Continuity in the cloud

Amsterdam, 3 October 2013

Ernst-Jan Louwers

• Cloud

• Continuity risks in the cloud

• Continuity demands

• Escrow: bearing, goal and means

• Escrow challenged

• Escrow models

• Wrap up / discussion topics

Agenda

Continuity risks in the cloud

• Dependence / business critical?

• Continuity (applications, data and services)

• Data: security (critical / sensitive)

• Where are the hosted data?

External

No direct control

Not (only) source code

Software

Interfaces

Services

Data

Continuity demands

• Securitisation of source code

• Escrow agent / TTP

• Release in triggering events to authorised users

Escrow: bearing

• Access to source code and documentation for maintenance

• Without surrendering power over source code

• In triggering events

Escrow: goal - local

• Access to sources and documentation

• Critical uninterrupted availability

• services

• applications

• data

• In triggering events

Escrow: goal - cloud

• Contract

• Deposit and verification

• Secure storage

• Ongoing administration

• Trusted third-party

• Triggering events – bankruptcy of supplier – IP in bankruptcy estate

– non or poor performance by supplier

Escrow: means

• Dutch case law: Nebula judgement (Dutch Supreme Court 3 November 2006, NJ 2007, 155

• Case related to rental agreement

• landlord bankrupt

• tenant cannot require continuation of rental agreement

• equal treatment of creditors in bankruptcy (‘paritas creditorum’)

Escrow challenged

• Nebula applicable to escrow?

• escrow agreement before bankruptcy

• supplier bankrupt = triggering event

• agent surrenders sources

• so far so good…

BUT: receiver may still oppose the USE of the sources!

Escrow challenged

ESCROW MODELS

• Traditional escrow notary/TTP

• Split copyright

• SaaS/cloud escrow

• Advanced escrow/warranty

Escrow models

Source code Deposit

at agent

Verification

by expert Acceptance

Triggering event

Issue of copy

Traditional escrow

• Upside:

• simple and easy

• Downside:

• practice few deposits/timely deposits

• traditional escrow not sufficient for cloud

• no access to human resources

• bankruptcy receiver to prevent access and

use of sources?

Traditional escrow

Split copyright

• Upside

• part of copyright = strong basis

• Downside

• possible for SaaS? – multiple owners?

• no guarantee for immediate continuity

• no access to skilled human resources

• hesitation supplier to share copyright

Split copyright

Usufruct

IP to software

Usufruct

• Upside

• limited right on IP = strong basis

• unaffected by bankruptcy

• Downside

• useful for SaaS? – multiple usufruct?

• no guarantee for immediate continuity

• no access to skilled human resources

• hesitation supplier to grant usufruct

Usufruct

Cloud escrow

Third party

Cloud escrow -

backup/fallback

SaaS

Data

SaaS services

supplier

Customer

SaaS

Data

• Upside

• immediate continuation of services in

case of full redundant system

• access to data?

• Downside

• access to skilled human resources?

• bankruptcy receiver to prevent access and

use of sources?

Cloud escrow

• Our advanced solution

• © Louwers IP|Technology Advocaten

• Combination IP allocation & escrow/warranty

Risk management for supplier and customer

Advanced escrow/warranty

Step 1: IP allocation out of operation company

HOLDING B.V.

SUPPLIER/PROVIDER B.V.

TRANSFER IP LICENSE IP

IP

Advanced escrow/warranty

HOLDING B.V.

CUSTOMER/END USER

WARRANTY FOUNDATION

ESCROW-WARRANTY

AGREEMENT

SUPPLIER/PROVIDER B.V.

License/VAR

agreement

IP

Step 2: escrow-warranty arrangement

CLOUD / SaaS

AGREEMENT

SAAS-SERVICES

SERVER(S) WITH

SOFTWARE AND DATA

OPTIONAL:

MIRROR

ENVIRONMENT

SOURCES

SAAS-SERVICES

SERVER(S) WITH

SOFTWARE AND DATA

HOLDING B.V.

CUSTOMER/END USER

WARRANTY FOUNDATION

ESCROW-WARRANTY

AGREEMENT

SUPPLIER/PROVIDER B.V.

License/VAR

agreement

IP

Step 3: triggering event – foundation takes over

CLOUD / SaaS

AGREEMENT

OPTIONAL:

MIRROR

ENVIRONMENT

SOURCES

HOLDING B.V.

CUSTOMER/END USER

WARRANTY FOUNDATION

ESCROW-WARRANTY

AGREEMENT

IP

Step 4: foundation provides services

CUSTOMER/END USER

OPTIONAL:

MIRROR

ENVIRONMENT

SOURCES

HOLDING B.V.

CUSTOMER/END USER

WARRANTY FOUNDATION

ESCROW-WARRANTY

AGREEMENT

NEWCO SUPPLIER/PROVIDER B.V.

License/VAR

agreement

IP

Step 5: newco takes over and foundation draws back

NEW CLOUD / SaaS

AGREEMENT

SAAS-SERVICES

SERVER(S) WITH

SOFTWARE AND DATA

OPTIONAL:

MIRROR

ENVIRONMENT

SOURCES

• Upside

• dedicated foundation

• control supplier, user/group, independent

• escrow agent

• mirror: system available (backup, recovery, fallback)

• IP allocation and involvement IP owner

• access to skilled human resources of supplier (through IP owner)

Advanced escrow/warranty

• Downside

• mirror more expensive

• administrative burden foundation

• what in case of bankruptcy of IP owner?

• solution: right of usufruct to foundation

• SMEs only?

Advanced escrow/warranty

WRAP UP

• Many topics for discussion…

• Validity escrow in other jurisdictions?

• Right of receiver to withdraw or deny access or use of source code?

• Is usufruct a solution?

• What about data?

• Any new ideas from your jurisdiction?

Wrap up

www.louwersadvocaten.nl

louwers@louwersadvocaten.nl

040 2393203

06 52 048154