The business world has changed dramatically since the pandemic, and a big part of that transformation is more acceptance of cloud-based services — including cloud-based access control.

“Whether from COVID or not, we’ve seen the adoption rate for cloud in the U.S. increase dramatically over the last three years,” says Steven Turney, security program manager at Schneider Electric, Boston. Part of the switch is a deeper customer understanding of cloud’s capabilities and function. “People have become more comfortable with it over the years as they realize it is secure,” he adds. “Data is not just freely seen in the cloud; it’s secured and encrypted.”

Security manufacturers and integrators say that customer adoption rates for the service have boomed in recent years as more educated end users discover the benefits — from anytime-anywhere access to long-term cost savings.

For their part, integrators like cloud-based access control for ease of installation, recurring monthly revenue, and as a way to solidify customer relationships.

“On the mobile side, (we have) the ability to configure all customer sites on any device, anytime and anywhere,” says Brach Bengtzen, director of marketing at Prodatakey (PDK), Draper, Utah. “Another benefit is how easy it is to train end users. … Also, the RMR stream helps them boost the value of the company. Putting customers on a contract means you can develop a relationship with them and get return business.”

Statistics reflect the growing interest in cloud-based systems. London-based technology research firm Omdia projects a 15 percent annual growth for access control as a service (ACaaS) from 2022 through 2026, and 30 percent for physical security as a service (PSaaS) for the time period.

And in the 2022 SDM Industry Forecast, 72 percent of respondents said they offered managed/cloud-based access control, making it the top service currently offered.

Most of this growth is coming from demands from customers themselves, who are more educated about cloud benefits today than in the past, says Nick Friesen, product manager, Freedom/Liberty/Enterphone at Identiv, Fremont, Calif. “Customers and end users have become more knowledgeable and comfortable with networking and cloud concepts, and this has pushed PACS (physical access control systems) providers to provide more solutions that fit within these new environments,” he says.

Integrators on the front lines report a steady increase of customers leaning toward cloud-based access control solutions. “Hosted access control is close to 15 percent of our overall project revenue,” says Jeff Sweeney, general manager, A+ Technology and Security Solutions, an integrator based in Bay Shore, N.Y. “It has slowly been increasing and we expect it to continue to grow as users’ expectations for smart phone apps increase.”

These services are becoming an easier sell for integrators compared to traditional on-prem solutions. “More and more, we are hearing customers preferring cloud-based systems,” Sweeney says. “When the options are explained clearly, it’s fifty-fifty these days.” The trend produces “happier customers,” he says. “With cloud generally comes ease of use and less bugs and downtime. … They don’t need to worry about keeping their software up to date and having vulnerable equipment on their network that puts them at risk.”

building access control

From pure access control to visitor management, data analytics, mobile credentials and ID management, today’s cloud-based access control systems provide a range of features that go well beyond opening and closing doors. // IMAGE COURTESY OF BRIVO


What’s Different Now 

Over the past 20 years, customers may have been reluctant to pursue cloud-based installments because of concerns about data security, says Steve Van Till, founder and CEO, Brivo Inc., Bethesda, Md. Coupled with the security industry’s inherent conservatism, cloud adoption was slow. But these concerns were, Van Till says, “More fear factor than reality. There are more hacks per server in private systems because cybersecurity there is sloppier; they don’t have full-time people just working on protecting the access control system in a shared office space. Online systems since then, whether cloud access or video, have a better cyber protection profile than any privately owned systems out there.”

Sebastiaan van Ineveld, product marketing manager for Genetec, Montreal, agrees. “For a long time, there was much hesitation toward cloud because of privacy and security, but now customers recognize there are many advantages,” he says.

Only six years ago, integrators still had to try to sell end users on the value of cloud, says Jim Pinto, principal at Key Security Designs Corp., an integrator based in Orinda, Calif. Today, the company only has about two accounts that are traditional on-prem solutions; the rest have cloud-based products. “From a total sales perspective, access control makes up probably 65 percent of our business,” he says. “Of that 65 percent, 97 percent is cloud-based access control.”

This changed as customer education increased and people learned what cloud actually does; concerns about security have eased, especially after a system is deployed. “They can see from experience that updates go out and provide better scenarios for customers; they can look back and say maybe cloud is the best thing,” Pinto says. “This explains the increase in cloud adoption compared with six years ago. Things are drastically different. We had to sell people on why it was important. Now we don’t have to do that.”

