If you have third party business-critical software, what happens if the software company goes into administration?

The majority of software now is online or ‘in the cloud’, our software, Vision, is no different.  We’re constantly made aware of “data security”; how to protect your data and the data of others, from hackers, and so on, but there’s something much bigger at stake here.

The question that is not being asked is how secure are the companies that own the software you are using and what protection do you have should those businesses go into receivership? The majority of companies take advantage of server farms, as they are quickly adaptable to fire-up servers in seconds and they also have large “pipes” (broadband connections) that would cost companies 10s of thousands of pounds to provide themselves.  So, server farms are an essential part of the online network for both customers and clients alike. 

How do they work?  A software company will have an agreement with a server farm to have access to a number of dedicated servers. They will load their software onto these servers and will also attach their clients’ databases.  All of this will be achieved remotely and access can be gained to your company’s servers from anywhere in the world, with the correct authorisation. The software company, if it is committed to ensuring their customers continuous access to their data, is also likely to have a “mirrored server” set-up. This basically means that if one server goes down, for whatever reason, then the mirrored server will automatically fire-up and business continuity is achieved for the software companies’ clients… so far, so good.

For all of these services, the software company will be charged a fee by the server farm, quite rightly, as setting up a server farm is a very costly business. So, what happens if the software company doesn’t pay the server farm? Again, quite rightly, they will turn off the servers the company is renting until payment is made. At this point the client will have no access to their own software and data until the software company pays the bill.  Ask yourself the question: what software do you have that is business-critical and the servers on which it runs is not within your control?  I would say, in most large organisations, that is likely to be a big number. Also, ask yourself the question: if the data was irretrievable, how much would it cost to replace it?  When the software company finally pays the server farm and the servers are turned back on, you have access to your data and, except for a few days of disruption (how much has that cost you?), everyone is happy or, are they?

The software company obviously has financial problems but, as the server farm is business- critical to them, they would pay them before anyone else, including HMRC. HMRC are not happy with that and place a winding up order on the software company, effectively putting them into liquidation – what happens now? A Receiver is appointed and they step in to try and save the company. To do that, they need money and, what they have of yours, the client, is extremely valuable. They have the power to turn the servers running your software on and off and, more importantly, they have control of your data. 

Now, ask yourself the question: if the system was down and the software was business- critical, how much would you be prepared to pay to have it back. I can hear a number of people now screaming ESCROW! So, what does ESCROW actually mean? The legal meaning is: “a bond, deed, or other document kept in the custody of a third party and taking effect only when a specified condition has been fulfilled”  In the software world, this means if you have an ESCROW agreement, the source code for the software will be released to you, hopefully, along with the database, if the data is also included in the agreement (worth checking).

So, there it is: the software company goes bust, you get the software and the data – all’s well, or is it?  Triggering the ESCROW agreement could take days or even weeks, during which time you are without a business-critical piece of software and access to your data.  Added to this, in my opinion, there is a far greater issue of concern, which is nearly always overlooked.

Let’s say, for argument’s sake, through the ESCROW agreement, the software source code and the data are released to you within 24 hours and you pass this onto your I.T. department to “sort out”. This is likely to be the first time they have seen this software and will have absolutely no idea how the code should work, how to install it and configure it onto your web servers or how to attach the database. The list goes on and on.  In a complex piece of business-critical software, it could take months for an I.T. department or company to figure all this out and make it operational – scary isn’t it? 

So, is there a solution? The answer is yes but not all ESCROW companies offer it.  The answer is to have a mirrored image of the server install, with the software configuration and the data all in one place and operational. When and if, the software company goes into administration, the “Image” is released to the ESCROW company. The ESCROW company mounts it on one of their servers and you, the customer, have access to both the operational software and your data, seamlessly and accessible within minutes. The ESCROW company would then continue to host the software and data for a period of, say, 6 months which would enable you, the customer, to come up with a more permanent solution.

Don’t say you weren’t warned!

Steve Aldridge,

Managing Director, Assets & Compliance Managed Services UK Limited