// Access Control
Shifting to the Cloud:
Cloud-Based Access Control
Whether on-prem or cloud-based, many access control solutions allow users to present their mobile device as their credential.
IMAGE COURTESY OF ACRE
Experts agree that we’re over the cloud-based access control adoption hump. Though some continue to lag behind, they also say there’s plenty of opportunity for growth in integration and managed services.
By Christopher Crumley, SDM Staff Editor
Cloud-based access control systems — or hybrid access control systems that may communicate with the cloud rather than operating solely in the cloud — have been available for quite some time now, but there continues to be some trepidation toward adopting cloud-based solutions. According to industry experts SDM spoke with, attitudes toward cloud-based solutions have changed to the point where it would be remarkable if a customer wasn’t somewhat interested in a cloud-based solution. Still, there exists some lag in the technology’s adoption.
“I don’t hear many people today saying, ‘I really want to operate some access control software, and I’m going to make a special space in my data center to do that,’” says John Szczygiel, executive vice president and COO, Brivo, Bethesda, Md. “That would be unusual.”
There are growth opportunities in the cloud-based access control market. Experts point to options like offering integrations with the system or additional managed services, but they also acknowledge some of the challenges that offering Access Control as a Service (ACaaS) can present to the security integrator.
Overall, Kris Houle, product manager, SaaS, Genetec, Montréal, says, “There are more positives than there are negatives for cloud adoption.”
Attitudes Adjust
The positives of a cloud-based access control system have had enough time to demonstrate their value to the market. The simplicity of installing and maintaining the system, as well as the reduction of upfront costs of the system offer significant advantages to end users. Still, experts say that some in the access control space have hesitated to make the transition.
“The megatrend, essentially, is moving all of the software to the cloud and shifting those workloads to the cloud service providers,” Szczygiel says. “I see that as an unstoppable trend. If I thought about it as it relates to a crossing of the chasm, I really believe we’re in the late majority, or perhaps even the laggard part of the curve. We’re not still climbing the upward climb of the curve. I think there are a lot of laggards in access control, but for a bunch of different reasons.”
Businesses can offload the liability and responsibility of running an on-prem access control system by switching to a system based in the cloud.
IMAGE COURTESY OF ACRE
For starters, Szczygiel says, “Access control manufacturers have done a pretty good job of building systems that last a long time. You put the card up and the door opens, so everybody’s perception is it works. Why do I want to mess with it?”
But with on-premise solutions, that attitude can present problems. These systems cannot be tucked away and forgotten about, Szczygiel says. “People are looking at it more as a utility than as an IT system,” he says. “The reality today is that access control is an IT system because it operates on the internet. If it’s a computer, it needs to be maintained and needs to be protected against cyber vulnerabilities.”
The benefit cloud-based systems bring includes automatic updates. Running old and out-of-date software presents cyber vulnerabilities that may have been patched out by new software updates. The IT department has become aware of that, and experts remind us that — in the age of the internet — IT and security have become inseparable.
Cloud’s Communication Challenges
Richard Goldsobel of Napco Security laid out some of the challenges that dealers and integrators can encounter when dealing in cloud-based access control.
“There are no shortage of challenges, [such as] the connectivity of the location,” he says. “We have this cellular radio that gets sold as part of the Air Access cloud platform that stays on a completely separate network from all of the equipment that’s at the end user location. So what that means is that the IT person doesn’t even have to bat an eyelash at all about any compatibility. It’s just not even on his network. He doesn’t have to worry about vulnerabilities or anything else other than the pure physical side of it.”
Another is equipment compatibility. “Once you do connect to an end user’s network, now your equipment very often needs to be configured properly within their environment,” he says. “In some cases, we’re getting towards the enterprise commercial as well as the smaller multi-tenant and other small shops; it’s just a single public IP address from an ISP versus a government contractor. So, the IT environment can be difficult.”
He continues, “Some of the other communication things become variables in the cloud environment — the speed of certain things. It doesn’t necessarily completely depend on the horsepower of your server, and purely on the end user’s network that’s in place. You have the whole public internet WAN in between. And for some people that can be an issue.”
