There is a fundamental flaw in Salesforce.com's terms and conditions that puts customers at risk of losing access to services in the event of a third-party software vendor going out of business, according to voice provider Resilient Networks' CEO, Andrew Bale.
Resilient Networks uses Salesforce.com across the majority of its business functions.
The problem, said Bale, centres on the lack of an escrow agreement between Salesforce.com and its customers. With most traditional software products, an escrow agreement is put in place between a customer and a vendor, so that if the provider of software goes out of business and the software is discontinued, a customer can go to a third-party organisation (an escrow organisation) and ask for the source code to carry on using the software.
"If the provider of the software collapses I can go to the escrow organisation and give them a key and they will say, ‘Great, let me check if the vendor has gone and if so we'll get the source code to you'. Then I can bring in the source code and I can run it and it works fine," Bale told Computing.
However, Bale said that such a possibility is not the case with software-as-a-service (SaaS) platforms such as Salesforce.com and Amazon Web Services.
"If a third-party vendor – not Salesforce – built some software that performs well on Salesforce's platform and it gets pushed down to us through the app store it is called a managed package. If the company providing that managed package goes out of business then suddenly its software might stop working overnight because we don't know the relationship between this organisation and Salesforce – Salesforce could have turned it off," Bale said.
"Historically, you could handle this by using some sort of source code but I can't go to the third-party vendor to get the source code because they've gone, I can't go to Salesforce as it has a relationship with the third-party vendor not myself, and I can't go to any escrow agent because there is no fourth-party arrangement possible," Bale said.
But Bale was especially frustrated at Salesforce.com's lack of acknowledgement on the issue.
"Salesforce don't recognise us as having anything to do with [the third-party vendor] and so would be entitled to refuse to have anything to do with it, so we could spend a lot of money on purchasing software that, if the company goes out of business, we have no access to. Salesforce's legal team refuses to acknowledge that there is a problem," he said.
Bale was interested to see how the industry moves forward and if SaaS platforms can incorporate a similar escrow agreement to that used with traditional software products.
Salesforce.com has declined to comment on the matter.
This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy