Experts agree that we’re over the cloud-based access control adoption hump. Though some continue to lag behind, they also say there’s plenty of opportunity for growth in integration and managed services.
Cloud-based access control systems — or hybrid access control systems that may communicate with the cloud rather than operating solely in the cloud have been available for quite some time now, but there continues to be some trepidation toward adopting cloud-based solutions. According to industry experts SDM spoke with, attitudes toward cloud-based solutions have changed to the point where it would be remarkable if a customer wasn’t somewhat interested in a cloud-based solution. Still, there exists some lag in the technology’s adoption.
“I don’t hear many people today saying, ‘I really want to operate some access control software, and I’m going to make a special space in my data center to do that,’” says John Szczygiel, executive vice president and COO, Brivo, Bethesda, MD. “That would be unusual.”
There are growth opportunities in the cloud-based access control market. Experts point to options like offering integrations with the system or additional managed services, but they also acknowledge some of the challenges that offering Access Control as a Service (ACaaS) can present to the security integrator.
Overall, Kris Houle, product manager, SaaS, Genetec, Montréal, says, “There are more positives than there are negatives for cloud adoption.”
The positives of a cloud-based access control system have had enough time to demonstrate their value to the market. The simplicity of installing and maintaining the system, as well as the reduction of upfront costs of the system offer significant advantages to end users. Still, experts say that some in the access control space have hesitated to make the transition.
“The megatrend, essentially, is moving all of the software to the cloud and shifting those workloads to the cloud service providers,” Szczygiel says. “I see that as an unstoppable trend. If I thought about it as it relates to a crossing of the chasm, I really believe we’re in the late majority, or perhaps even the laggard part of the curve. We’re not still climbing the upward climb of the curve. I think there are a lot of laggards in access control, but for a bunch of different reasons.”
For starters, Szczygiel says, “Access control manufacturers have done a pretty good job of building systems that last a long time. You put the card up and the door opens, so everybody’s perception is it works. Why do I want to mess with it?”
But with on-premise solutions, that attitude can present problems. These systems cannot be tucked away and forgotten about, Szczygiel says. “People are looking at it more as a utility than as an IT system,” he says. “The reality today is that access control is an IT system because it operates on the internet. If it’s a computer, it needs to be maintained and needs to be protected against cyber vulnerabilities.”
The benefit cloud-based systems bring includes automatic updates. Running old and out-of-date software presents cyber vulnerabilities that may have been patched out by new software updates. The IT department has become aware of that, and experts remind us that — in the age of the internet — IT and security have become inseparable.
“With the convergence in the industry between IT and security, evermore I’m filling out IT assessments of security for vendors,” says Richard Goldsobel, vice president, Continental Access, Napco Security, Amityville, NY. “The IT groups just ask if they can outsource the whole thing to a cloud environment and know that the encryption is being taken care of, that vulnerabilities are being taken care of from a central perspective.”
When it comes to hybrid solutions, Goldsobel does warn, “I think the dealers have to understand that if there are on-premise functions on the server — even if they’re being served out of a controller — then the IT guys still need to know about the local encryption and how it affects the network. All of those difficult things that they might have thought they were getting away from with certain cloud solutions are still present to some degree with hybrid solutions.”
Historically, cloud-based access has been common among small-to-medium businesses. Brach Bengtzen, vice president of marketing, ProdataKey (PDK), Draper, Utah, says, “The reason for this is not because cloud systems don’t work well in larger installations, it’s because smaller businesses often don’t have their own data centers, and they don’t have the resources to manage a system in-house. With a cloud solution, they don’t have to install all the servers and racks, and then have someone on their IT team maintain the equipment and network. The system is simple, easy, plug-and-play.”
While this remains the case, cloud-based access control adoption has increased at the enterprise level. Bengtzen says one reason for this is the systems integrate very well to other systems. “Enterprise users like how well it integrates with other platforms. For example, our system integrates seamlessly with Microsoft Entra ID, wireless lock sets, visitor management, video management systems (VMS) from many manufacturers, and other solutions. Enterprise clients want to have all their platforms working together as one application.”
Houle says he sees enterprise users no longer wanting to dedicate internal effort to responsibilities that can be handled by external experts. “We’re seeing a shift,” he says. “We’re seeing the enterprise-level customers want to offload some of the liabilities and responsibilities of having their own team running these systems, especially as they go global. It’s very expensive to do many, many sites and to scale those servers and manage them with the uptime that an outside source who’s dedicated to providing those resources can guarantee.”
Scot Sturges, director of business development, acre security, Las Vegas, agrees that enterprise level access control customers are trending toward efficiency. “Larger corporations are also looking to embrace the benefits of the cloud,” he says. “They’re drawn to cloud solutions’ simplicity and scalability, which benefits firms with operations stretched across multiple, often distant, locations.”
Sturges continues, “This move toward cloud-based operations reflects a broader trend among larger enterprises. They’re increasingly adopting cloud strategies to streamline their operations more efficiently. The cloud’s ability to offer seamless management of security measures, regardless of an organization’s size or geographic spread, is a testament to its growing importance in corporate strategy. This preference marks a new era in how businesses approach security and highlights the cloud’s role in modernizing and enhancing access control systems.”