And in a cloud-based setting, the scripted responses to triggers also rely on the internet. “So, for example, we’re offering as part of our enterprise features a full scripting environment, which does require the server to make certain intelligent choices and understanding,” Goldsobel says. “If a particular set of events are happening, then the system can be programmed to perform these 10 other functions. Perhaps a lockdown for a school’s set of campuses with email and SMS notifications being sent out.
“The internet comes into play with the timing of all that. Of course, if you have a lockdown, you want it to be as quick as possible. So we have some ancillary solutions that allow things. Even though this is a hosted, cloud-based product, we have some peer-to-peer lockdown features that help overcome any possible delays that might be back to the server and over the internet if desired. So we have three, four or five different lockdown and threat-level management modes in the new platform.”
//
“With the convergence in the industry between IT and security, evermore I’m filling out IT assessments of security for vendors,” says Richard Goldsobel, vice president, Continental Access, Napco Security, Amityville, N.Y. “The IT groups just ask if they can outsource the whole thing to a cloud environment and know that the encryption is being taken care of, that vulnerabilities are being taken care of from a central perspective.”
When it comes to hybrid solutions, Goldsobel does warn, “I think the dealers have to understand that if there are on-premise functions on the server — even if they’re being served out of a controller — then the IT guys still need to know about the local encryption and how it affects the network. All of those difficult things that they might have thought they were getting away from with certain cloud solutions are still present to some degree with hybrid solutions.”
At the Enterprise Level
Historically, cloud-based access has been common among small-to-medium businesses. Brach Bengtzen, vice president of marketing, ProdataKey (PDK), Draper, Utah, says, “The reason for this is not because cloud systems don’t work well in larger installations, it’s because smaller businesses often don’t have their own data centers, and they don’t have the resources to manage a system in-house. With a cloud solution, they don’t have to install all the servers and racks, and then have someone on their IT team maintain the equipment and network. The system is simple, easy, plug-and-play.”
While this remains the case, cloud-based access control adoption has increased at the enterprise level. Bengtzen says one reason for this is the systems integrate very well to other systems. “Enterprise users like how well it integrates with other platforms. For example, our system integrates seamlessly with Microsoft Entra ID, wireless lock sets, visitor management, video management systems (VMS) from many manufacturers, and other solutions. Enterprise clients want to have all their platforms working together as one application.”
Houle says he sees enterprise users no longer wanting to dedicate internal effort to responsibilities that can be handled by external experts. “We’re seeing a shift,” he says. “We’re seeing the enterprise-level customers want to offload some of the liabilities and responsibilities of having their own team running these systems, especially as they go global. It’s very expensive to do many, many sites and to scale those servers and manage them with the uptime that an outside source who’s dedicated to providing those resources can guarantee.”
Falling behind on the maintenance of an on-prem system can lead to cyber-vulnerabilities, a problem that cloud-based solutions can help solve through automated updates.
Image courtesy of genetec
Scot Sturges, director of business development, acre security, Las Vegas, agrees that enterprise level access control customers are trending toward efficiency. “Larger corporations are also looking to embrace the benefits of the cloud,” he says. “They’re drawn to cloud solutions’ simplicity and scalability, which benefits firms with operations stretched across multiple, often distant, locations.”
Sturges continues, “This move toward cloud-based operations reflects a broader trend among larger enterprises. They’re increasingly adopting cloud strategies to streamline their operations more efficiently. The cloud’s ability to offer seamless management of security measures, regardless of an organization’s size or geographic spread, is a testament to its growing importance in corporate strategy. This preference marks a new era in how businesses approach security and highlights the cloud’s role in modernizing and enhancing access control systems.”
Challenges in the Cloud
While the transition to the cloud has proven itself to both dealers/integrators and end users, there are still growing pains associated with the shift. Time and time again experts expressed that going from an up-front capital expense to a recurring-monthly subscription based payment system can be tricky.
