Software Escrow – Protecting Your Assets

Software Escrow – Protecting Your Assets

July 30

Escrow services for technology assets like software source code don’t make the news much these days. Typically, the only headlines featuring “source code” and “escrow” appear in vendor and developer press releases, never part of any actual news stream. Few developers want to bring attention to the potential for any adversity involving their software source code or their businesses, and fewer still want to subject their intellectual property (IP) to close scrutiny by those who may not share the same interests.

Yet the news emanating from the far fringes of technological development now drives awareness of the need for protecting all technology assets, especially mission-critical applications. The sudden appearance of so many escrow service providers can be looked at two ways. The dismissive view says they’ve finally discovered search engine optimization techniques. A more cautious take says that the new visibility provides an early glimpse of a changing, growing technology asset management landscape.

Computing and communications have collided in a myriad of hardware and software configurations. At times it seems like there are as many apps for smartphones and tablets as there are individual using those devices. Business use of social media and mobile devices is commonplace – though not always wholly welcome. Hosted or cloud-based applications have democratized access to enterprise computing. Internet-connected, wireless, ad hoc, BYOD (bring your own device) networks and environments – used together, all present multidimensional challenges in systems of confounding complexity.

Software may be unique among commercial transactions and relationships. Users are somehow responsible for the operational behavior as well as maintenance of applications not created by them. Even so, those same people remain dependent on the vendor for bug fixes, revisions, updates (enhancements), upgrades (new or retooled functions), and, frequently, customization. If the vendor goes out of business or changes product direction, the customer assumes total responsibility for the application, even the customization performed by the original vendor. In a worst-case scenario, a mission-critical application breaks and replacement is not an option, and in today’s “always-on, IT-everywhere” world, neither is data disruption.

In short, you must also prepare for the possibility of a disruption to the vendor’s business. To avoid a similar catastrophe, you must have the original source code to make the necessary repairs or changes.

Clearly, understanding source code escrow isn’t just for contract managers anymore. It’s part of any complete BDR strategy.

The days of one-stop shopping for all your business IT needs are long gone. Application development startups haven’t had this kind of opportunity since the dawn of the desktop computing era. It’s not exactly the Wild West scenario of the dot-com years, but developers, vendors, and service providers are duking it out in the marketplace, trying to establish brand supremacy if not establish their products as default standard. Many new software developers will have truly superior applications that some business users may find indispensable and essential.

And stunning number of those startups will cease to exist long before their applications fall from favor.

It bears repeating that when the IT system in its entirety is strategic to company survival, escrow becomes essential. Risk mitigation means more than just loss avoidance when business continuity is at stake.

Let’s face it, a successful risk mitigation strategy means your source code escrow agreement will probably never be anybody’s cover story. Safeguarding technology assets means protecting the interests of both the vendor and user. You can count on vendors using every tool and technique available. Software users must do the same.

Got software and thinking of upgrading? Here are five reasons why you may want to hang onto what you’ve got. 

Photo Credit: eschipul via Compfight cc