What is the difference between Software Escrow and SaaS Escrow?
With today’s businesses increasingly relying on software and SaaS (Software as a Service) solutions, ensuring continuity and mitigating risks are valid concerns. Two similar solutions which are used to safeguard against potential disruptions are software escrow and SaaS escrow. While these solutions both share the end goal of business continuity and providing protection, they differ slightly in their approach.
This article explains what software escrow and SaaS escrow is, what different solutions are available and why businesses are choosing to invest in technology escrow services.
What is Software Escrow?
Software escrow, also known as source code escrow, is a three-party agreement between a software developer (the depositor), the end user (beneficiary) and the software escrow company. The objective of a software escrow agreement is to provide comfort to the end user that if the software developer is unable or unwilling to support the software, the code can be released to them.
Typical software escrow conditions outlined in a software escrow agreement usually include the following and may be negotiated between the parties:
- Insolvency: The state of being unable to pay debts
- Bankruptcy: Declared in law as unable to pay debts
- Discontinuing support or service of the software application
- Failure to support the product that is licensed to the Beneficiary and then failing to cure such a material breach within 10 days of notice
- Transfer of IP rights to a third party who does not provide the same level of protection provided for in the software escrow agreement
For software developers, the software escrow agreement would be set up to ensure the ongoing maintenance and continuity of the software for their clients while protecting their intellectual property (IP).
How Does Software Escrow Work?
During the software escrow setup, the depositor will deposit, with the software escrow company, the latest version of the source code which is normally through an automated deposit system directly from GitHub, Bitbucket, GitLab and many other popular version control apps or via SFTP/S3 buckets.
To ensure the files are accessible and free of viruses, some software escrow companies will perform a file integrity test as part of the source code deposit. The source code would only be released to the beneficiary if the depositor can no longer support or maintain the software.
There are a few software escrow solutions available, these are:
Single Beneficiary Software Escrow Agreement
A single beneficiary software escrow agreement is usually used when a client is licensing software from a software company. It is made up of the depositor, beneficiary and the software escrow company as the independent third party.
Multi Beneficiary Software Escrow Agreement
Multi beneficiary software escrow agreements are often used by software companies to provide comfort to their clients that they have a standing software escrow agreement in place and are protected should anything happen. This type of agreement allows the software company to add an unlimited number of beneficiaries to the master agreement.
What is SaaS Escrow?
Similar to software escrow, where critical software source code is stored with an independent third party, SaaS escrow applies the same logic to the entire cloud environment including the data hosted within a SaaS application. It allows businesses to protect their data that resides within SaaS applications hosted by a third party, protecting them against data loss.
The most popular SaaS escrow solutions include:
Verified Software Escrow for SaaS – Everything you will need to recover the SaaS environment – Verified on an annual basis
The Verified Software Escrow for SaaS service incorporates a deposit of all the cloud assets that would be required to build and deploy the SaaS application and cloud environment. The deposit materials are verified on an annual basis to ensure that all the components required to build and deploy the software have been submitted to Escrow London.
Software Escrow for SaaS – Deposit of all the cloud assets to recover the SaaS environment
The Software Escrow for SaaS service incorporates a deposit of all the cloud assets that would be required to build and deploy the SaaS application and cloud environment.
SaaS Access Continuity – Verified access credentials to the SaaS production environment
The SaaS Access Continuity service is a cost-effective solution best suited to a single-tenanted environment that provides the beneficiary with the required access credentials and documentation to the production cloud environment. In the event of a SaaS vendor failure, the beneficiary would gain access to the cloud hosting account enabling them to pay the bills and to transfer the account ownership.
Enterprise SaaS Continuity Escrow – With live continuity
The Enterprise SaaS Continuity Escrow solution provides a redundant operating or “hot” environment of the SaaS application that can be switched over or quickly spun up in the event of a release situation. This escrow environment is managed by the SaaS Escrow vendor for an agreed period of time before being transferred over to the beneficiary or another third party to continue to maintain the system.
Why choose software escrow and SaaS escrow?
Deciding whether or not to invest in a software escrow or SaaS escrow agreement depends on the significance of the software to business operations and whether it is crucial for day-to-day activities – if the software provider were to cease operations, would the company be able to continue its operations?
Companies today have become heavily reliant on the cloud and SaaS hosted applications. To further enhance business operations, more are handing over significant control of their critical applications without any vision of the financial stability of the SaaS vendor. With more companies across all markets shifting this responsibility to their SaaS and service providers, there has been an increasing need for SaaS escrow to assure access continuity for these SaaS applications in the event of SaaS vendor failure.
With the growing importance on cloud based and third party technologies, many markets such as the financial industry and regulations such as PRA SS2-21 in the UK, Digital Operations Resilience Act (DORA) across the EU and APRA CPS 230 in Australia are enforcing stricter regulations on the use of material outsourced contracts and suppliers. These regulations are specifically tightening on the importance of continuity planning, testing and stressed exit planning to ensure operations can continue.
Ultimately, the decision to invest in software escrow or SaaS escrow depends on the risks the company is willing to take, how critical the software is and the potential impact to the business if the software or SaaS applications are compromised.
Conclusion
While both software escrow and SaaS escrow offer vital protection, selecting the appropriate solution depends on factors such as the nature of the software application, business requirements and risk tolerance. For businesses heavily reliant on customised or mission-critical software, software escrow provides invaluable reassurance by preserving access to the source code. Equally, organisations adopting cloud-based SaaS solutions benefit from SaaS escrow’s focus on safeguarding essential data and ensuring service continuity.
##
About Escrow London
Escrow London is a global software and SaaS escrow company with offices in London, UK, and Sydney, Australia. Our North American division called The Escrow Company, is based in Atlanta, US.
We have invested considerable resources into innovation to reinvent software escrow for a SaaS world. Escrow London provides a range of SaaS continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud hosted SaaS applications. We support a wide range of clients includes major law firms, banks, central banks, insurance companies, technology companies and government organisations.
To find out more about Escrow London and our software escrow and SaaS continuity escrow solutions, visit our YouTube channel.
Â