“The main challenge for the integrator is understanding the change to their business model,” Szczygiel says. “Because they’re moving from a transactional, one-time sale to a long term relationship, their sales approach has to change. They have to be able to explain what the value prop is of the overall equation.”
Szczygiel continues, “They also have to change their accounting system. Maybe their accounting system doesn’t permit an invoice to be spit out every month. They need to change their incentive plans for their sales team, because they have to pay them based on the subscription model, not on a one time sale.”
There can be some hesitation on the users’ end, though in the age of the subscription-based model users are used to paying for Microsoft Office, Zoom, Slack, etc. Still, the advice given to security dealers and integrators struggling to convince end users to budget monthly for their solution is to demonstrate the value and stress the cost savings.
For one, they can move forward as their budget allows rather than spending a substantial sum up front. “Scaling is easier to swallow when you’re in the cloud,” Houle says. “It’s not that it’s a pay-as-you-go type of scalability but it’s almost like that. You can control how you scale and how much you spend as you grow your system.”
Though the benefits of cloud-based systems have been made clear, some in the industry hesitate to transition.
IMAGE COURTESY OF ACRE
Bengtzen stresses the importance of emphasizing the up-front cost savings of a cloud system. “The problem is with access control in general,” he says. “There’s a lot of hardware that goes into a system. It’s expensive. With PDK, we have our controllers, readers, and software. Customers don’t have to purchase racks of servers and other network appliances they’d need with an on-prem system. However, there’s still all this other stuff customers need, like electric strikes or mag locks; request to exit devices; door position sensors; other monitoring sensors. Plus, you’ve got all this wiring — so the cost does add up. Putting all that together in an affordable package can be difficult, especially for customers who are looking for something quick and easy-to-install. They expect it is going to cost less than it does.”
Bengtzen continues, “Another benefit of selling access-as-a-service is that instead of charging for all the equipment as an upfront cost, dealers can offer the customer a lease option where the dealer covers everything, but every month, the customer slowly pays off the system as the price is rolled into the recurring revenue costs. Other things might also be included — like managed services where the dealer manages the software and creates a convenience factor for the end user.”
Cloud-Based Access Control Offerings
The following are a sample of the cloud-based access control solutions from companies who participated in this feature.
//
Brivo Access
Brivo’s cloud-based access control can be deployed at the enterprise level, for multifamily housing and for commercial real estate:
Enterprise
Brivo’s Enterprise-grade access control solution can be used to implement an effective and scalable security system. Users can manage all their assets in one cyber-secure place. Brivo allows users to connect physical access control with identity and access management to expand data collection and gain better insights into their physical space.
Multifamily
A security platform designed to create a modern smart multifamily community, it provides residents with the amenities they want such as increased property management efficiency with tools like self-guided tours and mobile management. Smart features like thermostats and sensors save costs and increase asset ROI.
CRE
A cloud-based access control system for the smart office and multi-use building, it tracks occupancy to protect the health-safety of residents, customers, and visitors. Use mobile credentials to create frictionless flow for occupants from the parking garage to the office suite.
Image Courtesy of Brivo
PDK’s PDK.io
PDK is an easy to use, anytime, anywhere, fully integrated access platform. Regardless of the size of the user’s business, PDK scales to their needs and makes access management easier than ever. Issue credentials, edit access permissions, and create automatic schedules from PDK.io’s user-friendly interface. Whether from a computer or while on the go, access the full power of pdk.io. Run reports, view activity, and make changes anytime, anywhere. Easily manage multiple locations under a single account. People, Groups, and Rules databases are synced across sites.
Image Courtesy of PDK
Genetec Synergis
Whether users need to secure a large, multi-site facility, or a smaller installation with a few door locks, Synergis has the flexibility needed to adapt to the user’s security environment. The system is designed to scale as their operations grow and lets users choose from leading open access control hardware.
Synergis is an IP access control system that heightens an organization’s security and increases the user’s readiness to respond to incidents, all while leveraging their existing network and security equipment investments. Genetec’s Synergis is cloud-ready, meaning that users can confidently move part or all of their access control to the cloud at their own pace with Genetec’s hybrid and secure architecture.