While the transition to the cloud has proven itself to both dealers/integrators and end users, there are still growing pains associated with the shift. Time and time again experts expressed that going from an up-front capital expense to a recurring-monthly subscription based payment system can be tricky.
“The main challenge for the integrator is understanding the change to their business model,” Szczygiel says. “Because they’re moving from a transactional, one-time sale to a long term relationship, their sales approach has to change. They have to be able to explain what the value prop is of the overall equation.”
Szczygiel continues, “They also have to change their accounting system. Maybe their accounting system doesn’t permit an invoice to be spit out every month. They need to change their incentive plans for their sales team, because they have to pay them based on the subscription model, not on a one time sale.”
There can be some hesitation on the users’ end, though in the age of the subscription-based model users are used to paying for Microsoft Office, Zoom, Slack, etc. Still, the advice given to security dealers and integrators struggling to convince end users to budget monthly for their solution is to demonstrate the value and stress the cost savings.
For one, they can move forward as their budget allows rather than spending a substantial sum up front. “Scaling is easier to swallow when you’re in the cloud,” Houle says. “It’s not that it’s a pay-as-you-go type of scalability but it’s almost like that. You can control how you scale and how much you spend as you grow your system.”
Bengtzen stresses the importance of emphasizing the up-front cost savings of a cloud system. “The problem is with access control in general,” he says. “There’s a lot of hardware that goes into a system. It’s expensive. With PDK, we have our controllers, readers, and software. Customers don’t have to purchase racks of servers and other network appliances they’d need with an on-prem system. However, there’s still all this other stuff customers need, like electric strikes or mag locks; request to exit devices; door position sensors; other monitoring sensors. Plus, you’ve got all this wiring — so the cost does add up. Putting all that together in an affordable package can be difficult, especially for customers who are looking for something quick and easy-to-install. They expect it is going to cost less than it does.”
Bengtzen continues, “Another benefit of selling access-as-a-service is that instead of charging for all the equipment as an upfront cost, dealers can offer the customer a lease option where the dealer covers everything, but every month, the customer slowly pays off the system as the price is rolled into the recurring revenue costs. Other things might also be included — like managed services where the dealer manages the software and creates a convenience factor for the end user.”
As the experts have previously touched on, users are looking for integrated “all-in-one-platforms” — which the integration potential of cloud-based access control systems can offer. There’s also an opportunity to add additional managed services to the system, like business insights or even services based on how they’re interacting with the system.
“You can provide them insights on how they can optimize their usage, potentially,” Houle says. “You can even have the ability to possibly offer an end user a feature based on the way they’re using something with data behind it — not because it’s a new flashy thing that came up, but because the data tells me it might be useful for you. I’m able to provide you with this extra service if you want it.”
Szczygiel points out one challenge that is in the process of being addressed. “One of the big pains that a customer has — and a cause of some of the lag in the market — is the incompatibility that exists in many cases between the credential reading devices, the card readers and the credentials themselves,” he says. “And this has been a problem for 40 years. As soon as this technology was developed, everybody created their own iteration of it. Everyone has their own proprietary version, which is a little bit different than the way it was done in other areas like credit cards.”
Szczygiel continues, “So I think there’s a huge opportunity for the entire security industry, because for the first time, we have some forces in the market that are generating that opportunity to create universally compatible readers and credentials. I’m referring to the wallet technologies that use Android and iOS and essentially the mobile platforms as a form of credential. By design, those technologies require the underlying readers to have compatibility, and they do not permit this proprietary world to exist where a manufacturer gets to say my reader and my credential are the only things that work on my device.”
From provider to provider, the approach to cloud-based systems vary, so it is important to select the option that is best both for you as a dealer or integrator and, most importantly, for your customer.
Some — like Brivo — are cloud-first options. “Users want to have full management capabilities from their cell phones, not a watered-down version of the software,” Bengtzen says. “They want complete mobile management, from anywhere with the latest software and features. These are all benefits of true cloud systems, things that you don’t get with on-prem.”
Others tout the benefit of a hybrid approach. Genetec’s Houle says, “Maybe cloud-first is not the way to approach it and maybe hybrid is better because hybrid allows you the opportunity to be flexible, to be open, and to allow you and your customer to sit down and choose the best path for how a customer can be best served.”
Napco’s Goldsobel recommends focusing on the right solution for the right job. “Everything’s available in both on-prem and hybrid cloud service,” he says. “There’s a huge spectrum in my mind, and I hate setting up dealers for failure. I try to be very specific about cloud-based functions. But again, there’s the right tool for the job. There’s still going to be some locations that require a good on-premise server and I think, being fair to the dealers and the end users, giving them that choice for the right tool is good.”
Access control systems, like other security products, face myriad cybersecurity threats — the majority of which include a ‘human [...Read More]
Discover how OSDP is modernizing access control systems, from overcoming installation challenges to maximizing security and efficiency, paving the way [...Read More]
How to transform your image from service provider to trusted guardian Jennifer Pringle [caption id="attachment_20951" align="aligncenter" width="700"] Building a [...Read More]