Access control as a service or ACaaS, in which a cloud service provider manages an end user’s access control needs, has become a major trend. This is mostly because of the various benefits associated with it – for example, enabling the user to lower or eliminate initial investment in access control-related devices and architecture. Meanwhile, users have also grown to trust service providers who are more knowledgeable of network security issues.
Izvor: a&s International
Access control as a service (ACaaS) has been around for a while. But it wasn’t until recently that people have realized the various benefits of ACaaS and begun to adopt it at a more rapid pace. According to a recent research report by MarketsandMarkets, the ACaaS market is expected to reach a value of US$1.7 billion by 2022, translating into a compound annual growth rate of 26.8 percent between 2016 and 2022.
“Migration of access control to the cloud is becoming a mainstream trend. We can see a lot of movement in that direction,” said Andrija Pušić, Director of Product Management at Spica, which offers ACaaS through the Door Cloud brand.
“We started doing this in 2002, and we’ve been doing it for over 15 years now. For the first eight to nine years this industry was a little bit slow. I would say in the past five years people have finally become comfortable in ACaaS and are more willing to move forward with this new model,” said Steve Van Till, CEO of Brivo.
Benefits abound for users, integrators alike
This increase in willingness certainly has to do with ACaaS benefits for users and integrators. For users, their biggest objective is to lower cost and focus on revenue-generating processes in the midst of competition, and ACaaS can help in that regard.
“Access control as a service continues to grow in popularity, particularly in smaller commercial projects, as it removes the capital-intensive setup costs of a traditional system. This allows the end user to transfer security management to a maintenance cost rather than an investment with no financial payoff. The capital saved can then be put to use on other revenue generating opportunities,” said Jim Dearing, Senior Market Analyst at IHS Markit. “Having the security system managed by an outside entity also relieves the responsibility from the company’s own employees. This means that their time is also freed up for other revenue generating tasks. This also removes the possible vulnerabilities and inefficiencies caused by the staff member being on vacation or off work through illness.” For integrators, they also stand to benefit from ACaaS, which moves away from the one-off payment model for traditional installations. “Another reason the integrators have moved forward with this is that this is an industry that’s dominated by products that bring recurring monthly revenue. That’s why integrators have chosen to start selling more if it,” Van Till said. Currently, the market rate for managing access control is $15 per door per month; a typical small business with four to six doors represents a good deal for integrators.
“In the past, integrator and installer awareness of this type of solution was a barrier to wider adoption. However, as the access control industries march toward greater use of more IT-centric devices during the past five years, these integrators are now much more knowledgeable of the benefits of selling this solution to end users,” said Dearing.
Concerns over network
Security For quite some time, cybersecurity constituted a main concern for those seeking to migrate to ACaaS. “Cybersecurity concerns continue to hinder adoption of ACaaS solutions, especially in larger enterprise projects where the threat of (and damage caused by) a successful hack are much greater,” said Dearing. “Moving management of security offsite creates additional security vulnerabilities: for example the method of communication used between sites and the data/monitoring center.”
Yet thanks to advances in technology and best practices followed by vendors and users, cybersecurity has become less of an issue in ACaaS. “As with any software that lives in ‘the cloud,’ off-premise data management and cybersecurity are major concerns,” said Kane. “Over the years, as manufacturers and end users have become more accustomed to working in that space, network and cybersecurity have taken center stage and protections have been bolstered as a result, making it safer for businesses to deploy more cloud-based applications.”
And according to Van Till, migrating to ACaaS can actually make access control more secure, given the fact service providers are generally more knowledgeable of network security than an end user entity’s own staff. “I would say that the opinion from the IT community or the CIO community has gone 180 degrees on that. Security departments and individual small business owners are following that trend of saying these cloud providers are spending 24 hours a day keeping my assets secure. They have dozens of software and network experts who do nothing but try to keep this thing safe. Whereas the amount of care bestowed on a typical client-server installation inside an end-user organization is close to zero, particularly small businesses who don’t have anybody on staff to take care of this,” he said.
Residential sector sees pickup in deployment
ACaaS carries various advantages, one of the biggest being all doors are secured and managed centrally, saving the end user the need to monitor everything onsite and invest in related devices and equipment. It is due to this reason that ACaaS is seeing deployment in various sectors, including residential.
Within the residential segment, deployment is seen more in apartments and condominiums rather than single houses, where users have less access control needs. “People usually don’t use access control in their homes. What we’re seeing in residential homes that’s similar to access control are wireless door locks with very simple management packages that are designed to control access for a family, with flat permissions across the family and pin codes instead of access control cards,” said Van Till. “They are not nearly as sophisticated as a commercial access control system with multi-tier administration and the notion of multiple sites, schedules and holidays and all of the other software features that you need in a full-strength access control system. Practically speaking you don’t really see access control in private residences.”
Things are a bit different in apartments and condos which can benefit more from access control as a service. “Multi-tenant housing (apartments) provides good opportunity for ACaaS solution providers in the Americas. There are many large residential property companies, which have properties that include offices, weight rooms, computer rooms and game rooms, all of which could be managed centrally and professionally,” said Dearing. “Although there is onsite maintenance, these employees are generally trained in maintenance and facility management and not IT.”
