Source code escrow and continuity in the cloud
-
Upload
ernst-jan-louwers -
Category
Business
-
view
538 -
download
2
description
Transcript of Source code escrow and continuity in the cloud
![Page 1: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/1.jpg)
Continuity in the cloud
Amsterdam, 3 October 2013
Ernst-Jan Louwers
![Page 2: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/2.jpg)
• Cloud
• Continuity risks in the cloud
• Continuity demands
• Escrow: bearing, goal and means
• Escrow challenged
• Escrow models
• Wrap up / discussion topics
Agenda
![Page 3: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/3.jpg)
Continuity risks in the cloud
• Dependence / business critical?
• Continuity (applications, data and services)
• Data: security (critical / sensitive)
• Where are the hosted data?
External
No direct control
Not (only) source code
![Page 4: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/4.jpg)
Software
Interfaces
Services
Data
Continuity demands
![Page 5: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/5.jpg)
• Securitisation of source code
• Escrow agent / TTP
• Release in triggering events to authorised users
Escrow: bearing
![Page 6: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/6.jpg)
• Access to source code and documentation for maintenance
• Without surrendering power over source code
• In triggering events
Escrow: goal - local
![Page 7: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/7.jpg)
• Access to sources and documentation
• Critical uninterrupted availability
• services
• applications
• data
• In triggering events
Escrow: goal - cloud
![Page 8: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/8.jpg)
• Contract
• Deposit and verification
• Secure storage
• Ongoing administration
• Trusted third-party
• Triggering events – bankruptcy of supplier – IP in bankruptcy estate
– non or poor performance by supplier
Escrow: means
![Page 9: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/9.jpg)
• Dutch case law: Nebula judgement (Dutch Supreme Court 3 November 2006, NJ 2007, 155
• Case related to rental agreement
• landlord bankrupt
• tenant cannot require continuation of rental agreement
• equal treatment of creditors in bankruptcy (‘paritas creditorum’)
Escrow challenged
![Page 10: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/10.jpg)
• Nebula applicable to escrow?
• escrow agreement before bankruptcy
• supplier bankrupt = triggering event
• agent surrenders sources
• so far so good…
BUT: receiver may still oppose the USE of the sources!
Escrow challenged
![Page 11: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/11.jpg)
ESCROW MODELS
![Page 12: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/12.jpg)
• Traditional escrow notary/TTP
• Split copyright
• SaaS/cloud escrow
• Advanced escrow/warranty
Escrow models
![Page 13: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/13.jpg)
Source code Deposit
at agent
Verification
by expert Acceptance
Triggering event
Issue of copy
Traditional escrow
![Page 14: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/14.jpg)
• Upside:
• simple and easy
• Downside:
• practice few deposits/timely deposits
• traditional escrow not sufficient for cloud
• no access to human resources
• bankruptcy receiver to prevent access and
use of sources?
Traditional escrow
![Page 15: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/15.jpg)
Split copyright
![Page 16: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/16.jpg)
• Upside
• part of copyright = strong basis
• Downside
• possible for SaaS? – multiple owners?
• no guarantee for immediate continuity
• no access to skilled human resources
• hesitation supplier to share copyright
Split copyright
![Page 17: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/17.jpg)
Usufruct
IP to software
Usufruct
![Page 18: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/18.jpg)
• Upside
• limited right on IP = strong basis
• unaffected by bankruptcy
• Downside
• useful for SaaS? – multiple usufruct?
• no guarantee for immediate continuity
• no access to skilled human resources
• hesitation supplier to grant usufruct
Usufruct
![Page 19: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/19.jpg)
Cloud escrow
Third party
Cloud escrow -
backup/fallback
SaaS
Data
SaaS services
supplier
Customer
SaaS
Data
![Page 20: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/20.jpg)
• Upside
• immediate continuation of services in
case of full redundant system
• access to data?
• Downside
• access to skilled human resources?
• bankruptcy receiver to prevent access and
use of sources?
Cloud escrow
![Page 21: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/21.jpg)
• Our advanced solution
• © Louwers IP|Technology Advocaten
• Combination IP allocation & escrow/warranty
Risk management for supplier and customer
Advanced escrow/warranty
![Page 22: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/22.jpg)
Step 1: IP allocation out of operation company
HOLDING B.V.
SUPPLIER/PROVIDER B.V.
TRANSFER IP LICENSE IP
IP
Advanced escrow/warranty
![Page 23: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/23.jpg)
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
SUPPLIER/PROVIDER B.V.
License/VAR
agreement
IP
Step 2: escrow-warranty arrangement
CLOUD / SaaS
AGREEMENT
SAAS-SERVICES
SERVER(S) WITH
SOFTWARE AND DATA
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
![Page 24: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/24.jpg)
SAAS-SERVICES
SERVER(S) WITH
SOFTWARE AND DATA
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
SUPPLIER/PROVIDER B.V.
License/VAR
agreement
IP
Step 3: triggering event – foundation takes over
CLOUD / SaaS
AGREEMENT
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
![Page 25: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/25.jpg)
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
IP
Step 4: foundation provides services
CUSTOMER/END USER
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
![Page 26: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/26.jpg)
HOLDING B.V.
CUSTOMER/END USER
WARRANTY FOUNDATION
ESCROW-WARRANTY
AGREEMENT
NEWCO SUPPLIER/PROVIDER B.V.
License/VAR
agreement
IP
Step 5: newco takes over and foundation draws back
NEW CLOUD / SaaS
AGREEMENT
SAAS-SERVICES
SERVER(S) WITH
SOFTWARE AND DATA
OPTIONAL:
MIRROR
ENVIRONMENT
SOURCES
![Page 27: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/27.jpg)
• Upside
• dedicated foundation
• control supplier, user/group, independent
• escrow agent
• mirror: system available (backup, recovery, fallback)
• IP allocation and involvement IP owner
• access to skilled human resources of supplier (through IP owner)
Advanced escrow/warranty
![Page 28: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/28.jpg)
• Downside
• mirror more expensive
• administrative burden foundation
• what in case of bankruptcy of IP owner?
• solution: right of usufruct to foundation
• SMEs only?
Advanced escrow/warranty
![Page 29: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/29.jpg)
WRAP UP
![Page 30: Source code escrow and continuity in the cloud](https://reader034.fdocuments.net/reader034/viewer/2022042813/546f108aaf795980298b5907/html5/thumbnails/30.jpg)
• Many topics for discussion…
• Validity escrow in other jurisdictions?
• Right of receiver to withdraw or deny access or use of source code?
• Is usufruct a solution?
• What about data?
• Any new ideas from your jurisdiction?
Wrap up