Part of the shift from on-prem to cloud-based access control is due to increased influence of business’s IT departments in defining their security policies, including making product decisions. “Many of the IT departments we work with are anathema to housing access control servers and related equipment in their IT rooms,” Pinto says. “It takes up space and power and dictates granting access to vendors in these rooms for system supports. None of this is popular with IT directors.”

Another growth driver is the much bigger shift toward mobile capabilities, whether it’s customers being more familiar with apps, or the security industry acknowledging that subscription structures are a big benefit, Bengtzen says. “People are beginning to see and understand what value they get from this subscription; people are seeing they get automatic updates, can control wherever they are, (and that) with maintenance agreements come better relationships with our partners and better tech support,” he says. “All this comes as a value to the dealers and to end users. It’s the reason why people are making changes toward this. On-premises is not up to date with the times.”

High demand for remote capabilities due to COVID-19 helped jump-start adoption as well, van Ineveld says. “The market is getting more comfortable with access control as a service solution because people are more used to remote work, they are also more used to having solutions which are based in the cloud.”


How They’re Using It

Cloud-based access control not only makes it easier for integrators and end users to control their doors; it also provides the opportunity for new uses and quick deployment across the enterprise.

“Cloud-based access control makes it possible for security solutions to be deployed into all spaces, more easily and cost effectively,” says Peter Boriskin of ASSA ABLOY. “The advantage of the cloud’s ability to remotely maintain access control uptime, help restore operation and secure system and audit trail data is a key selling point. Consider situations where a power outage could knock out an internal server system, causing people to be locked out and potential data loss versus the reliability and assurance of a cloud-based system’s uptime.”

Alex Burinskiy, director, product security, ASSA ABLOY Opening Solutions Americas, adds, “We’re seeing a continued uptick in the number of residential buildings requesting cloud-based access control. Along with being a more secure way for keeping track of who’s where and when, the resulting data is also now being more widely used to manage things like adjusting air temperature in a room based on occupancy. If data shows that someone is in a room between 2 and 4 p.m., we can program heat or AC settings and timing appropriately to turn on an hour before people arrive and shut it off after they’re scheduled to leave or typically exit. That data, which can also be used to control timing on lighting controls, can potentially result in significant cost savings. These are benefits that can apply to a variety of settings and applications.”

In verticals like education cloud-based access control systems are huge, especially in the K-12 realm, says Richard Goldsobel of Napco. “Previously, school districts would not budget for recurring payment for access control,” he says. “But because of more options getting past network IT problems, more schools are adopting RMR models to get access control for convenient lockdown and everything else we offer in an enterprise system.”

The market is increasingly headed toward a system where an entire project, hardware and all, is a SaaS sale going to an RMR model, says Steven Turney of Schneider Electric. This means the end user is completely reliant on the integrator — “and not in a bad way; it’s the scope they wanted,” he says. “If they need a card changed in the system, the end user doesn’t do it, the integrator does it for them.”

Turney describes a situation where a cloud system enabled the integrator to work quickly to correct an element of a deployment. In the middle of a project, the integrator had to integrate an elevator system. The manufacturer had made a change to their driver and didn’t tell the end user. Since the integrator did all the development in the cloud, they were easily able to update it and put it into production in three days.

“We’re finding new ways of using systems, a big shift from a security system to being a business enablement system,” says Steve Van Till of Brivo. “In co-working and flex work situations, integrators are seeing more end users using it to reserve rooms and control HVAC systems. “It’s more a pull than a push from integrators.”

Cloud-based systems are especially useful for functions like logistics. For example, cloud-based access control systems can enable successful “dark delivery,” in which restaurants and other retailers shift delivery schedules to overnight hours for increased efficiency, allowing them to monitor access and maintain systems throughout the enterprise. “If it’s running at scale with several thousand restaurants, the business needs an access control system that works with a nationwide network,” Van Till says. “Anything less means it’s a balkanized solution. Cloud is the only thing that enables national and international logistics optimization to grant permission, monitor access, and maintain dark delivery services — from passing around a key to a more intelligent and secure way to manage who’s coming in.”


Big Benefits for End Users 

For end users of any size that are transitioning from on-prem to cloud-based access control, the benefits are myriad. “For end users, the cloud breaks down the barriers to access,” says Peter Boriskin, chief technology officer at ASSA ABLOY, New Haven, Conn. “For businesses with just three doors, it is now affordable to integrate access control thanks to the cloud. For larger buildings, it is making the cost of installation and operation far more affordable. Those are both meaningful changes in the marketplace.”

Van Till adds, “Cloud systems offer better features than traditional and better connectivity to other platforms,” including integration to property technology partners and business tech stacks.

