Iain McLaren/Have you checked your software stored in escrow lately?

Created Thu, 12 Sep 2024 00:00:00 +0000 Modified Thu, 12 Sep 2024 00:00:00 +0000
260 Words

Software escrow

Have you checked your software stored in escrow lately?

https://www.mixonline.com/business/inside-iron-mountain-its-time-to-talk-about-hard-drives

For critical software and software as a service (SaaS) projects, large customers often require their suppliers to store the source code for the supplier’s software in escrow. This allows customers to access this source code, and hopefully fix bugs in the software, even if the supplier goes insolvent or otherwise stops providing the service.

Iron Mountain is often used as an escrow agent, but there is a potential problem:

A few years ago, archiving specialist Iron Mountain Media and Archive Services did a survey of its vaults and discovered an alarming trend: Of the thousands and thousands of archived hard disk drives from the 1990s that clients ask the company to work on, around one-fifth are unreadable.

To be clear, this is not Iron Mountain’s fault. It is up to the customer (i.e. the software supplier) to decide how to store data (i.e. the software source code) in escrow. There is a vast difference between uploading the software source code to a service like Amazon’s Simple Storage Service (S3) which is built to minimise data loss over time vs just delivering a physical hard drive to a trusted third party to store for decades. Hard drives all fail over time.

It’s a good reminder of the usefulness of annual business continuity tests.

When negotiating contracts for our clients, we often find ourselves helping our clients think through how to ensure that their business continuity plans will work in practice during the first few years and potentially decades into the future.