Cloud – Based Access Control
The cloud, or in more technical terms, cloud computing, refers to the concept of hosting applications on servers located in large, public datacenters where, through real-time connectivity such as the Internet, a provider can then offer access to the applications as a service. So instead of having a software platform on a local PC, the platform and database are hosted in the cloud, with no onsite software required. Then, users access their data and other functionality via a mobile or Web app, and in most cases, pay a fee to use this service.
In the physical security industry, the cloud has become an increasingly prevalent topic of discussion, where some still voice apprehensions, but where others eagerly advocate their support and interest. And although cloud-based applications have been around for some time and seen success in other industries, advancements in the computing landscape are driving the adoption of more and more cloud-hosted offerings in security. One of the leading areas of emergence is access control.
A Look at the Cloud Today
Factors like the increasing availability of faster and more affordable Internet connectivity and the expansion of global state-of-the-art public datacenters are also contributing to wider acceptance, suggesting cloud-based security systems are becoming more accessible, cost-effective and reliable than ever before. Similarly, the security mechanisms put in place by cloud providers to secure the platform from logical security threats such as hackers are also becoming better. In fact, cloud platforms are often more secure than the servers that some organizations have at their own facilities.
Another major factor that has contributed to the growing number of cloud-based security offerings is the inherent mobility available through such offerings. A growing number of end users no longer want to be tethered to a desktop PC or laptop to access their security system. Instead, they appreciate the convenience of using apps via their smartphones or tablets when they need immediate access. Extending mobility to these users means delivering solutions that they can interact with from anywhere.
Today, a cloud offering category that has been receiving attention in the security industry is video surveillance as a service, or VSaaS. With vendors now offering fully hosted solutions, VSaaS is essentially lowering the barrier to purchasing an IP system by reducing upfront costs and complexities for end users, while boosting recurring monthly revenues (RMR) for the integrator.
For the end user who wants to secure their organization but does not want the burden and costs sometimes associated with housing, maintaining and cooling servers, or for those with limited IT resources or expertise, choosing a fully-hosted cloud package is a very attractive solution. They also benefit from mobility aspect, being able to pull up video and handle alarms from any device connected to the Internet.
Similarly, integrators who are not necessarily interested in deploying and supporting security applications involving complex infrastructures, can now look at fully-hosted cloud offerings as an easy-to-install option that lets them focus on other core services or competencies. While helping to streamline and simplify operations for the integrator, cloud-based solutions can also serve as a new opportunity to expand their market share by encouraging the swap from older analog systems to powerful IP-based video technology.
Doors Opening Via the Cloud
The benefits of the cloud can extend into many other security applications, including access control. Just like VSaaS, access control as a service (ACaaS) is an appealing option for smaller to medium-sized businesses with fewer than 30 doors to secure, like small offices, schools, medical centers or even municipal buildings. In most cases, these customers are seeking the added security and flexibility of IP-based access control, but cannot justify or afford the upfront hardware and IT costs of a traditional server-based solution.
More so, they might not have the personnel or in-house expertise to properly manage and maintain servers. Instead, they look to ACaaS to lower their initial capital expenditures, and forgo the responsibility of onsite servers while still being able to benefit from modern functionality like simple cardholder activation and deactivation, reporting or lockdown.
On the other hand, integrators seeking to grow their business into new markets or by offering new solutions can turn to ACaaS as their catalyst. While some integrators may choose to purchase their own servers, host an access control solution and lease the service to their customers, offering a vendor-hosted access control solution requires very little technical knowledge, minimal installation time, no maintenance, zero upfront investment and far less risk.
Like any access control project, the process of choosing which doors to secure, determining the hardware to be installed, and making sure the system adheres to fire and safety regulations is still necessary. But beyond that, with a hosted ACaaS solution, integrators merely need to install the door hardware, including readers or electronic locks wired to an intelligent door controller that connects to the cloud. From a system configuration perspective, the integrator would then simply log into their own application portal to handle setup, set schedules, create access privileges and provide their end users with credentials needed to sign in to the Web-based and/or mobile platform.
