South African technology solutions companies should take heart from the fact that software escrow’s ability to provide business continuity assurance is one of the key drivers of the growth in SaaS hosted applications in the US.
This is the view of Escrow Europe MD Andrew Stekhoven, who points out that many US companies have taken the plunge and adopted SaaS hosted applications like productivity apps such as Monday.com, Salesforce, Slack, and Trello as part of their workflow management systems.
And, as these companies have become more comfortable with SaaS hosted apps, they are widening their adoption of anything from entire banking systems, police enforcement, airline management systems, insurance portals, ERP systems and more driving growth in SaaS.
The reason? They’ve realised software escrow’s ability to provide business continuity assurance, a hymn Stekhoven has been singing for nearly two decades.
His refrain goes something like this: “The risk to business continuity under the SaaS model is that the application and user data are typically hosted on third-party systems, with third party licensors, within their physical walls and managed by their staff and their protocols.
“And, in an ever-changing marketplace, young and small software development companies can abandon their products for myriad reasons – insolvency, bankruptcy, the sale of the company to a competitor, major failure that remains unremedied or a ransomware attack. etc. This leaves its customers with an unsupported, un-maintainable product – and for SaaS End-Users the possibility that their ability to do business is effectively “switched off”.
“For instance, a third-party licensor, or, a hosting party, could terminate the SaaS providers service in which case the SaaS Users access to both the application, and their data, would immediately be denied.”
Stekhoven points out that a correctly structured active escrow arrangement is a vital measure for mitigating the Operational Risk contemplated by organisations using SaaS based solutions. This is because a correctly structured SaaS escrow arrangement deals with much more than just the aspect of source code access – it must also provide for access to vital elements that include all of the following:
- The operational system itself
- Data belonging to the SaaS user organisation
- The actual compiled code that can be loaded on an alternative processing platform in the event of an emergency
- The source code and related technical documentation required to access, implement, maintain and support the application software itself
In this way a SaaS escrow arrangement safeguards business continuity for the SaaS user organisation, specifically including access to their organisation’s own data, in the event that the SaaS provider is no longer able to supply the service, for whatever reason.
He also maintains that, as with conventional software licensing, one of the most elegant ways of managing the risk of your business’s absolute dependence on SaaS based information technology is active software escrow.
The Institute of Directors in South Africa (IoD) agrees with him and has endorsed active software escrow as an operational risk management measure. The IoD believes that active software escrow complies with corporate governance imperatives and bridges the divide between dependence on information technology over which the End-User has no control on the one hand, and Director and Officers responsibilities for business continuity and operational resilience on the other.
“Escrow Europe clients are on the forefront with this vital risk mitigation measure as their active escrow arrangements effectively address the risks inherent in the SaaS model of software application delivery,” says Stekhoven.