State of the Market: Access Control 2015
Click the links below to be taken to the respective sidebars in the 2015 "State of the Market: Access Control" article
2 Technologies to Watch Closely | The Toroise & the Hare Allegory | I'll Take 3 Standards (online exclusive)
Top Access Control Vertical Markets | Q&A with 'The Fixer' Integrator | There Are No Elephants in the Cloud
Sometime around the middle of last year many access control industry insiders noticed a welcome phenomenon: People were smiling more. At trade shows, around industry roundtables and across boardrooms, a collective weight seemed to have lifted. As the economy finally shrugged off the doldrums and businesses started loosening the purse strings, those manufacturing, selling and installing access control saw momentum — whether for the first time since the recession or as a continuation of a recovery begun a year or two earlier — that led to a positive 2014 for most and a rosy outlook for 2015.
This is reflected in SDM's 2015 Industry Forecast Study. SDMreaders were contacted in the fall of 2014 about their opinions of the state of the market in 2014 and their expectations for 2015. Nearly 70 percent rated their current access control market as goodor very good/excellentin 2014. When asked to predict how the market would fare in 2015, there was a substantial gain (9 points) in the percentage of respondents who expected the access control market to be very good/excellent. (See charts on page 51).
“We fared better than we budgeted for or expected in 2014,” says security integrator Skip Sampson, CPP, president, KST Security, Indianapolis. Sampson, who is featured on this month’s cover, attributes this growth in large part to the general economic recovery.
“It all hinges on budgets. We would engineer a lot of projects in previous years, but they might sit for a year or two before the funding would come through. This year a lot of those projects were finally funded, and other projects we consulted on and engineered got funded right away. In the summertime, everyone said to themselves, ‘This is going to continue to be good.’ We saw projects in the summer that took us right through fall and winter and proved to us that corporate America was releasing funds.”
Christopher Sincock, vice president, security business, DAQ Electronics LLC, Piscataway, N.J., says the positive atmosphere was palpable. “There were more smiles the second half of 2014. Traveling around North America, I saw signs of construction that I hadn’t seen for a few years and that was very encouraging. There is nothing like seeing a bunch of cranes when you are driving through a city. I love to see those.”
Research firm IHS Technology, in its most recent study, predicted the global market for access control would grow at about 5.5 percent. However, Blake Kozak, senior analyst for the Englewood, Colo.-based firm, says if you figure in wireless and electronic locks, that number is closer to 7.5 percent. “2013 was sluggish; but [during] the back end of 2014 the market started to come back,” he says. “Based on our analysis of the last eight months or so, the market will continue to improve.”
While many in the industry reported similar growth numbers, a few outstripped that by quite a margin.
“I would say that our company performed extremely well — almost publicly too well,” says security integrator Craig Jarrett, president, Netronix Integration Inc., San Jose, Calif. “We grew right at 65 percent last year. As a whole I would say the industry grew, maybe not as much as we personally did, but everyone I talked to was pretty positive and the sentiment seems to be that 2015 will be even better.”
There are concrete reasons for this optimism. Along with a freeing up of funds for both old and new projects and a rise in construction (see chart on page 55), access control systems are quite simply “aging out.” This fact, timed as it is with rising optimism in the economy and businesses’ willingness to spend money, is good news for the access control industry.
The Big Trends
“I think what has happened is the economy finally started to show signs of stability and there are many large companies and systems that really needed significant upgrades or replacement,” says Frank Gasztonyi, chief technology officer, Mercury Security, Long Beach, Calif. “Many of those systems were installed 15 to 20 years ago. What we saw after 2009 was many companies who were reluctant to grow or upgrade those systems or they did the minimal. In 2014 they started to release the budgets to upgrade.”
Scott Schramme, vice president of sales, Continental Access Control, a Napco Security Group Company, Amityville, N.Y, agrees. “Right now in the access industry one of the big things going on is a lot of opportunities with what I will call ‘retro.’ There are a lot of systems out there that have just gotten old. Because of the influx of money, a lot of businesses are spending it to upgrade access control systems. It is a big opportunity.”
Sampson has seen this trend in action. “We see a large opportunity out there for upgrades to systems that have been in place for years. They are now getting the funding to upgrade both the hardware and software side of things for those systems.”
Speaking of software, Mitchell Kane, president, Vanderbilt Industries, Parsippany, N.J., points to the lifecycle of technology as another driver timed just right for the access control industry now. “There is a technology cycle every six to seven years where everyone seems to do upgrades. One of the biggest drivers over 2014 and going forward is that a lot of the companies we support are finally moving to the latest Microsoft version, which in turn forces upgrades. Some of them are still running on special license agreements. When they start to move away from those it opens up all kinds of opportunities.”
Beyond software, another sea change has occurred within that seven-year technology cycle: the rise of the “Internet of Things.” While not a direct driver for security yet, this is an entire mindset taking over the consumer side of life, and many expect that to bleed over to the industry sooner than later.