“Once you’ve given access control to everybody who lives there for all these common areas, now what people are doing as an additional amenity is putting in a compatible wireless device on each individual condo or apartment door, so that the one credential that you issue to the people for the common areas can also work for their own individual apartment door,” Van Till said. “That reduces management costs for the property manager, and it is perceived as a high-tech amenity by customers.”
In fact, Van Till mentions Brivo’s single biggest vertical market is property management, which tends to have multiple properties across a region and can benefit from centralized ACaaS management. “If you’re a property manager in a city like Washington D.C. where I am, and you’ve got 50 to 100 properties that you’re managing, having a single system to manage all of them greatly reduces your workload in terms of keeping credentials updated for the tenants in the building,” he said, adding besides residents, property managers can also manage contractors and other vendors using ACaaS. “Property management companies tend to use the same companies for janitorial services across all of those buildings, for engineering services across all of those buildings, for heating and ventilation services across all of those buildings, so from a vendor management standpoint, if they can have one set of credentials to manage their vendors and allow them access into whatever property they need to work on, that also has a huge benefit,” he said.
Concurrent demand in other market sectors
Users in other verticals are also realizing the benefits of ACaaS and have begun using it. “There’s really been more of a demand for ACaaS within the enterprise and commercial markets as a result of the need for businesses to seek out cost savings on capital investments (such as access control hardware) and central management of alerts and security-related issues. With ACaaS, users gain more mobile and remote monitoring for their facilities, expanding their ability to respond to and investigate threats,” said Kane.
In particular, SMBs can capitalize on access control as a service. “Many small-to medium-sized businesses lack the resources, such as robust IT departments, to house a comprehensive security solution in-house. Either they lack the monetary resources or the manpower to ensure the network is sound on a day-to-day basis,” said Kane. “Additionally, many IT leaders balk at the idea of having too many devices or functions on the network for fear of vulnerability to outside threats. With ACaaS, businesses can build a robust access control solution without having to stand up a dedicated server, instead running a full application in the cloud with the ability to manage from anywhere. Many of these businesses require this level of flexibility, as they don’t have dedicated security teams available to monitor incidents around the clock.”
Professional offices — those held by doctors, dentists, orthodontists, lawyers and consultants — have been cited as an example. “It’s very popular there, because those offices don’t usually have a technology officer or perhaps even a network management staff. They don’t want to have another server in their office, as they wouldn’t know how to take care of it, don’t want to pay for it and don’t have room for it,” said Van Till. “If you had to put a server in your house to take advantage of that mesh thermostat or the Dropcam cameras, you probably wouldn’t want that, because it’s one more computer in your house that you have to take care of. People running professional offices look at that the same way: they don’t want another server in their office. They just want the service, not the server.”
Van Till also mentioned ACaaS benefits for retail. “Retail is a great example of a highly distributed organization, and by that I mean high geographical distribution. A couple of our largest customers are in retail and they have over a thousand different locations under management,” he said. “All of the same benefits I described for property managers also apply to large retailers that have multiple facilities in multiple states or even multiple countries. What they want is to have a single security management system that is spread over all of those.”
ACaaS gaining ground
More and more enterprises and end users are waking up to the many benefits that ACaaS can potentially bring. Since this can eliminate the need to purchase expensive software or hardware as well as minimize the training needed to maintain the system, ACaaS appears to be a good solution for those seeking better return on investment and convenience.
IoT Migration Drives Demand for AcaaS
An important catalyst that’s driving ACaaS is the Internet of Things (IoT), which makes integration between access control and other systems possible.
“ACaaS is actually based on IoT. Cloud access controllers and intelligent locks are fundamentally IoT devices. Critical communications are IoT communications. IoT is the name of the game. So understanding and mastering IoT technologies is the key to ACaaS,” said Andrija Pušić, Director of Product Management at Spica.
“Probably the biggest thing it’s doing for us is making a lot of inexpensive sensors available, that we can integrate with the rest of what we’re doing,” said Steve Van Till, CEO of Brivo. “If you look at the industry 20 years ago, access control was a standalone product, video was a standalone product, alarms were a standalone product, intercoms and voice were a standalone product. Today what’s happening is that every platform needs to have all of those capabilities. So when you look at motion sensors that are traditionally used in alarm systems … now the security system is becoming a single service that encompasses access, video and alarm. They are relevant to access control because access control tends to be the centerpiece of any one of those integrated security systems.” Integration between access control and building automation can further set ACaaS providers apart from others. “This would mean adding building automation capabilities through integration such as turning on the AC/lights in a certain room following a successful badge swipe at the door. With regard to ACaaS specifically this could help ACaaS providers develop better data analytics or utilization software to enhance their offerings. Offering building automation products and IoT integration is also another potential avenue ACaaS solution providers could use to differentiate themselves from the competition,” said Jim Dearing, Senior Market Analyst at IHS Markit.