Is your software safe?
Data-escrow firms keep your company's code under lock and key - and give you access when you need to make fixes.
by Betsy Cummings, FSB Magazine

(FORTUNE Small Business Magazine) - Not long after Holden International, a sales-training company in Chicago, splurged on custom software, the problems began. The software crashed regularly, and when CEO Jim Holden complained, the vendor that had designed it for him refused to make repairs. (The programmers who had written the code and installed it on Holden's network no longer worked for the vendor.)

Worse, Holden didn't have complete access to the source code, or raw programming, so he couldn't hire a new firm to make changes. It was something like buying a car, finding out that it's a lemon, and then learning the hood is sealed shut. "We had to chuck the system and lost millions of dollars," Holden says.

Greg Stangle (left) and Greg Bullard, founders of IG2 Data Security, at their vault in Chicago.
Greg Stangle (left) and Greg Bullard, founders of IG2 Data Security, at their vault in Chicago.

After that painful lesson two years ago, Holden discovered software escrow, a service that protects small companies by storing copies of source-code software in vaults. Essentially a kind of insurance for custom software, the service costs about $800 to $2,000 a year and includes a written agreement between software client and vendor that spells out when the code can be released - say, if the developer is acquired, declares bankruptcy, or reneges on its service agreement.

Safekeeping source code

Since the dot-com bust, when many custom-software sellers went out of business and left clients in the lurch, an increasing number of companies--both buyers and developers--have insisted on escrow. But it's only recently that the practice has taken off. Holden hired IG2, an escrow firm in Chicago, which is among the better-known names in the industry (along with Iron Mountain (Research), based in Boston, and Escrow Associates in Atlanta.)

IG2 opened its doors in 2004 with 15 clients. Now, with almost no marketing, it has 350 customers in 30 states and a half-dozen countries. "In 2005 we grew 200%," says Greg Stangle, 38, who founded the seven-employee firm with Greg Bullard, 35.

The two met at DePaul University's law school and later worked as intellectual-property lawyers, where they found a growing need for software escrow - and a lot of fly-by-night operations claiming to offer the service but not delivering it well. They walked into one company's "vault" one day, Stangle says, only to find that it was just an office with a lock. "They might as well have been storing it in the guy's basement," Stangle says.

Because source code is stored on discs sensitive to temperature and humidity, escrow firms compete based on the sophistication of their vaults.

At IG2, for example, the company's vault suppresses fires, should any start, and offers dust- and light-free drawers that preserve discs longer. Escrow Tech International, in Lindon, Utah, offers an extra layer of backup by storing code in its office building as well as in a vault, which is built into the side of a mountain outside Salt Lake City. (Properly vetting an escrow firm can be tricky, but the International Technology Law Association lists members on its website,, who can refer you to a local escrow service.)

Keep in mind that the language in the agreement is crucial. "If there's going to be a problem, it's more likely not at the vault level but rather that someone screwed up on the agreement," says Escrow Tech's senior vice president, Jon Christiansen, 52, a lawyer who founded the company in 1992.

The source code itself, for example, can be in escrow, but if the documentation to build programs using that code isn't stored with it, the code itself might not be much help.

Holden says that working with IG2 has given him peace of mind when making big software purchases. As he puts it, "The challenge is to win the war before it's fought."


The newest Apple monitor can also be a camera for real two-way communication. Check it out.

2005 was a very bad year for computer security. Find out whyTop of page

To write a note to the editor about this article, click here.

Follow the news that matters to you. Create your own alert to be notified on topics you're interested in.

Or, visit Popular Alerts for suggestions.
Manage alerts | What is this?