“The Internet of Things (IOT) is literally a giant map of smart devices that are floating out there,” explains Rob Martens, futurist and director of connectivity platforms, Allegion, Carmel, Ind. “I do see an interesting growth potential with the pull through into the commercial market with the IOT. Now a lock isn’t just a lock. It is a potential smart device that can add something to their lives.”
Everyone is a consumer, says Andrew Elvish, vice president of marketing and product management, Genetec Inc., Montreal. “It’s my mantra. We all have smartphones; some have Apple TVs or home automation. Even though we are a B2B business, people’s expectations are set in many ways by their experience as consumers.
“There is a refresh period going on in terms of technology. In the past six to seven years, the tech gap between what they have and what they can get is so compelling it is time to make that move. And concerns around security both physical and logical are very present in those doing risk assessments,” Elvish reasons.
As more and more IT departments get in on the security upgrades, this could be a significant factor.
Marcus Logan, senior manager, product marketing, Honeywell Security, Louisville, Ky., sees a definite correlation between consumer experiences and business expectations. “I can unlock my door or manipulate my house through my phone or iPad. How come I can’t interact with my office door the same way?”
Finally, there is the fact that U.S. corporations are sitting on more cash today than ever before, after hoarding it for years against a sluggish economy. Moody’s, a credit ratings company, reported that U.S. company cash levels reached a record level $1.65 trillion in mid-2014, according to an October 2014 Reuters article.
“I read there is more cash sitting on the ledger books today than at any time in history,” says Scott Baker, president, EMS & OEM Group, ASSA ABLOY Americas, Phoenix. “In 2008 a lot of corporations focused on cash flow. Once they have all that cash, there are only a few things they can do when the economy gets better: look for acquisitions, buy back stock or invest in some other way. Business investments include security.”
CEO and founder of Camarillo, Calif.-based Security Door Controls (SDC) Arthur V. Geringer, DAHC, agrees with the options present in such a circumstance. “This year should be even better because there is so much money sitting on the sidelines and pressure to get more than just a larger return.”
What does more money to play with, a willingness to spend it, the need to upgrade end-of-life access systems and new types of buyers with a keen interest in technology add up to? A whole lot of opportunity.
Baker put it best: “I am more optimistic at the start of 2015 than I have been at the start of any year since 2008. It is the first time I can remember that the end users and manufacturers and integrators are all lined up with a strong economy.”
Industry Challenges & Opportunities
In addition to the big things that are adding up to a very optimistic outlook for access control, there are also some ongoing inside industry trends with the potential to impact sales both positively and negatively.
As a whole, access control is not a fast-moving industry. Often, what is “new” to the average end user has actually been around for several years; but only after it is proven and they see others implementing it will they jump in.
“There are a number of key challenges to this market,” says Dr. Selva Selvaratnam, senior vice president and chief technology officer for HID Global, Austin, Texas. “The biggest challenge is perhaps related to the prevailing attitudes about access control. In 2014 HID Global conducted a survey that raised questions about how well organizations are ‘keeping up with the bad guys.’ We found reliance on legacy infrastructure, technology and mindsets will make it hard for organizations to keep up with today’s technology advances that address a world of increasingly sophisticated threats.”
For example, the survey found that while 75 percent of respondents felt cards with cryptography were important, the majority also believe that mag stripe and proximity technologies provide adequate security, despite their vulnerability to cloning.
“The access control industry today still has a lot of proprietary nature to it,” adds Jason Ouellette, product line director, Access Control, Tyco Security Products, Westford, Mass. He points to situations such as the end-of-life announcements around GE products. “At the end of the day it is a forklift exercise and most of the strategy is how to protect and preserve the reader. What is already in place will drive a lot of who they will go with when it comes to access control decisions.”
This is a trend across the board, Genetec’s Elvish says. While his company experienced strong growth in 2014 in line with others’ performances, it wasn’t as strong as they had expected, due in part to platforms being discontinued and companies (both manufacturers and integrators) being acquired.
As the industry was busy consuming itself, those watching — particularly the new breed of buyers — went into “wait and see” mode before committing.
“We were expecting a lot more of our large customers were going to add access into unified projects,” Elvish says. “It did happen and is happening but there really was a wait-and-see attitude among CSOs and CIOs due to so much flex in our industry. Interestingly, in 2014 we also saw a real change in the people around the table, the buying teams and decisions makers. Now we see people like the chief resiliency officer (CRO).”
These new people are influencing buying decisions and that is a trend that will continue. Like it or not, access control and the security industry in general have to embrace IT and IP (Internet Protocol) and the new breed of decision makers who live in these worlds.
“There is slow progression, even within organizations,” says David Bunzel, executive director, Physical Security Interoperability Alliance (PSIA), Santa Clara, Calif. “We have board members working for larger security companies that, when they come from a different industry, scratch their heads and say this industry thinks ‘old.’ But there are some companies and individuals in companies who see the value and understand what IP devices do and the Internet of Things.”
So what you have going on in the industry is a push-pull of those who feel that the traditional panel/card reader (often proximity) systems have worked for them and continue to work and those that understand the power of IP and the potential it can bring. The age of the traditional panel is waning and the IP/network/edge infrastructure is waxing. The trick is negotiating the transition.