Image Courtesy of Genetec
acre’s Incedo Open
Incedo Open is a cloud-based access control system for building owners, businesses, building hosts, property managers and tenants with many smart access management solutions.
Incedo Open offers digital planning and digital management of access control systems. Through digital locks, cylinders and a smart entry phone, Incedo Open facilitates efficient key management. The access control system provides options to install an offline and online system from the entry phone and entrance to public doors, as well as apartment, office and warehouse doors. Incedo Open can manage multiuse locations, like those that house both offices and apartments under the same roof.
Image Courtesy of Acre
Napco MVP Access
Napco Access Pro’s new MVP Access ACaaS platform is a scalable, quick-to-deploy solution for all requirements, modest to enterprise. Up and running in a few fast steps, no on-premises PC or database is required. It seamlessly supports new and current Continental Controller and Alarm Lock Networx lock lines for comprehensive security. MVP app-based admin functionality, e.g, lockdown, threat-level management and door-control etc., can be activated from anywhere 24/7. MFA and iLock Bluetooth mobile credentials make the user experience convenient yet secure. Last but not least, MVP Access’ new SMS and email status alerts can be configured for use in multiple event types, and are ideal emergency notifications sent to all building occupants and/or authorities and first responders, etc.
Image Courtesy of NAPCO
Growing in the Cloud
As the experts have previously touched on, users are looking for integrated “all-in-one-platforms” — which the integration potential of cloud-based access control systems can offer. There’s also an opportunity to add additional managed services to the system, like business insights or even services based on how they’re interacting with the system.
“You can provide them insights on how they can optimize their usage, potentially,” Houle says. “You can even have the ability to possibly offer an end user a feature based on the way they’re using something with data behind it — not because it’s a new flashy thing that came up, but because the data tells me it might be useful for you. I’m able to provide you with this extra service if you want it.”
Szczygiel points out one challenge that is in the process of being addressed. “One of the big pains that a customer has — and a cause of some of the lag in the market — is the incompatibility that exists in many cases between the credential reading devices, the card readers and the credentials themselves,” he says. “And this has been a problem for 40 years. As soon as this technology was developed, everybody created their own iteration of it. Everyone has their own proprietary version, which is a little bit different than the way it was done in other areas like credit cards.”
Szczygiel continues, “So I think there’s a huge opportunity for the entire security industry, because for the first time, we have some forces in the market that are generating that opportunity to create universally compatible readers and credentials. I’m referring to the wallet technologies that use Android and iOS and essentially the mobile platforms as a form of credential. By design, those technologies require the underlying readers to have compatibility, and they do not permit this proprietary world to exist where a manufacturer gets to say my reader and my credential are the only things that work on my device.”
Advice From the Cloud
From provider to provider, the approach to cloud-based systems vary, so it is important to select the option that is best both for you as a dealer or integrator and, most importantly, for your customer.
Cloud-based access control can offer users increased integration and additional managed services potential.
IMAGE COURTESY OF Genetec
Some — like Brivo — are cloud-first options. “Users want to have full management capabilities from their cell phones, not a watered-down version of the software,” Bengtzen says. “They want complete mobile management, from anywhere with the latest software and features. These are all benefits of true cloud systems, things that you don’t get with on-prem.”
Others tout the benefit of a hybrid approach. Genetec’s Houle says, “Maybe cloud-first is not the way to approach it and maybe hybrid is better because hybrid allows you the opportunity to be flexible, to be open, and to allow you and your customer to sit down and choose the best path for how a customer can be best served.”
Napco’s Goldsobel recommends focusing on the right solution for the right job. “Everything’s available in both on-prem and hybrid cloud service,” he says. “There’s a huge spectrum in my mind, and I hate setting up dealers for failure. I try to be very specific about cloud-based functions. But again, there’s the right tool for the job. There’s still going to be some locations that require a good on-premise server and I think, being fair to the dealers and the end users, giving them that choice for the right tool is good.” SDM