Your FAQ’s on Data Escrow, SaaS Escrow and Source Code Escrow answered by Codekeeper

Written by Content Team | Published on December 10, 2021


Table of contents:


Data Escrow, Saas Escrow, Source Code Escrow, it can all get a little confusing, this is why we accumulated all the frequently asked questions straight.


Data Escrow

Data Escrow

What is Data Escrow?

Without the necessary data, it is immensely hard to bring and keep a software application in a usable and useful state. Data escrow is an effective way of ensuring that any data created and managed by a business-critical software application is never at risk of being lost or inaccessible.


Specifically, by deploying data escrow, the application's end-user (licensee) ensures they are always able to access the most up-to-date copy of the data they need to operate critical functions and ensure business continuity. The data in escrow can only be released to the licensee under predefined (and verified) conditions, such as in the event of a natural disaster or their licensor running out of business.


What does Data Escrow mean?

Data escrow is a specialized data protection solution designed to maintain the safety and integrity of data essential to the proper functioning of a mission-critical software application.


Who is data escrow for?

Any company that builds software applications and their clients. While data escrow is not intended to replace operational backups, security-minded companies that commission software use data escrow to bolster their risk mitigation. Software developers, on the other hand, use it to boost sales by strengthening their business case and providing more value to their clients.


Why do people use data escrow?

When you build and use a software application, you create data. There is no way around it. And this data can be stored in environments where software is deployed and executed, including databases in different physical locations, asset stores like AWS S3 and Microsoft Azure, in-memory databases, and many others. In case critical data suddenly becomes inaccessible for any reason, your software application would lose its normal functionality.


What can cause data loss?

Data loss occurs when data is accidentally deleted or something causes it to become corrupted. Viruses, physical damage, formatting errors, or a combination of these can render data unreadable by both humans and software, posing a risk to the financial health of businesses of all sizes.




SaaS Escrow

What is SaaS escrow?

In simple terms, SaaS escrow secures access to a running instance of a third-party cloud application that is critical to ensuring a company’s business continuity. As such, it helps avoid both temporary and long-term disruption to the end-user’s regular business operations — and consequently, prevents financial loss — regardless of their developer’s or supplier’s operational status.



In addition to the application’s ever-evolving source code, SaaS escrow can also contain data, virtual machines, manuals, credentials, and any other assets or information needed to ensure its continued viability or quick recovery, depending on the licensee’s required configuration.


What does SaaS escrow mean?

SaaS escrow is a specialized software protection solution designed to protect cloud-native software applications from internal and external threats, critical errors, or incorrect configurations that can adversely affect business functions.


Who is SaaS escrow for?

It is intended for all software developers and suppliers who ship Software-as-a-Service (SaaS) applications as part of service level and license agreements, as well as their clients (end-users).


SaaS escrow typically secures root access to the application's live environment or any assets necessary for virtualizing the application in a new one. Alternatively, a risk-averse company may also deploy a standby, running copy to ensure minimal to no downtime in emergencies.


Why do developers use SaaS escrow?

Modern SaaS escrow easily integrates with agile workflows, providing software developers an easy way to meet licensing obligations, achieve compliance, and protect intellectual property (IP). It acts as a point of differentiation and gives software suppliers a competitive advantage in an oversaturated market, allowing them to provide extra value (and peace of mind) to their clients and ultimately boost profits.


Why do end-users use SaaS escrow?

Licensees (i.e., companies whose operations rely on third-party, cloud-based software applications) use SaaS escrow to protect their software in case the developer undergoes acquisition, runs out of business, or fails to meet their contractual obligations in any other way. By securing access to source code, data, and other critical assets, licensees mitigate risk and prevent disruption to critical systems.


Source Code Escrow

Source Code Escrow

What is source code?

Source code escrow puts a contractual obligation on a software developer or supplier (licensor) to store the complete and up-to-date source code — and sometimes also object code — of a business-critical application in a format readable by humans with a trusted escrow agent such as Codekeeper.


In particular, by escrowing the source code of a critical application, the end-user (licensee) protects their software investment by means of ensuring they can maintain and update it irrespective of the developer or supplier's operational statuses. Such circumstances include the software developer discontinuing maintenance and support, running out of business, or breaching the licensing agreement in any other way.


What does source code escrow mean?

Source code escrow is a specialized software protection solution designed to store the source code of a critical software application, ensuring access in case the software's maintenance cannot otherwise be assured, as defined in agreed-upon conditions.


Who is source code escrow for?

It is intended for all software developers and suppliers who deploy business-critical, on-site software applications as part of service level and license agreements, as well as their clients (end-users). Though source code escrow is most commonly used for traditional on-site software licenses, it’s a versatile software protection solution that can also be employed for development agreements, software acquisition agreements, and other transactions involving software.


Why do developers use source code escrow?

Successful software developers and suppliers leverage source code escrow during licensing negotiations to offer more value to their clients and stand out from competitors, which is why some business development executives refer to it as “the great sales enabler.” By storing source code in a secure location, developers also deploy source code escrow to increase security and protect intellectual property.


Why do end-users use source code escrow?

Licensees — companies whose operations rely on third-party software applications — primarily use it to mitigate risk. With the ability and documented right to maintain and update essential parts of a critical software product, end-users reduce the chance of interruption or damage to their business and ensure business continuity in case their software supplier undergoes acquisition, runs out of business, fails to provide adequate maintenance, or otherwise breaches the agreement.



Information Escrow

What is information escrow?

Information escrow allows companies to transmit sensitive information via a trusted intermediary — typically an escrow agent such as Codekeeper — to prevent the risk of disclosing critical, classified information to unauthorized parties.



Specifically, in the business context, information escrow assists companies with securing access keys, encryption keys, patents, and all other sensitive assets. The escrow agent attests to the ownership, content, and creation date of the escrowed materials, releasing them to the designated beneficiary only under specific, predefined, contractually agreed-upon conditions.


What does information escrow mean?

Information escrow is a specialized solution designed to protect intellectual property, sensitive information, and other critical assets from being accessed by unauthorized or malicious parties that may seek to violate IP rights or formulate an attack.


What is information escrow used for?

Information escrow is most commonly used when one or more parts of the product development process are outsourced to a third-party. It is, however, a versatile solution that is employed in different scenarios where there is a transaction taking place and a trusted third party is required to secure critical information until certain milestones are met. It holds intellectual property and a wide array of other confidential information that can be stored physically, electronically, or in the cloud.


What kind of information is or can be stored?

Examples of the types of information that are stored in information escrow include but are not limited to:

• Product designs

• Passwords

• Engineering or manufacturing designs

• Industrial specifications

• Prototypes

• Chemical formulas

• Encryption keys

• Branding campaigns

• Advertising campaigns

• Certificates

• Title deeds

• Trademark assignment

• Music

• Song lyrics