A new breed of integrator is beginning to emerge to help navigate these waters — the IT integrator. This integrator is not always the competition, says Gavin Bortles, president, The Kepler Group Inc., Altadena, Calif. “We are bridging the gap between physical and logical security. There are a lot of old school security integrators who have a significant momentum in the market, but have yet to really invest in the IT side of their skill set. That is where we come in to help.” (See Q&A with ‘The Fixer’ Integrator on page 56.)
KST’s Sampson adds: “We rarely see an opportunity that isn’t involving both IT and security now. When we have our yearly client reviews it is with both — security to understand what is coming up with deployments and IT because they know what that software roadmap is.”
IP may be daunting to some, but Bortles sees access control systems, even traditional ones, as a natural fit into the IP world. “Because of its network footprint, access control has a lot more flexibility on where it resides and on what infrastructure. A camera load is significant on the network, but access control just acts like a regular computer. Because of that it is much easier to IP-enable an access control system and deploy it in any environment. The barrier to entry is a lot lower. I don’t think the convergence industry will mature this year, but there will be a big push.”
What that means is even though video is often considered “king” in the security world, access control actually has the advantage when it comes to being the kind of solution that is considered normal practice in an IT department, he explains.
And guess where the budgets reside? “We can potentially get to the point where security folks have access to the kind of budgets IT has had for the last 20 years,” Bortles adds. “Security has been kind of the red-headed stepchild within the organization, not a profit center. But as security becomes more of an integral part of that we will have a lot more IT departments doing security system upgrades. Look at Sony. If someone is inside your firewall, imagine if they can view your cameras and physically see your sensitive areas. That is the frightening discussion in the enterprise now. When folks have that kind of fear struck into them, money becomes available.”
Beyond Access Control
It is impossible to talk about access control today without also talking about “what else?” Access systems are rarely standalone these days and more and more customers at all levels expect it to be integrated, at a minimum, with video and intrusion detection.
In fact, 60 percent of SDM’s Industry Forecast responders expected sales of integrated systems to increase in 2015, ahead of access control at 55 percent (see chart on page 51). This is a number that has been steadily climbing over the past few years.
“We have deployed a percentage of systems with video integration and that continues to trend up,” says integrator Jason Cloudt, vice president of sales and marketing, Security Equipment Inc., Omaha, Neb. “We were integrating video on smaller systems this past year: we did some systems that were 50 cameras or a single building that wanted video integration. Another thing I see us having more success with is integration with intrusion and tying it all in with one graphical user interface (GUI) to manage it.”
DAQ’s Sincock calls this the “holy trinity of access control.”
“At the end of the day, everyone has that, even the smaller operations by virtue of number of doors often have more cameras than doors under access control,” he says.
What has changed and is changing, however, are end user expectations for what that integration can do for them. They no longer have to be persuaded that integration is a good idea. They know that. Now the conversation is about the howand the what.
“They are buying a lot more of the integration capabilities,” says Gary Staley, national sales director, RS2 Technologies, Munster, Ind. “Number one is integration to outside databases so we can exchange data from HR packages for adding and removing people automatically from systems.”
Integrator J. Matthew Ladd, president and COO, The Protection Bureau, Exton, Pa., agrees with that assessment of buyer preferences. “We are seeing much more drive to have Active Directory, or integration to other systems. I think that is where you will see the growth, whether in 2015 or 2016: building and HR systems connected with access control.”
Steve Piechota, vice president and CFO for integrator Netronix sees this trend as a motivational force. “I think the ability to integrate with other systems has motivated some folks to begin to upgrade existing systems. Last year we did several that were virtually forklift change-outs of systems. They had end-of-life systems that were going to have to be replaced. They looked at ways of integrating with their HR systems and various IT systems and we sat in planning sessions with end users that were all about being able to do integrations and improve efficiencies. That is something I am selling on virtually a daily basis — the integration to other systems and taking disparate systems and linking them together.”
Sincock says even the term “access control” is outdated. “We have to stop calling it the access control market because it is so much more. There are so few access-control-only systems sold. These days so many folks also want integrated video and other things. It is becoming far more common to sell an integrated system than just straight access control.”
KST’s Sampson thinks “unified platforms” are the way forward. “They are really needing and buying a unified head end for all of their security systems. I think the vote is still out on who will win that unified head end: access or video manufacturers? But most of our opportunities have been centered around access control applications being the unified GUI of the video system and intrusion system and those types of technologies.”
This is what is driving the whole discussion around standards in the access control world. (See related article, “I’ll Take 3 Standards; Hold the ‘Secret Sauce’” on page 66.) “End users are seeing that the other ecosystems they work with, whether that is office systems or productivity tools, are all fairly integrated and work nicely together,” Genetec’s Elvish says. “On the security side of the house there are a lot of silos still and a lot of users are very hungry for unified or open systems.”
