Software Escrow

Renting instead of buying – that is the business model behind cloud computing. IT resources or applications are made available on request via the internet by the cloud service provider. Under the keyword ‘Software-as-a-Service’, the software can be accessed from different end devices regardless of location and time. The advantage is obvious: billing is usage-based, i.e. only services that are actually used have to be paid for. The cloud model also offers users the opportunity to utilise the latest technologies without having to make any upfront investments.

Challenges and risks of cloud computing
Despite the undeniable advantages, there are also disadvantages. In addition to security aspects, such as storing sensitive data in the cloud, these include the availability of customer-specific data and the prompt restoration of a service should it fail. And this is precisely where cloud escrow can help to minimise, if not eliminate, concerns and reservations.

The role of the cloud Escrow
The task of the cloud escrow agent is to find a suitable solution that takes into account the technical complexity of the infrastructure as well as the security and availability of the data. The composition of the components to be deposited is therefore crucial for cloud escrow. In addition to the software source code, this includes the access data to the cloud service provider’s live system, as well as individual test methods tailored to the respective applications and services used.

Cloud Escrow – security promotes trusting business relationships
From the user’s perspective, cloud escrow is an instrument for securing business-critical data. If the need for security is satisfied with the help of the escrow agent, this has a positive impact on all parties – on the escrow market and on the cloud business model: as the acceptance of cloud computing grows, the demand for corresponding services increases and the supporting role of the escrow agent is also perceived more strongly. A win-win situation for everyone.

IT strategy has long been part of corporate strategy. And IT is regarded as a key technology in the manufacture of products in a wide variety of economic sectors. While the primary object of escrow 15 years ago was software, today it is also important to protect know-how across all sectors: from mechanical engineering and engineering to biotechnology and the chemical industry. Examples of applications for protecting intellectual property range from machine data, circuit board blueprints, material and parts lists, specifications, drawings and interface descriptions to the ingredients of chemical processes or components of production systems as well as their structure and configuration.

What is the difference between IP and Document Escrow and Software Escrow?
While software Escrow is about the availability of software, IP and document escrow secure the maintenance and production of entire manufacturing systems. This means that – depending on the industry – additional expertise is required alongside the Escrow agent. Experts must be called in as assessors, as escrow agents cannot provide the technical expertise internally. The complexity increases and a typical or uniform description or verification of the object of escrow is not possible. In contrast to software escrow, the escrowing of know-how is often less time-critical, as updates are less frequent. Stable production processes are adapted less frequently than software.

In which areas is IP and Document Escrow used and what advantages does it offer?

IP Escrow is an effective way of protecting investments, particularly in the energy and logistics sectors. For example, the operator of a wind farm must be able to guarantee the operational capability of its wind turbines for a period of 30 years. And a logistics company that relies on the use of drones to deliver goods must be prepared for worst-case scenarios – if the drone manufacturer were to cease production, IP and document escrow would enable the logistics company to continue using the existing drones and find another manufacturer to provide the necessary replacement in the medium to long term.

As IP and document escrow is only known in a few industries to date, there are currently fewer use cases here than with traditional software escrow or cloud escrow. However, the potential here is huge.

Costs, compromises or access to live instances of cloud applications
Better a slimmed-down security concept than none at all. – Cost savings can be one reason why users decide to store only the cryptographic keys. These can be passwords, hash values or general access data, for example for cloud applications. In this case, escrow agents speak of incomplete escrow. Why? With key escrow, only the key to the source code is escrowed and not the entire source code.

Compromises promote mutual trust
As the costs for a key escrow are lower than for a full escrow, the cost saving is an option for companies with tight budgets. From the provider’s point of view, there may also be reasons to opt for key escrow alone. Security concerns or the fundamental fear that one’s own product might not stand up to an expert assessment are arguments for agreeing on key escrow as a compromise with the user.

Storing access data: common practice for cloud applications
A third way in which providers and users opt for key escrow often occurs in connection with cloud applications: In this case, the object of escrow is the access data for the online development environment such as Github, AWS or Azure. In the event of the operator’s insolvency, the user receives access to the service’s live data via key escrow so that it can then continue to be operated independently by the user without the licensor or cloud provider.

