Guards are not always necessary with Web-based access systems, but they can provide additional verification of employee identities.

Web-based access control systems come in several different types. One type is a complete, hands-off system that is run by a security dealer, systems integrator or manufacturer. Another type is one in which the end user makes changes and operates it from anywhere the Internet reaches.

Some systems have Web pages at which customers notify service providers, who can be security dealers, systems integrators or manufacturers, of people who should be added or dropped from the access database. The service provider then makes the change to the database directly.

“Pretty much every [manufacturer’s system] has the ability to access the data through forms on the Web,” declares Scott Deininger, regional general manager, Ingersoll Rand Security Technologies, Carmel, Ind. “That’s just basically allowing customers to utilize space on a system outside of their location, usually from some type of service provider, that would allow them to change categories, time zones, data such as names, information, maybe even credentials via forms on the Web, but that’s really not accessing the application.”

Several manufacturers have added Web servers and pages to interface with their standard access control systems and provide Web-based communication capabilities.

Ken Durocher, vice president of Advanced Video Surveillance Inc., Fairfield, N.J., operates Web-based access client software.

A higher level of system gives the end user access to the actual database and software of the system to make changes.

“The entire interface, whether locally or connected through the Web, is all Web pages, so the entire interface is through the Web,” explains Patrick Barry, vice president of sales and engineering for Touchcom Inc., Bedford, Mass. “The interface, whether local or remote, is exactly the same.”

 At a third, higher level, access is provided to the database, software and hardware, so the dealer/integrator can correct malfunctions of the hardware without a service visit to the server’s location.

“There are some advantages to having the hardware Web-accessed, especially for us as an integrator,” Deininger points out. “If we can get to the hardware via the Web, that saves a lot of road time going out and diagnosing the system onsite and allows you to upgrade the firmware.

“The biggest difference between the second and third levels is you can turn over the administration of the system to third parties,” Barry maintains. This means the firm managing a multi-tenant office building can have the access system for each company managed by the company itself.

“The reason you would do that is they’re actually the ones that have the information in the first place, so you eliminate a step in the process,” Barry notes.

Deininger points out that Web access frequently involves penetrating firewalls. “With any positives, there’s always a negative,” he concedes. “Web access assumes you can get into and out of a customer’s firewalls. The bigger the customer, the more constraint they have on that.

“If you’re dealing with an IBM or Fortune 500 company, sometimes access through firewalls is very difficult,” he admits. “If you’re dealing with a medium-size or single location business, that sometimes is not necessarily an issue.”

Matrix Security Group, Wilmington Del., is having success with a system whose manufacturer handles all the software. Customers make changes directly to their database, which is on the manufacturer’s server.

“They’re absolutely loving it,” says Philip Gardner, Matrix’s executive vice president, about the system. “It happens to be a big seller and is very popular with the customers. The ease of operation, the flexibility, the ability to access through the Internet from literally any location — if you’ve got a site manager, he can pull it up on his laptop and make changes on the fly.

“It’s cost-effective — it allows the users to make their own changes so we don’t have to get in the middle of it,” he notes, adding that Matrix also can boost its recurring monthly revenue (RMR) with such a system.

The Web page a customer accesses can be customized with the dealer’s logo, and the billing can come with the dealer’s name on it. This means the customer never realizes that the service is being provided by the third-party manufacturer.

It also relieves the security dealer or systems integrator of having to maintain the system. The dealer/integrator pays the manufacturer for servicing the customer and maintaining their database and then charges the customer two or hopefully even three times what it pays the manufacturer.

Initial Electronics Inc., Alsip, Ill., sells its customers a Web-based access system in which everything is handled by the manufacturer.

“Assign an IP address, and you’re off and running, and it’s done from anywhere,” says Ken Shoemaker, Initial’s service manager, about a customer. “This guy can sit at home, and as long as he can get online, he can program it without any problem. We never did any of the programming ourselves.

“There is a drawback, because it’s not cheap to run it,” Shoemaker concedes. “It can be pricey, but you don’t have to keep dealing with hardware upgrades. It’s like an insurance policy — all that information is stored offsite.”

Among the systems and services employing some form of Web-based access control that are sold by the security dealers and systems integrators interviewed for this article are ones from AMAG, Bosch, Brivo, Kantech, Schlage and Viscount.


ADT Security Services, Boca Raton, Fla., offers its commercial customers two options. The first is a Web-hosted access system similar to the one Initial Electronics offers in which the manufacturer fully manages the system and ADT resells the service under its brand name to the customer. ADT’s version of this system has several features exclusive to ADT, one of which includes video integration.