And with a vendor-hosted access control solution, even less time is required for maintenance once the system is installed, as all software upgrades and enhancements are automatically managed by the vendor hosting the application. With quick and easy deployment and no server maintenance required, integrators can complete more projects in less time, with the same number of technicians. This ultimately means integrators can take on more projects, and transition to a service-based business model with recurring revenue streams, one customer at a time.
More Service Business Follows ACaaS
Besides the mentioned benefits of the cloud like easy installation, reduced upfront expenses and little to no maintenance, cloud-based access control also ushers in a whole new range of potential services for integrators to offer.
First and foremost, just by saving the time needed to install and properly set up servers, integrators are able to focus on providing more guidance in terms of hardware selection, risk identification and system design. And in a highly competitive market, taking the time to guide an end user to their ideal system and ensuring they are happy with the end result could become a differentiating quality that brings additional references and business.
More than that, managing access control-specific services like issuing credentials, adding new cardholders, all the way to more elaborate tasks like printing and delivering cardholder badges or monitoring and handling access control alarms, become great potential value-add opportunities. Depending on the end user’s capabilities, level of comfort with the system or available resources, integrators can tailor their offering on a per-customer basis and offer varying degrees of complementary services. To the customer, the integrator then becomes a one-stop shop for IP security technology that is hassle-free, cost-efficient and effective.
In similar respects to VSaaS, integrators can also propose an access control hardware leasing program in cases where the end user really wants to forgo all equipment investment. Without necessarily being limited to these examples, temporary installations that still require a few doors to be secured, like a blood drive clinic or a short-term event with backstage areas, could benefit from this type of service. Integrators can also choose to bundle the cost of the hardware into the monthly fee, offering a financing option, and ultimately making it easier for the customer to manage cash flow and risk when adopting a new IP security solution.
Considering the Platform Risks
Regardless of all the benefits, when proposing a hosted security system, integrators still might be met with uncertainty and apprehension. Privacy issues and security risks may be of concern to some end users. But this is where choosing to offer a cloud-based solution with advanced security features comes into play. Encrypted communications, data protection capabilities, and strong user authentication and password protection are key features for any cloud-based system.
In the case of a breach, the end user relies on full audit trails to verify who had access to the system and see what changes were made. Properly investigating the cloud platform’s inherent security functionalities and policies, and checking out their certifications can also help confirm the reliability and security of your cloud-based deployments, and put the minds of your customers at ease.
Looking at the Cloud’s Forecast
As the demand for extending mobility into the field continues to rise, and more and more end users, as well as integrators, consider the benefits of hosted security systems, VSaaS and ACaaS will gain tremendous traction in the industry. At that point, it will be interesting to see what other types of systems come into the cloud, and how information from all these systems will be managed.
A unified cloud-based platform might be beneficial to those end users who seek to merge information and functionality, but for now integrators wanting to explore new potential revenue streams or spread into untapped markets can rely on fully-hosted VSaaS or ACaaS to get the job done.
Christian Morin is Director of the Stratocast Product Group at Genetec (genetec.com).
The Outlook for Access in the Cloud
A November 2012 report by IMS research, titled “The North American and European Markets for Access Control as a Service (ACaaS) – 2012 Edition,” indicated the following market outlook:
- Hosted access control was estimated to be the second-largest market opportunity for ACaaS for North America and Europe in 2011, and was also estimated to be the fastest growing market from 2011 through 2016.
- Small contract sizes were estimated to be the largest market in 2011 and are forecast to remain the largest market in 2016, representing about 59% of the contract size market.
- Small and medium-sized businesses are forecast to remain the largest end-user customer type through the forecast period. Enterprise and government is anticipated to see strong growth and is predicated to represent about 13% of the market in 2016.
Pricing Models — According to the IMS report, the current state of the ACaaS industry does not have a set standard for pricing. Some providers may charge their dealers monthly for the number of connections or doors or the provider may charge the dealer quarterly or perpetual annual subscriptions. The dealers may charge a markup to the end user and only charge by the number of doors or the dealer may charge by users, transactions, sites or a combination of all three. The billing model for ACaaS remains customized and on a per-project basis.