John Boruvka looks at the findings of a recent IDG Research survey, explores its implications for business continuity, and looks at what you can do about it.
Many organizations protect their utmost critical applications with business continuity plans, and that’s great; but where is the plan for the next 20 or 30 applications that still have significant impact on the business? The results of a recent IDG Research survey reveal that 55 percent of critical software applications do not meet expectations for application support. As you may expect, this wastes valuable resources, drives up costs, and disrupts the continuity of your business operations. If you are concerned with business continuity in your company, it’s important to understand the risks associated with licensing critical software applications, and why you need to take protections to safeguard the software at the heart of your business operations.
Reasons why vendors don’t meet support expectations
Any software application can be mission-critical in today’s digitized business world. A company can only survive and thrive when it gets adequate support for the applications that drive it. In the IDG Research survey, sponsored by Iron Mountain, IT decision makers reported on a number of reasons why an outside vendor did not meet support expectations, as shown in figure one.
Figure one: Has your organization ever licensed mission-critical applications from an outside vendor who did not meet its expectations for application support?
The most common reason was a breach of service level agreements (SLAs), which is fairly easy to correct. However, 35 percent cited causes that are harder to bounce back from: failure to support the application; a merger or acquisition that deprioritized the application; or the vendor’s bankruptcy or insolvency.
The business impact of lack of support
Relying on vendors that do not meet expectations results has a wide-ranging business impact. The negative consequences range from cost overruns, project setbacks, and poor internal IT performance to customer dissatisfaction and brand damage, legal involvement, and loss of revenue (see figure two).
On average, IT project failures cost business 25 percent overrun of their initial budgets. Thirteen percent of respondents had overruns of 50 percent or greater.
Figure two: You indicated your organization has licensed mission-critical applications from an outside vendor who did not meet expectations for application support. In which areas did this impact to your business?
What are some strategies to ensure business continuity when faced with lack of support?
Enterprise companies face lack of support issues from their vendors all the time. Most people typically think of bankruptcy, but there are really a whole host of reasons why software developers stop supporting their products: from mergers and acquisitions to ‘sun setting’ an older product line. Technology escrow (also known as source code escrow or software escrow) is a key strategy to gives organizations leverage to demand better SLA compliance – and protect against a potentially dangerous total loss of support.
Here’s how it works: a copy of your software source code, data, build instructions, and third-party tools are stored securely with a technology escrow agent, like Iron Mountain. Then, if your software developer goes out of business or otherwise discontinues support, a release of those escrow materials lets your business continue with development in-house or keep suddenly unsupported products running long enough to find and implement a replacement. This means the wasted resources and cost overruns associated with vendors that do not meet expectations can be minimized or eliminated.
Who uses technology escrow?
It may surprise you to learn that 90 percent of the Fortune 500 companies are Iron Mountain technology escrow customers. Typically, the procurement department has included technology escrow as part of the terms and conditions of licensing mission-critical software. However, this is often just a ‘check box’ provision implemented with basic terms, and not part of a comprehensive risk assessment.
As risk management becomes a more powerful force in organizations, technology escrow and verification has started to become a strategic tool for business continuity managers and disaster recovery professionals. Beyond traditional escrow for on-premises applications, there are also special risk management considerations that need to be taken for software-as-a-service (SaaS) applications and data, because the old rules no longer apply when your software and data are in the cloud. But that’s a topic all on its own …
Essentially, technology escrow is like insurance: you hope you never have to use it, but you want to be sure it’s there when you need it. If you work in a risk management function protecting the assets of your enterprise, you owe it to yourself to learn more about technology escrow as a strategic business continuity tool, especially if you’re beginning to move more of your software to public clouds and SaaS applications. You want to think about your service sustainability or application continuity, not only when you experience an event, but when your provider does as well.
About the author:
John Boruvka is vice president for Iron Mountain’s Intellectual Property Management group, and has been involved in the technology escrow and intellectual property management field for more than 29 years. John can be reached at firstname.lastname@example.org. Follow him on Twitter @JBoruvka. Learn more about Iron Mountain’s technology escrow offerings at: www.ironmountain.com/escrow