Mitigating corporate risk of widespread software dependency
A major South African corporation might use up to 4,000 third-party software products which are business critical. The relentless pursuit of greater efficiencies, more streamlined processes, more innovation as well as the persistent march of rapid digitalisation continues to propel organisations into an expanding and complex digital ecosystem. Embedded in the interplay between software vendors and business end-users is a deep dependency that is redefining the contours of corporate risk management and the governance of technology and information assets.
In this high-stakes arena, the repercussions of software supplier insolvency, supplier breaches of license obligations, or the acquisition of a software supplier by an end-user competitor can lead to an unplanned, sudden business interruption. Unexpected downtime of a mission-critical system stands as a harbinger of potential financial perils, including revenue loss and regulatory fines. Grave consequences are likely such as customer dissatisfaction, market share shrinkage, reputational damage and the loss of IT jobs. This underscores the imperative for companies to fortify their digital foundations against unforeseeable software failures.
Globally, software escrow has crystallised as a best practice solution for managing the risks associated with relying on third-party software. Executive risk consultant at EscrowSure, Guy Krige says, “With the increasing recognition of the widespread dependency on an array of software vendors, there’s a coming of age for the software escrow industry in South Africa. This is a strategic Business Continuity practice that safeguards the latest version of verified and tested software source code which can be released to the end-user in the case of pre-defined events that would otherwise have catastrophic consequences for the business.
EscrowSure, which previously operated as Escrow Europe, stands at the forefront of the South African market. The business has spearheaded the growth of the software escrow industry for over two decades and today provides full-service software escrow services to leading South African corporates across the finance and insurance sector, including ABSA, Old Mutual, Discovery and Sanlam. Software failure, which may also occur as a result of cyber attack, poses a significant organisational risk that must be fully taken into account by company Boards and leadership. At present, software escrow stands as the singular safeguarding solution mapping seamlessly to the rigorous framework outlined in the King Report for Technology and Information Governance, alongside compliance with various internationally recognised technology and IT risk management protocols.
Krige further notes a discernible shift in the corporate landscape, where interdependent entities increasingly insist that their business partners leverage software escrow agreements. "What we find is that among businesses who understand the risks associated with 3rd party software and become aware of software escrow as a mitigation measure, the uptake of the solution is swift and comprehensive. Anticipating the evolving landscape, we expect not only private enterprises but also government bodies and other institutions to view the utilisation of software escrow agreements as a prerequisite when selecting key suppliers. It's not merely about ticking a box; it's a strategic imperative for ensuring resilience and continuity in an age where the reliance on software is omnipresent." This foresight positions EscrowSure not only as the market leader but more importantly, as a local provider guiding and supporting South African enterprises toward fortified operational resilience through strategic software escrow partnerships.