Data – the key currency of the digital economy
Data plays a crucial role in our digital world. When analyzed and interpreted, data becomes valuable information. It is a key resource and the key currency of the 21st century economy – as access to social participation, the basis for government action, the basis for gaining scientific knowledge and the key to innovation in industry and commerce.

The Escrow agent: neutral data trustee and processor
Data Escrow involves depositing large volumes of data, input or output data or data as a basis for statistical evaluations. There are many potential areas of application: In telecommunications, healthcare or the automotive industry. And it is not always about protection in the event of insolvency. Data escrow is used, for example, as a data protection measure or for the fiduciary management of large volumes of data.

Data Escrow support in telecommunications and healthcare
An Escrow agent can also take on the role of processor, for example as a third party between a telephone provider and a telecommunications company that offers the business partner’s telephones to its customers under two-year contracts: The telephone provider has no interest in viewing and transferring the data for data protection reasons. The telecommunications company, on the other hand, is responsible for the customer relationship and for maintaining the transaction data. In this case, the escrow agent’s task is to carry out regular tests when updating the software. This involves checking the data for completeness and plausibility, for example. The evaluations are documented and the data – for the previously defined case of release – is stored.

A healthy lifestyle includes a healthy diet as well as exercise and sporting activities. The industry offers a wide range of health apps to collect the relevant vital health data. These are offered in the form of wearable hardware, such as small wristbands or watches. With the help of these wearables, user data is collected and transmitted. This data is regularly used and analyzed for clinical studies. The knowledge gained from the data is thus incorporated into new therapies. In order to be able to assign the previously anonymized data back to its users, it must be de-anonymized again. This is where the escrow agent comes into play. Its task is to act as a neutral authority to process the order and provide the information to those who should benefit from it.

Data Escrow – a potential growth market
Whether in telecommunications, healthcare, autonomous driving or the Internet of Things (IoT), data escrow has many potential areas of application. In the future, it will always be a matter of initially sharing proprietary data with other market participants, evaluating it and making it available for the benefit of all parties involved. Data escrow plays an important role in defusing competitive concerns, limiting the existing data power of individual market participants and ensuring data protection. The challenges currently lie in clearly describing the content of the data to be deposited, correctly defining the purpose and being able to carry out the best possible verification and validation of the data in the interests of all contracting parties.

Classic source code storage combined with new applications
The continuous development of technology is constantly bringing new business models to the market. AI is currently on everyone’s lips. Parallel to the use of AI systems, the market for AI escrow is also developing, which is currently the latest area of application for the services offered on the market by professional escrow agents. As with all new developments, AI escrow must first establish itself.

The object of escrow is the source code and/or algorithms of the “empty” or untrained AI models or neural networks and their training data, and possibly also live data to a limited extent.

New technologies – conventional hedging patterns
Although the field of application is new, the motives for opting for an escrow solution are quite conventional: from the licensor’s or rights holder’s point of view, it is about protecting intellectual property, securing competitive advantages and creating trust and acceptance in the market for the solution offered. Particularly in view of the social and ethical discussions in connection with artificial intelligence, this aspect may play a decisive role in the future. And from the user’s or investor’s point of view, the use of AI escrow, just like other escrow solutions, is about protecting their own investments. AI escrow can ensure application reliability and thus strengthen trust in the provider.

The importance of security mechanisms for AI applications
In order to feed AI systems, large amounts of data must be generated and obtained from a variety of sources that are often difficult to access. This data then needs to be merged and cleansed. Validation may be necessary for individual data sets. In addition, data protection guidelines and legal requirements must be observed. This often leads to conflicting objectives: Safeguarding against financial risk on the one hand and preventing unwanted access to certain data on the other.

What advantages does AI Escrow offer?
Securing input or training data can offer advantages for later evidence or defense against lawsuits. With AI Escrow, it is crucial that a “fully” trained system is stored before it is used live for the first time. In this way, any tests and investigations can be carried out later on the originally developed system. Any claims for damages, warranties, laws or safety criteria can thus be satisfied in accordance with the current state of the art. In future, AI Escrow can be an important building block for the further development and acceptance of AI systems in the area of critical processes.