Per Bjorkdahl, chairman, steering committee for ONVIF, San Ramon, Calif., believes the access control market is following the video market in expecting open platforms and choice. “End users want to select an access control management platform and be able to pair it with a wide variety of different IP-based door controllers and card readers. It is no longer considered a luxury in the market. End users expect to be able to integrate video and access control together for a more complete and accurate picture of their security operations.”
End users are frustrated with closed, proprietary systems and are embracing the open architecture approach more and more, says Bruce Stewart, business development manager for access control, Axis Communications, Chelmsford, Mass. “With an open system users can build best of breed solutions instead of being locked into a legacy system with one vendor. IP-based solutions not only meet their needs today, but also have the flexibility and scalability to grow with them into the future.”
End users are also extremely interested in mobility — a trend that is a direct crossover from the consumer side. “There has been an interesting transition in the access control market over the last 12 months,” IHS’s Kozak says. “What wasn’t even talked about six or seven years ago is now at the forefront. People want to manage things on the go and not have installed software. The industry is beginning to focus on flexibility and mobility.”
Honeywell’s Logan agrees. “One thing we have seen more requests for that has been somewhat surprising is apps. Users want ways to interact with the system on the go, anywhere at any time. This trends spans from small entry-level systems to the enterprise. Three to four years ago they weren’t interested in apps. Now it is almost a minimum to compete.”
Paul Ahern, president, Cypress Integration Solutions, Lapeer, Mich., would add customization to that list of newer demands. “The requests for custom integration solutions to adapt non-typical data collection devices into access control systems have been robust.”
At the end of the day it all comes down to listening to the end users, adds Paul Bodell, president/CEO, ECKey Smartphone Access Systems, Lancaster, Pa. “They want a secure, convenient access control system that is affordable. Take a look at what you are providing. Is it secure? Most are. Is it convenient? Affordable? End users will ultimately buy the things that meet these three qualifications.”
And increasingly that convenience piece gets back to the consumer experience and expectation, Stewart adds. “With information at our fingertips in our daily lives, the thought of not being able to access your security information in the same way is becoming more of an expectation gap each day. Younger generations of security professionals are coming up through the ranks and are looking toward easy, accessible, flexible and open systems — not technology from the last millennium.”
While access control may be a “slow moving” industry, that doesn’t mean there aren’t new technologies being developed all the time. Two of the hot-button discussion points of the past year have involved the buzz around NFC/Bluetooth, and wireless online locks. SDM asked experts to weigh in on these technologies relative to their influence on the market in 2015 and beyond.
Smartphone as Credential
This is probably the top thing people are talking about in the industry. Interestingly, integrators mostly agree that they hear much more about this from manufacturers than they do from their end users. Still, the whole consumer expectation discussion would not be complete without contemplating the No. 1 technology of the decade: the smartphone. Putting aside whether near field communications (NFC) or Bluetooth low energy (BLE) will ultimately be the technology of choice — or whether there will be room for both — many insiders feel the phone as credential has the potential to be a “disruptive force” on the industry.
“I believe Bluetooth may have some of the most immediate opportunities,” says SDC Product Development Manager Mauricio Lainez. “NFC-enabled products are becoming more readily available, but the technology is still relatively unknown to end users.”
Rob Martens of Allegion still sees it as a generational thing, with the younger generation almost universally carrying a smartphone. “They think, ‘Why do I need to carry a card?’ As more of them enter the workforce that demand will only go up.”
NFC is brand new, says Jeffrey Nunberg, president and CEO, Integrated Security Systems, Miami, Fla. “We are looking at 2016/2017 for that to become more widely adopted. I am personally looking at NFC readers for our new headquarters building. But really it is new but not revolutionary. It is just another app. I don’t think it is something that will cause people to go out and replace what they have. They might upgrade their readers.”
ASSA ABLOY Americas’ Scott Baker agrees. “It is not going to be 2015. That will be our first opportunity to sell it in any numbers and early adopters will be the hospitality industry. If there is one lesson I have learned in this business it is that people in this industry are slower to change than in their personal lives or even other industries. Whatever technology will eventually dominate the world, it will take longer in the security industry than it did for smartphones to take over in cell phones.”
Manufacturers such as ECKey are on the forward side of this trend. “We are an early-stage company, says ECKey’s Paul Bodell. “I would say right now that 50 to 60 percent of our leads are end users asking if we have dealers that support these products because they want to do it.” Bodell believes in small and medium businesses things will start happening in 2015. “Smartphone-based solutions are literally a fraction of the cost of traditional panels and readers. Enterprise systems will take longer because they specified systems a year or two ago and aren’t going to change now. It will be at least another year and a half before it starts to disrupt that market.”
Others aren’t so sure smartphones will be a big factor any time soon.
“In 2015 we will, I think, see some advances in NFC/Bluetooth type access credentials,” says integrator Skip Sampson of KST Security. “But it is not ready for mass deployment yet. We haven’t forecasted a decrease in card sales because of it.”
RS2’s Gary Staley points to a personal experience that illustrates that the technology is not ready for prime time. “When I was in Las Vegas recently I bought breakfast in McDonalds using my phone. The girl behind the counter looked surprised and told me it was the first time she had seen that — ever. That gives me a measure of what people are used to.”
