deposit. A vendor encrypts and transfers electronic media deposits using secure transfer protocols.
- Storage and facility security, which prevents unauthorized access to storage vaults. A professional escrow service provider will store all escrow media and documents at secure offsite facilities that include uninterruptible power supplies, noncombustible construction, fire protection and access-control security systems.
- Deposit retrieval security, which establishes ground rules for the release of escrowed materials. Storage administrators won’t move the materials from their storage location until they complete a comprehensive internal review and material inventory.
Escrow, Up There in the Cloud
We all know the traditional licensing model in which a developer delivers software that its customers install and use locally. Today, however, the Software as a Service model (SaaS) is becoming increasingly prevalent. Here, the customer never receives actual software, but instead goes online to access an application hosted on the SaaS provider’s servers. This can be a dicey setup if the provider hosting the end user’s data experiences a service interruption.
To protect against the threat of downtime, both the provider and the user will welcome the chance to bolster traditional software escrow with a separate escrow account for storing executable code, and an automated data backup and recovery service so continual access to data is provided. They all work together to protect access to SaaS applications and data in the event of unforeseen circumstances.
It’s Really a Matter of Trust
Ultimately, software escrow is about building trust between developers and users of software. Developers protect their assets while proving they have a solution for long-term software support, and users can buy that software without worrying about future access to the core source code or data that may one day be required for disaster recovery, maintenance or upgrades. It’s a significant step toward peace of mind—and what businessperson couldn’t use a little more of that?
Lawyers: Consider the Escrow Proposition
Are you an attorney representing clients who use custom mission-critical software? If so, consider recommending that these users implement software-escrow services to ensure their business continuity. An escrow account protects software users, buyers and licensees by providing access to their vendor’s source code under specific conditions in the escrow agreement. Attorneys should recommend escrow protection to their clients if:
- The software or technology is mission-critical to the client’s business
- Many employees rely on it
- The technology impacts the client’s customers
- The technology is difficult or costly to replace
- Third-party software is embedded into the technology
- The client is developing or trying to maintain a corporate risk management strategy
Do you have questions about software escrow services? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s consulting services team. You’ll be connected with a knowledgeable product and services specialist who can address your specific challenges.
The Many Faces of Technology Escrow
Practice Safe Software Procurement
Software Escrow: A Best Practice Against Business Interruptions
How Verification Services Fortify Your Software Escrow Solution