Essentially, software escrow is the deposit of software source code with a third-party escrow agent, such as Iron Mountain. The source code is securely administered by a trusted, neutral third party to protect the developer’s intellectual property while at the same time keeping a copy safe for the licensee in case anything happens, such as the vendor no longer being able to support the software. If that situation does happen, the licensee requests a release of the source code from the escrow account and is able to keep their business up and running. This effectively gives the licensee control of the code and options to move forward.
Here are the myths I frequently encounter, and why they are just that – myths.
Myth #1: Escrowing my software isn’t a good bet.
Think about this. You hope your house never gets damaged in a storm, you never get in a car accident, or you never need to go to the hospital. But if any of these things do happen, you have insurance to help you out. Essentially, technology escrow is like insurance: you hope you never have to use it, but you want to be sure it’s there when you need it – and it works.
We partnered with IDG Research to ask IT decision makers about the risks of licensing critical technology. More than half reported they entered into a relationship for use of critical applications with a vendor who failed to meet their expectations. The most common reason for that failure was a breach of service level agreements (SLAs), which is fairly easy to correct. However, 35% cited causes that are harder to bounce back from: failure to support the application; a merger or acquisition; or the vendor’s bankruptcy or insolvency. Those are all excellent reasons why software escrow is a good bet.
Myth #2: My escrowed source code is likely to be incomplete or out of date.
We strongly recommend some level of escrow verification services for every escrow agreement. This ensures that in the event of an escrow release, you’ll have everything you need to effectively read, recreate, and maintain your developer’s technology in-house – or transition smoothly to another vendor. Verification is like a physical for a pro athlete to make sure they are in good health before signing a contract.
In addition, to make sure your software is up to date, it’s important to specify the frequency of your software vendor’s deposit updates in the escrow agreement. Ultimately, you need to make this a priority with your vendor and the escrow agent.
Myth #3: Even if I get my source code out of escrow, I don’t have the expertise to use it.
The ability to gain access to the source code and other proprietary information gives you options. Your options could include maintaining your software or technology yourself – or hiring someone to do that. Interestingly, more than half of the companies we spoke to about their recent escrow releases hired former programmers from their defunct software vendor to maintain the product. You should think of the end game and work backward from there. Also, make sure your lawyer crafts the necessary legal “use rights” for the intellectual property and its intended use.
Myth #4: Delays and legal battles often accompany a release
The main benefit of a software escrow release is the ability to avoid the cost and delays of litigating in bankruptcy court against a trustee, other creditors, or anyone who claims the licensee doesn’t have a right to the source code. The vast majority of escrow releases happen smoothly without the need for dispute processes or litigation. In two decades, the number of arbitrated releases in dispute is 0.688%. Our job is to make things easier.
Myth #5: Escrow is too expensive.
In reality, not having a software escrow agreement is far more expensive. Our customers say it best:
- “Quite honestly, escrow is very cheap insurance.” — Senior Director of Technical Services, RedPrarie
- “Considering our investment in the software, the cost to protect these assets is trivial … ” — Director of IT at Trans World Entertainment
Myth #6: As people move to SaaS, source code escrow is unnecessary.
Most companies today rely on Software-as-a-Service solutions for some of their critical business applications. You may think that means software escrow is no longer needed. (It’s in the cloud, right?) Actually, with SaaS, you need to think about both your software application and your data which adds a level of complexity. It’s also important to know that your SaaS provider’s business continuity/disaster recovery plan does not extend to your application and data.
That’s why Iron Mountain developed its SaaSProtect® Solutions for business continuity. These services offer a disaster recovery and risk management solution for both SaaS providers and subscribers.
Myth #7: It doesn’t matter which escrow vendor you choose, it’s a commodity business.
As with most things in life, you need to trust who you do business with.