Still, there is a Unisys statistic that it says takes 26 hours for the average person to report a lost wallet, but only 68 minutes to report a lost or stolen phone.
“That is driving some of the awareness around mobile credentials, but what are still being deployed are traditional cards and readers,” says Marcus Logan of Honeywell Security. “I think it will transition, but don’t know how quickly.”
Wireless Online Readers
The emergence of a new class of readers from the likes of ASSA ABLOY and Allegion are set to position wireless technology as one to watch for 2015.
“Wireless is a very lucrative proposition,” says Frank Gasztonyi of Mercury Security. “Through the use of wireless we see that the number of secured doors can be significantly increased and end users are quite willing to do that because they don’t have to go through a major disruptive installation effort.”
Sampson views the new online locks as a business opportunity. “Finally we have something that is somewhat new in our bag of tricks that we are seeing a lot of success with now. We are not losing that business to a pushbutton lock.”
Not all integrators are comfortable with wireless yet, but if they can get there, it can literally open up new doors — and new business.
“Dealers and integrators are still not leveraging the benefits of wireless like they could,” says Scott Lindley, president, Farpointe Data, a DORMA Group company, Sunnyvale, Calif. “These solutions let integrators and end users reap the benefits of a wired system, without the cost of a hardwired system. They are an attractive alternative to off-line, standalone locking systems because they offer a real-time solution that’s compatible with nearly all brands of access control.”
Mitchell Kane of Vanderbilt Industries thinks wireless will bring the entire industry up. “These companies are making a large effort to move technology onto every door. When they do that, you are going to need access control systems to support them. It helps drive the whole industry in a positive way.”
Allegion’s Martens sees 2015 as the year for wireless. “We think it will be a great year for wireless locks. People really want that functionality but there were a bunch of us that didn’t really have that [online] solution. Now we have it and the interest is pretty big. If you think about it, it is very intuitive. I have let myself in the front door with my badge (or phone). Why do I have to use a key when I get to my office? Historically there just weren’t the right solutions in the marketplace. I feel like we nailed that one.”
ASSA ABLOY’s Baker agrees. “Not everything that needs to be locked is a door. There are a variety of openings, including cabinets, gates and server locks. This is a relatively new trend that we haven’t been able to do before.”
Integrator J. Matthew Ladd of The Protection Bureau says wireless locks are a growing part of his business. “It has changed the cost structure. We used to have to put in a control panel and then run wires to specific locations. Now we just have to get it connected to the network and we are up and running.”
Sidebar: The Tortoise & the Hare Allegory: Why a Slower Adoption of New Technology Isn’t Necessarily Bad
Access control is not known for its fast-paced adoption of new technology. If security systems were staging the well-known fable, video surveillance would be the hare and access control the tortoise. However, remember who won in the end?
That is not to say these technologies are in a race with each other, but rather that sometimes slower can be better.
“People are generally intrigued by technology,” says Christopher Sincock of DAQ Electronics LLC. “They have an idea that they would like to do something and then we get into that discussion. But if we look at everything the industry has talked about and presented over the last 15 years as new solutions, I think end users today just want to have those ‘new’ solutions that they have been exposed to, work, and in a way that meets their needs.”
And that may not be a bad thing.
“We are guilty as an industry of being technology first and application second,” Sincock adds. “We love talking about technology and a lot of end users that have to go out and make these decisions like technology, and they like listening about it. We get into a vicious cycle where new technology comes out and gets a lot of coverage in the press and exposure to end user, but it hasn’t really been proven in the field.”
Sincock actually points to digital video as the only technology over the past 15 years that took off “like gangbusters” and didn’t suffer setbacks.
“Everything else has black eyes and bruises, including facial recognition and video analytics.”
The problem with these two was that they weren’t ready for prime time when they started being adopted, and it hurt them. Even if they eventually became a real solution, they had to take a tumble or two to get there.
IHS Technology’s Blake Kozak sees adoption of new technologies, particularly in the access control space, as more of a gradual process. “You don’t just throw out new products and they become dominant in the industry. It takes time for integrators to understand how to sell them and for channel partners to use the technology.”
Manufacturers have deep marketing pockets, Vanderbilt’s Mitchell Kane says. While they can move the market, the education has to go hand in hand with that or it won’t work. “We rely very heavily on the integrators and end users,” Kane says. “The last thing we want to do is build toys in the back room and hope someone will like them.”
This process is very much in evidence today with the whole Bluetooth/NFC technology discussion. This is why manufacturers are all talking about this hot new technology, but integrators aren’t hearing about it from the end users.
“One of our roles as a software manufacturer is to be able to look ahead with a view to 24 months or more into the future,” says Andrew Elvish of Genetec. “By the time a product is introduced and has an uptake by the channel and hits its stride that can be quite a while. That is the big difference between consumer and enterprise. Enterprise takes a lot longer to deploy so we have to build our product anticipating needs two years down the line. We need to be sure the product we are developing early will be applicable and cutting edge.”
