This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
"We are at a size where it's a valid question," says Atri Chatterjee, senior vice president of marketing. And it's a question some customers are asking pure-play security companies. Organizations want to protect their investments in security technologies, and are asking about exit strategies, what options they have with proprietary code (see "Exit Strategy," below), and what safeguards can be inserted into contracts. But just because the questions are being asked, doesn't mean you'll get answers of value.
Storing proprietary code in escrow is one option security organizations are baking into vendor contracts.
Among the topics your organization should broach with smaller security providers is source code escrow. With 700 security companies in the market, consolidation is inevitable, and one investment safeguard is an agreement between a customer, vendor and third-party escrow agent to store proprietary code in the event of an acquisition or bankruptcy.
"From a customer's perspective, if they buy a product from you and something happens where you're not around any more, they know they can get at the source code," says Arcot CTO Jim Reno. "They can hire a consulting agency, and at least get emergency support."
Security Incite president and principal analyst Mike Rothman
| urges companies not to rely solely on escrowing code.
"You don't want to be in a situation where your vendor goes belly-up; you don't want to start over," Rothman says. "Have somebody ready in your back pocket. The vultures will circle [in an acquisition or bankruptcy]."
--MICHAEL S. MIMOSO
"I could ask pointed questions, but I do not believe vendors would volunteer any information," Silvera says.
And if a vendor does offer your organization an answer, take it with a grain of salt.
"They're going to lie to you, simple as that. 'Are you going to be acquired? Not today,'" Rothman says. "The reality is, if anyone comes forward with a compelling offer, it's their fiscal responsibility to look at it. There's not a lot a user can do. It underscores the need for all companies to have a Plan B. There have been some situations where companies have gone away, and organizations are left in a world of hurt. If you're doing business with a startup, you need to plan if something goes amiss."
This was first published in September 2007