Cloud-based access control

To many security dealers and integrators, cloud-based access control is something that utilizes a cloud-first or cloud-only approach. Typically, it is used for hosted or managed access control, and is primarily aimed at smaller-sized end users that don’t have their own security or IT departments. Right? Not so fast.

There are commonalities when it comes to defining what access control in the cloud is — and what it isn’t. For example, Jeff Perri, president and COO, Prodatakey, South Jordan, Utah, defines it as a seamless environment for the user.

“In some cases you will find platforms in and out of our industry that tout they are cloud-based but really they are just Web-hosted from the site. What we find in the security industry is there is really this noise that has made it difficult to define what true cloud-based access control means. For us the definition is unity of platform. What I can do on my computer I can do from my smartphone or tablet and have 100 percent functionality on all platforms.”

It has a six-component definition of cloud-based access control, These include: broad network access; on-demand self-service; a shared pool of configurable computing resources such as servers and storage applications; the capability to be elastic and rapidly provisioned and deployed; minimal and outsourced management; and measured service.

For Steve Van Till, president and CEO of Brivo, Bethesda, Md., the true cloud server is not necessarily public. “Publicly available means not a private server,” he explains. “We see some people taking old, non-cloud software, running it in a virtual private server and calling it cloud.”

Nor is cloud necessarily managed. It’s usually hosted, but that can get murky as well, Van Till says. “It can be a managed system without cloud. Many managed offerings hide the fact that they aren’t a cloud solution. People also equivocate on the term ‘hosted.’ Taking old software and putting it on a virtual machine at Amazon is hosted, but certainly not cloud.”

‘We are at a point in prevalence where every integrator needs to have access to a cloud-based solution of some type or they risk being left behind.’ — Peter Boriskin, ASSA ABLOY

Others are looser with their definition of cloud. Ross McKay, director of products for Pittsford, N.Y.-based LenelS2, part of UTC Climate, Controls & Security, a unit of United Technologies Corp., calls his company’s evolving cloud product line — which is starting with infrastructure as a service — a hybrid solution. “It will have some data on-prem and some off-prem. [Our customers] want to be very surgical about what data is within their own four walls and what data is outside.”

This is part of an emerging trend that may change or expand the definition of cloud, adds Peter Boriskin, vice president of product management at ASSA ABLOY Americas, New Haven, Conn. “In today’s cloud environment it is important to define cloud-based access control not only in what it does, but how it is set up. Some utilize a public cloud where the system is operated by a third party.…Meanwhile we are seeing larger enterprises and government entities that prefer to set up their own private cloud so they can be the custodians of their own data. We are also seeing hybrid models where confidential data can be stored onsite while the processing power can be handled by a third party.”

Boriskin says cloud-based access control isn’t so much a technology trend as it is a market trend. “We are seeing a whole new level of acceptance of the solution. There are now so many access control manufacturers leveraging the cloud that it is finding its way into all verticals and market segments.

“It’s hard to put an exact number on it, but it would be safe to say that current growth of cloud-based access control solutions is easily 10 times the growth of non-cloud solutions. More contextually, we are at a point in prevalence where every integrator needs to have access to a cloud-based solution of some type or they risk being left behind.”

Is Cloud Access More, or Less Cyber-Secure?

“For integrators, especially small integrators, cloud-based access control allows them to provide a scale beyond their size,”  “For end users, cloud breaks down barriers to access.”

‘The real value-add for integrators is the service offering they can provide their customers.’

Cloud is easier to install, because it doesn’t require on-site computers, servers or database specifications, with all that entails, Widlitz adds. “These, plus no complex network routing  make it easy to install. Remote diagnostics, technical issues and services can be carried out from a Web-based portal or smartphone — by simply logging in, it’s possible to remotely view status, grant and revoke access, view video and more.”

Beyond the RMR for simply hosting cloud access, integrators can choose to do more managed services, or charge for diagnostics and maintenance that is now much easier and more cost effective to offer.

“The real value-add for integrators is the service offering they can provide their customers,” says  Chris Wilson, vice president of operations, Paxton Access, Greenville, S.C. “They can get the system installed easily and provide value remotely from configuration changes, adding and removing users and reporting on the system for their customers.”

This is huge for dealers and integrators, says Richard Goldsobel, vice president, Continental Access, Napco Security Technologies, Amityville, N.Y. “One of the biggest things we spend time on and our dealers spend time on is loading software on various platforms and maintaining it, keeping up with service patches and security patches and security individual users and domain privileges. Getting all of that right is a huge support time issue. In a hosting environment you eliminate a huge portion of those headaches…. Dealers love the RMR, and that is great; but all of those support issues become much simpler as well.”

Not only are diagnostics after the fact easier, but getting the job in the first place might be easier as well, Arcuri says. Often integrators will compete based on price and a big metric for that is the total cost of labor. “Integrators that do lead with access as a service often come out ahead,” he says.

Van Till agrees, adding there is an opportunity for more profit on the front end as well. “The number of hours they would normally invest installing the database and software, setting it up, bringing it to the customer’s building, making sure the licensing is correct and having a tech trained to do all of those things is a huge up-front expense that is eliminated. The integrator can choose to be more.

Advice for Integrators Looking at Cloud Solutions

Because it is a burgeoning trend, there is not good data on the adoption levels of cloud access in the enterprise space, Van Till adds.  But he notes that revenue streams from this end of the market have been steadily increasing.

The use of cloud is increasing overall in the enterprise, leading those customers to view older access control solutions with a critical eye.

“With the increase of bandwidth, WiFi availability just about everywhere and server farms on every continent, global entities now see ACaaS (access control as a service) as a credible offering,” says Paul DiPeso, executive vice president, Feenics, Ottawa, Ontario. “Feenics has a number of enterprise customers with hundreds, and some with thousands of readers in a hosted environment because the metrics proved that the cloud improved their total cost of ownership.”

Leave a Comment