With the increasingly complex nature of access control and integrated systems that rely heavily on the IT and IP infrastructure, it was only a matter of time before someone stepped up to the market with a solution for struggling integrators overwhelmed by tech talk. Gavin Bortles, president, The Kepler Group Inc., founded his company with the intent to be a helper to smaller and medium-sized integrators, but soon found that it was the larger integrators who needed his services even more. SDM spoke with Bortles about his unique role the security industry.
SDM: What do you bring to the security and access control markets that other integrators don’t?
Bortles: What we are doing as a firm is bridging the gap between physical and logical security. Our two main offerings are network and systems expertise, and also cyber security. We see a convergence of those two. We concentrate on enterprise-class installations where the IP component of the install is great. The security integrator doesn’t have to bring the talent we have into their shop; they would outsource or sub to us on those handful of opportunities a year where they need us to bring the IT horsepower. We can liaise with their client’s IT people and help design around local TCP IP communications.
SDM:Do you compete with security integrators?
Bortles: We do have a handful of end users. There is a new end user out there: Enterprise-class organizations that have their own internal security team. But in general we do not want to be a competitor. We are not a security integrator. We want to be available for the large integrators going after these large projects. Let’s face it, the capabilities vary from salesperson to salesperson. If they know they have our team to assist them in closing business, it can be a significant tool.
SDM:Who are your main clients?
Bortles: When I first addressed the security industry I thought it would be small mom and pops that would need us. The truth is they don’t get into projects that are large enough to require what we can bring to bear. The large integrators, on the other hand, may have one or two guys doing an entire territory. We augment their internal skillset. The big boys want to be a project management firm and cherry pick the parts of the job they want to do. We are a network engineering sub. They only need us for a handful of projects per year; the rest of the time they have the skill set. But every now and then they land that whale.
SDM:What is a ‘fixer’ integrator?
Bortles: We do a lot of ‘fixing.’ For us to design and deploy a 3,000-camera system is not that difficult, but it may be for an integrator. Sometimes they have the mentality that they want to try to capture all the money and they try to do something bigger than they can handle. We are the geek squad for every security integrator. We are a services-based organization. We are not out there to sell hardware, software, or controllers. That is for our channel to sell.
The rise of the cloud in access control really means a different method or term for hosted or managed access control. While not a new concept, the buzzword has helped push this idea, and more and more integrators are at least looking into the possibility of starting or increasing the RMR side of their businesses.
SDM’s annual Industry Forecast Study has looked at managed access control for the past four years (see chart on page 65), and by and large, the number of integrators who report that they offer such services has stayed static. Yet, research firm IHS reported that the global access control as a service (ACaaS) market represented about $270 million in 2014. The company forecasts that there will be more than 1.7 million doors of hosted/managed access control by 2018.
That is definitely an opportunity worth considering.
“From the integrator’s perspective, I don’t think a lot of them are focusing on this,” says IHS’s Blake Kozak. “Integrators prefer to do a large campus project versus a hosted/managed service.”
Those that do it, see huge potential. “We started in 2009 offering a hosted server,” says Jason Cloudt of Security Equipment Inc. “It continues to evolve. We learned a lot in the first five years. Today it is a small part of our business, but it continues to trend up at a fast rate. We feel it is a better solution for our customers, and something that will help our longevity to be able to partner with our customers as opposed to selling them a solution then getting disconnected.”
Access control is a mature market, adds Jeffrey Nunberg of Integrated Security Systems. “The costs have come down so the barrier to entry is not as high. We are now using a managed service approach with many of our customers who couldn’t afford to deploy before. Historically we are kind of like elephant hunters who go after the big jobs. Managed access allows us to develop RMR. Certainly for that small to medium market it is a great approach.”
His company added a managed services component in 2014 and he expects it to have a marginal impact in 2015, with a greater return in 2016/2017.
KST is another integrator that is starting to offer cloud services, says Skip Sampson. While they have offered it for four years, they realized in 2014 it just wasn’t working. “We finally figured out we really couldn’t ask our elephant hunters to go after this business, too. There is a whole different sales strategy and you have to recognize that and train and equip your people to be able to sell that product.”
After a retool, which involved hiring new people on a different type of compensation plan, Sampson says they are poised to take advantage of the cloud now. “I need that piece of business. I hate that as our revenue number gets bigger each year I can’t tell you where that number is coming from when I budget. I need to get a piece of that revenue in contracted business.”
The Protection Bureau has been offering hosted/managed access control since the 1990s, says J. Matthew Ladd. “As company infrastructures and networking capabilities have grown, that has allows us to grow those services. Of the number of clients we have I would say that 25 percent to 30 percent are managed access. It is growing. I can add 10 managed systems with 16 doors or less much more quickly than I can take an enterprise system and grow that. It is a good business.”
RS2’s Gary Staley says cloud is such a great opportunity he would get into it himself, if he could.
“I am starting to see a little bit of movement to the cloud. I don’t know what is taking so long. To me, if I didn’t have to run RS2 and cover sales and take care of business, I would take one of my software packages and go out and start selling access in the cloud today. There is a lot of money there. I can put a card reader on my front door and a Mercury panel, and each of them have a two- or three-year warranty. I can charge $30 a month to monitor that door with no foreseeable service needed. Multiply that by hundreds of doors and there is a lot of money to be made.”