Topping the list of benefits for customers are more features and scalability and a system that is easily adaptable to market needs — including number of doors, where to host access control data, and more, van Ineveld says. End users can deploy systems in virtually any remote location with just an internet connection to activate without needing to connect to a server. Cloud interconnectivity integrates access control with features like global ID card sync, active directory, and connection to HR systems tie access control into all of these, he adds.

Cloud-based access control enables facilities to manage access for residents, guests, students or staff in a variety of settings through an easy and secure web interface, Boriskin says. “That means administrators can update access rights anytime, anywhere, and from any device,” he says. “Instead of managing a whole system of servers and people to run and maintain them, you’re managing software and reducing installation to setting up locks, card readers, etc. That can be a huge time and resource saver.”

Cloud-based systems also significantly reduce system obsolescence because access control manufacturer software updates and features are more frequent, Pinto says. “Most only have one source of software, so it becomes ordinary to release the updates to all clients,” he says.

There’s a financial benefit, too: Because cloud solutions typically come with a subscription model, customers can move the cost for an access control system from a large upfront capital expense investment to an operational expense model, saving them money in the long term, van Ineveld adds.

This shift from capex to opex also brings with it potential tax breaks for the end user since it can be written off as an ongoing business expense, says Bengtzen of PDK.

Cloud-based systems also offer the advantage of gleaning more business insights from the data obtained from the access control system, van Ineveld notes. “Lots of organizations are not just looking at securing something; they also want to have benefits from it to learn how buildings are being used, how the systems can provide operational intelligence, which ties in with operational expenditures.”

And training is faster and easier in the cloud, too — a benefit for both end user and integrator. In the past, dealer training on software could take several days for customers to understand the system. “With cloud-based systems, the end user can understand how to run the system in 15 minutes,” Bengtzen says. “The dealer doesn’t have to do a lot of training on their end. You don’t have to roll truck to manually update the computer or access control system.”


The Future of Cloud-Based Access Control

Where is the cloud-based access control market headed? Our experts weighed in on what to expect in the near future.

More enterprise use: “When we first started, 30-door systems were typical. We’re going to see thousands of doors being done in the cloud. … When cloud first started getting used, it was viewed as being something for small or medium sized deployments. Prediction wise, we’re going to see more large enterprise customers adopting and moving security operations to the cloud, going outside the scope of access control. In Europe there is now a cloud-based fire alarm system. We’ll see the whole concept of cloud starting to apply everywhere, as is happening in the video industry.” — Steven Turney, Schneider Electric  

More integrator education: “With more and more customers becoming comfortable with cloud solutions and network-centric environments, the benefits of a cloud-based solution will far outweigh the hesitation of having off-premise data. This means that integrators will need to be versed in network standards and concepts and be able to troubleshoot basic network issues that will occur.” — Nick Friesen, Identiv

More use overall: “I don’t have a crystal ball, but it’s more of the same. Security follows the technology world, but generally is a few years behind. Cloud-hosted systems are prevalent in all aspects of business. The impact to our business is very positive in continuing the process we started almost 10 years ago. Predictable and profitable income and better support for our clients. A good recipe for success.” — Jim Pinto, Key Security Designs 

More opportunities: “We anticipate continued growth in cloud-based access control over the next few years. As more and more people realize the benefits it can offer, it will become the new norm. For integrators, this means increased opportunities with businesses of all sizes, that previously may not have been able to consider comprehensive access control The use of the cloud, as well as other technologies such as wireless and data-on-card, will be essential to bridge the infrastructure gap that many smaller customers have.” — Peter Boriskin, ASSA ABLOY Opening Solutions Americas 


Big Win for Integrators, Too 

“For integrators, especially small integrators, cloud-based access control allows them to provide a scale beyond their size,” Boriskin says. “Smaller integrators benefit greatly from cloud technologies since it allows them to take on integrations previously only considered at an enterprise level.”

The single major advantage for dealers and integrators in using cloud-based access control is getting away from the headache of installing software, especially in a Windows environment, says Richard Goldsobel, vice president of Continental Access, a division of Napco Security Technologies, Amityville, N.Y. “Our traditional access control products play in a Windows server environment, 10 and 11, for small locations,” he says. “But integrators need to install the software, worry about permissions, getting web series enabled. Cloud frees up dealers and integrators, which is a huge benefit.”

