Published OnFebruary 20, 2018Smart software licensees mitigate their risk for mission-critical business applications. Educate yourself on software escrow.
One of my favorite quotes is by Benjamin Franklin:
“We are all born ignorant, but one must work hard to remain stupid.”
This quote embodies a personal philosophy of mine, that we all have the opportunity to learn and continually improve ourselves. Here are some of my observations about how companies I work with use software escrow, and what they have learned along the way.
Observation: Smart software licensees (or buyers) mitigate their risk by creating business continuity plans for their mission-critical business applications. It’s a rock-solid strategy that is especially important as we face another technology evolution – including the Internet of Things (IoT), Artificial Intelligence (AI), Autonomous Vehicle technology, and blockchain technology – all which will certainly provide tremendous opportunity along with catastrophic threats.
- Question: How can these buyers of technology perform the right vendor assessment and mitigate their operational dependency, before signing licensing agreements?
Suggestion: A software escrow agreement (also known as a technology escrow agreement) is an integral part of a strong business continuity plan. By putting an escrow agreement in place, the licensee can access the software source code, and all the other components needed, to keep their mission-critical application up and running in the case of an unforeseen event. These materials are kept in escrow with a neutral third party, such as Iron Mountain, and are released to the licensee if certain release conditions or triggering events occur. Examples of release conditions can include bankruptcy, lack of support, merger or acquisition, etc.
Software escrow and escrow verification services provide greater protection by enabling the licensee to effectively read, recreate, and maintain their developer’s technology in-house, or transition smoothly to another vendor, should anything happen to their original software developer. Smart technology buyers learn how to assess their risk. Here is a top-level model developed by NIST. It can help you think about your risk if you were to lose access to critical technology.
What’s the Risk? Application Risk = Operational Dependency + Time + Cost + Vendor Assessment (NIST model*)
Food for Thought: I recommend prioritizing your applications based on your organization’s level of operational dependency, and then escrow the applications that are the most business-critical.
So, I’ll close with another favorite Ben Franklin quote:
“You may delay, but time will not.”
* NIST = National Institute of Standards and Technology