A big opportunity area for HID Global lies in our ability to provide customers with a complete product ecosystem for vertical customer market segments, spanning all necessary solutions across the value chain. By focusing on market segmentation we also fuel deeper customer dialogue. We see the following trends driving product and service sales opportunities in specific vertical market segments:
- Banking and financial institutions:Physical and logical security will continue to converge into unified solutions, against the backdrop of a mobile transformation in consumer banking, the U.S. move to EMV credit and debit cards, and the early phases of biometric authentication at ATMs.
- Hospitals and healthcare institutions: The latest secure identity solutions will play a pivotal role in securing the facility, narcotic prescriptions and personal health information, and also will be used outside of the hospital to verify “proof of presence” for home health service delivery.
- Education: As the transition from magnetic stripe (magstripe) and proximity (prox) to high-frequency contactless smart cards continues, universities also will move campus IDs onto smartphones and other mobile devices using systems that can manage multiple ID numbers for multiple uses on multiple platforms.
- Federal government:Government-wide upgrades to new, more secure access control technology will extend beyond the desktop to the door, using both cards and mobile phones, and rigorous secure issuance requirements will drive the growing need for certified and approved printers.
- Government ID: Worldwide demand will grow for end-to-end, highly secure government-to-citizen ID solutions, along with small-footprint, industrial-strength printers that combine flexibility and security, reduce infrastructure investments, and maximize throughput.
- Transportation: IP-based access control will grow in importance across the transportation segment, improving security by integrating a physical access control system (PACS) other solutions on the same network. Meanwhile, biometric systems will offer an opportunity to increase security and profits in both commercial and personal transportation applications.
- Enterprise: Organizations will increasingly need to improve security at the door, for their data, and in the cloud, and will move to converged solutions while simultaneously accelerating the move beyond passwords to strong authentication across numerous physical and logical access control applications.
- Retail:The biggest focus will continue to be defending against threats such as those experienced by Target Corp. and other major retailers. Other growth areas include mobile IDs, Internet of Things, integrated biometric authentication, brand protection solutions that validate the authenticity of goods, trusted “proof of presence” applications for digital out-of-home (DOOH) media campaigns, and instant issuance solutions for branded credit and loyalty cards. — Contributed by Selva Selvaratnam, senior vice president and chief technology officer, HID Global
Unlike the IT world and to some extent the video surveillance market, access control has been very slow to adopt standards to allow for sharing of protocols and interfaces —important steps for any kind of true integration or unification. However, in recent years, three organizations have stepped up to the plate with potential industry-changing standards — some with more success than others.
These efforts are widely praised as laudable and important goals. But those most affected by them — manufacturers and integrators — almost universally agree: they aren’t there yet. And one of the biggest reasons for that is that none of them, by design, can go deep enough to have the kind of impact necessary. And the attitudes in the access control industry are such that they aren’t likely to any time soon. Manufacturers used to proprietary sales have a hard time giving up the recipe to their "secret " sauce. But until they do, only certain components of the system are covered by the standard. This might make them weaker when it comes to the actual integration. The question is what impact are they having on the market now, and how long before they will truly be a factor in sales and installations at the integrator level?
Let’s look at the three main standards and what they are trying to achieve:
ONVIF— Profile C enables basic door control functions such as door monitoring and control and also provides the interface for these functions to be integrated with a video management system. ONVIF is also developing a new profile that will expand the functionality for access control, targeting the most common functions used by standard security users such as HR and security personnel.
“ONVIF’s role in the access control space has been to find the basic commonalities of the different offerings and provide an option for interoperability that meets the needs of a majority of users,” says Chairman Per Bjorkdahl.
PSIA— The working group called Area Control has a profile that deals specifically with access control that allows them to be easily configured with security management systems. In addition, their new PLAI specification synchronizes physical and logical identity management and access control and standardizes functions that typically have required custom programming to achieve.
“It allows disparate systems to communicate in a common language,” says David Bunzel, executive director. “It would be like someone speaking French and someone else speaking Spanish. We are the translator in the middle.”
OSDP— This is the communications protocol that allows peripheral devices such as card readers and biometric readers to interface with control panels or other security management systems. Now part of the Security Industry Association’s (SIA) Access Control & Identity Group, OSDP was started by major manufacturers looking for a replacement for the aging Wiegand protocol.
“We are supporting OSDP within SIA that is defining an open protocol link between peripheral devices and control panels,” says Frank Gasztonyi of Mercury Security, who is also chairman of SIA’s OSDP working group. “That standard had a very nice intro to the industry at ISC West in 2014 and now over a dozen companies actively support it.”
When asked about these access control standards, manufacturers and integrators vary in their response to them. To read how they feel about them, visit www.SDMmag.com/StateoftheMarketSeries.