Ease of use is critical, especially in today’s tight job market where skilled technicians are at a premium, Van Till adds. “Because you’re not putting in a server, installation is quicker and you don’t need as big a skill set for technicians,” he says. “Now it’s hard to hire tech labor and there’s high turnover, so the ability to train people on a smaller set is a big benefit for integrators.”

Turney of Schneider Electric points out that speed of cloud deployment is a huge advantage. “An integrator can have a 5,000-door system up and running in about 45 seconds with cloud versus doing it with a server, which could require 20 to 30 hours of labor into the op team’s bucket,” he says. “It’s a huge time saver, and time equates to money.”

Pinto agrees. “It’s a much easier process for both new system installations and in particular, servicing clients,” he says. “Pre-installation configuration and population of databases can be done immediately and easily from any browser. The client can be included in the process. This is much more efficient and accurate than trying to configure in the field. From a service perspective, many if not most of support calls can be solved remotely. The amount of ‘boots on the ground’ and trucks rolling to customer sites is vastly reduced.”

Moving from a capex to an opex model also makes cloud-based systems an easier sell for integrators, as does simplified cloud installation, says Genetec’s van Ineveld. “They’ll spend less time configuring the system and (take) more time to look at how an access control system can provide real benefits for an organization,” he says. For instance, if a corporate headquarters has an access control system but its branches do not, a cloud solution creates a plug-and-play solution, enabling connection without having a server at each location. “[With cloud] there is more management of security compared to having a physical key,” he says. “There are lots of opportunities for system integrators to look at added values for the end user.”

And of course, for integrators there’s the monetary benefit of expanding their recurring monthly revenue (RMR) model — not only for the revenue stream, but for enhancing customer relationships and growing their business’s long-term value, Van Till says. “That’s how everybody in the alarm business worked, but until the cloud came along, there was no RMR with access, visitor management, badge printing, or video,” he says. “Cloud puts all other integrations in the same position to enjoy growing a business and selling it that alarm systems have always had.”


Screen

The advantage of the cloud’s ability to remotely maintain access control uptime, help restore operation and secure system and audit trail data is a key selling point. // IMAGE COURTESY OF ASSA ABLOY


Words of Wisdom 

What advice do the experts have for integrators about cloud-based access control? Simple: “Get on board!” urges Pinto of Key Security. “There are only a handful of vertical markets where cloud access control is not generally accepted.”

Boriskin of ASSA ABLOY echoes that sentiment, especially in light of the growing DIY security market. “Don’t get left behind,” he warns. “We are at a point in the adoption of the technology where every integrator needs to have access to a cloud-based solution they can offer. The DIY market is going to take up a lot of your business unless you can show true value and live up to the name ‘integrator.’ Someone can get on YouTube right now and figure out an IoT solution, even if it may be a sub-par solution. To shield against this, you need to partner with manufacturers who will help you show some true value in your cloud-based solutions.”

This manufacturer/integrator partnership is key, especially because of the undeniable learning curve involved in cloud-based access control. Integrators need a basic understanding of network communication and IP standards if they wish to remain competitive as customers become more cloud and internet savvy, says Nick Friesen of Identiv. “Getting ahead of this curve now will lay the groundwork for success in the future,” he adds.

Bengtzen suggests that integrators utilize manufacturers as a resource for information and training on cloud-based access control. Manufacturers can provide everything from free 101-type courses to discuss different types of hardware, to classes on how to sell the service and generate RMR. For example, PDK provides a regular live webinar for dealers on how to sell cloud, and why it’s important to end users. “Let us help you sell to the customers,” he says. “It goes back to utilizing the manufacturer because they know everything and pitch it every day.”

Turney agrees on relying on manufacturers’ expertise to get over the cloud learning curve and boost sales. “Don’t try to guess at the questions an IT department may ask you,” he says. “If you don’t know the answer, call the manufacturer and get the answer. … Don’t make one up because not only does it hurt your position, it can erode that trust, especially when you’re doing access control and security in a cloud environment.”

He adds that integrators also need to sort out how they will compensate their sales team when shifting to an RMR model. “Some of our integrators struggle with how to compensate around RMR because they’re not used to it,” he says. “Incentivize your sales team to capture multi-year renewals instead of getting them one at a time; bundling with even a five-year renewal up front and packaging it with a maintenance contract; doing a quarterly inspection or rolling a biannual training for the end user that you can bundle into the SaaS component to bring up the dollar amount and make it more valuable to the user.”

Once integrators select an appropriate partner, “Get to it!” Van Till says. “The longer you go without doing it, the more you’re missing out on RMR. … Some of our dealers did this 10 to 15 years ago. Time is of the essence.”