“As an industry we like to talk about standards but not do anything substantial about them,” says Christopher Sincock of DAQ Electronics. “We work with ONVIF. Certainly we are cognizant of OSDP. But I think it will be interesting when we start seeing real work towards access control controller standards. That will wake everybody up and make them pay attention.”
Some integrators find more frustration than help with standards, while others see them as a valuable resource.
“Is ONVIF really a standard?” asks Steve Piechota of Netronix Integration. “I hear camera manufacturers tell me something is ONVIF compliant but then you find out it isn’t the right level of ONVIF.”
This is because, at least so far, none of the standards have any teeth. There are no regulations or certifications to guarantee compliance. They are voluntary.
“I think industry standards are very important,” says KST’s Skip Sampson. “Right now we have to pay each and every time a client wants an interface. Access control inherently drives so many processes inside a company and it costs us a lot of money. There should be a standard that makes it simple to integrate with third-party applications. That is a shortcoming of our industry and something that needs to be addressed.”
Integrated Security Systems has been selling OSDP for a couple of years, says Jeffrey Nunberg, president. “All of our customers have an interest. I think it is here. If you are not looking at it you missed the boat. I think integrators are doing a disservice by continuing to sell Wiegand.”
Mitchell Kane of Vanderbilt Industries says standards would be more important if there was better adoption. “Even with ONVIF there are like 47 flavors. Manufacturers don’t move as quickly as they could towards standards. But I doubt you will find anyone saying they aren’t a good idea.”
A big reason for manufacturer reluctance is the desire to hold onto the proprietary nature of their systems — or at least that part that makes them unique.
“Access control manufacturers build a lot of special goodness into their products that you can’t access through an open standard,” Genetec’s Elvish says. “To the manufacturer it doesn’t make financial sense to say, ‘Here is our secret sauce. Go at it.’”
But IT integrator Gavin Bortles of The Kepler Group sees that day coming. “ONVIF is kind of a suggested standard at this point. There will come a point where, just like the IT industry, standards may not be legislated but pretty much a given that you have to conform. That may be a dark day for security vendors because they like hooking their customers on product. Now they will actually have to win on performance instead of legacy. It will become a much more competitive industry based on true merit and software more than hardware.”
It is not that manufacturers all see standards as the enemy, but they have to make sense economically and competitively.
Rob Martens of Allegion says standards are a big focus for the company. “We think the only way to drive adoption purely from a financial and business case standpoint is end users need to know those investments are going to be worth it. Having standards in those spaces is critical to getting the best possible products combined with the best possible experience for the user. Because if we all go off and do our own proprietary thing, we will have some pretty average stuff. The market will reflect that. They won’t adopt at the same pace.”
Standards ultimately help integrators, Elvish says. “One of the things about standardization is it will open up the ecosystem. It makes sense to be able to choose Aperio locks from ASSA ABLOY, or edge devices from HID. For integrators this allows them to really expand their offering.”
Standards are in their infancy on the access side, Honeywell’s Marcus Logan says. “We are participating in both PSIA and ONVIF boards to help coordinate and drive these standards. I feel like they are still pretty far off from having systems you can grab off the shelf. OSDP might be a little farther ahead, written by Mercury and HID and handed along to SIA to be a non-owned specification. But I haven’t seen a lot of adoption of it. It still seems Wiegand is the preferred method of communication between reader and panel. As security needs go up and people want more secure communications it might be adopted faster, but we will see how those things shake out.”
What do the organizations themselves have to say about the timeline for adoption?
“By their nature, standards are consensus-based initiatives that sometimes take nearly a decade to be developed, brought to market and widely adopted,” Bjorkdahl says. “ONVIF’s timeline over the last six years has been relatively aggressive by that measure and we feel we have accomplished a great deal in that timeframe. Based on our growing numbers — more than 500 member companies from around the world and more than 4,000 conformant products available to the market — we are confident in the impact the ONVIF specifications have had and will continue to have on the market.”
Bunzel agrees that standards can be a long process. “Not only do we have to create the standards but we have to create the test tools to make sure everyone is doing it the same way. We have released the standards and a number of companies have implemented them. PLAI is just developing now. We will be releasing it beyond PSIA members in the coming months. One of our goals for 2015 is to focus on educating the integration market and helping create demand from that end. Standards save money. They don’t provide revenue, so we need to talk to the specifiers and integrators and get the customers to ask for it.”
Integrators are a practical lot, Gasztonyi says. “They are looking for the product that is most economically meeting the requirements they are bidding. Where we are going to be doing a good bit of promotion and raising awareness is how standards will benefit installations. SIA will take an active role, as well as PSIA and ONVIF. For systems that incorporate those standards, the future growth is going to be enhanced over systems that are built to the specific purpose to meet requirements and not necessarily more.
“For 2015 one of the main agenda items for the OSDP working group is to develop a set of functional profiles that devices they can claim they are conforming to. If the device has a basic access control reader, instead of implementing 100 percent of the messages defined by the spec, they can define a more restricted set that can be tested to and evaluated. SIA has contracted an independent consultant that can develop a test tool. PSIA already has test tools. That is part of the normal evolution. We are going about it a bit slower, but we are doing what we can.”