The second option ADT offers is a Web-based access system the customer manages. “Web-hosted has a scaled-back list of features, whereas the managed service is a regular enterprise access system that has the full bells and whistles,” explains Lisa Ciappetta, ADT’s director of commercial marketing.

Dan Cosgrove (left), systems design and sales consultant, and Ken Shoemaker, service manager, confer on the Web-based access system used by Initial Electronics Inc., Alsip, Ill.

Customers who need to handle a variety of card formats because of legacy access systems still being used or who need anti-passback, elevator control or other special systems may need to use a Web-managed service they can handle themselves.

“The architecture of Web-hosted service doesn’t allow all the different kinds of considerations,” Ciappetta notes.

“A lot of the customers that we do entire service for are those often larger companies that have outsourced their IT department and don’t really want anything to do with managing software or managing Web connections, and may not have an onsite loss prevention or security person to manage the system,” Ciappetta reports.

One ADT Web-hosted customer is an insurance company with two buildings and more than 8,000 employees. “They’ve outsourced every bit of it,” she relates. “They have decided security is not their core business and want to spend time on insurance. It’s a matter of preference.”

Advanced Video Surveillance Inc., Fairfield, N.J., installs Web-based systems for customers that the customer owns and operates themselves. The company also offers Web-based access systems they operate for customers.

“What we offer is we run a centralized Web server, and our customers with sites that don’t require a security guard to monitor can log into the Web site, and from anywhere, any computer in the world, add and delete cards, run history reports, do things like that,” explains Michael Riotto, vice president. “The transmission to the panels can be encrypted through the Internet or we can do it through phone lines.

With this Web based access control system, technicians can do remote diagnostics and software upgrades from any personal computer.

“Initially, they pay us a recurring fee to use space on our server — a monthly charge,” Riotto relates. “They’re using standard Web browsers, like Internet Explorer. I run the software out of my office, but they don’t need to purchase any of it. It eliminates their need to purchase the equipment up-front.

“They don’t have to worry about upgrades or backups,” he declares. “We automatically provide all those services. We back up the databases and keep everything up-to-date with the latest service patches.”

Among the customers for Advanced Video Surveillance’s hosted system are apartment buildings. “The way our system is designed, it fits people who aren’t going to be requiring live monitoring of the system,” Riotto points out. “If you need a security guard sitting there seeing who’s coming and going, then a Web-based server doesn’t fit their needs well.”

Data is sent to access control panels in the system at preset intervals. “If they added a new employee to the system, the new employee is sent immediately to the panel, but we’re not in constant communication,” he notes. “It doesn’t keep updating live as its goes.”

One municipality that owns its own Web-based system has separate access systems for the town hall and police, fire and public works departments, but a single database for all is accessed on an internal network through the police department. Each department’s access privileges only relate to its department.

The same type of system is installed at a school district, where each principal of eight separate schools can make changes relating to his or her school to the district’s central database, which is stored at the school board’s office. It uses only an internal network, but the system can be connected to the Internet at a later date if the school district so desires.

Another school that is an Advanced Video Surveillance customer saves money by just buying a software license for the custodian to remotely unlock and lock doors.

“We have other customers who have opened to the outside, but securely from a VPN (virtual private network),” notes Riotto. “So someone can connect to the school network from their house, but it’s like you’re at the school, not at a remote location.”

Custom Alarm/CCI, Rochester, Minn., uses a Web-based access system that the customer owns and operates themselves.

“We’re basically a rural company, so we might have a customer 80, 90 or 100 miles out,” explains Leigh Johnson, Custom Alarm’s president/CEO. “So for us to send a service person out there to do a service call that may be just changing some things in their software or whatever, this truly has been a great help to us to have it Web-based, and our customers love it too.”

The system his company uses enables his technicians to make adjustments with the client on the Web. “First of all, they don’t have to pay to have a service person out there,” Johnson points to as an advantage of the Web-based system. “Second, if they have a problem, we can always go right online and walk them through the problem, as if we were standing there right next to them.”

His company installed a Web-based access system for a small telephone company located approximately 60 miles from Custom Alarms’ office that had 28 offices throughout Iowa, Minnesota, Wisconsin and Michigan.

“We did the installations because we knew the equipment worked very well, and we could help the customer manage their own system just like they do their telephone systems,” Johnson declares, adding that some of the locations are unmanned sites.

“I would say 65 percent of our access sales are Web-based — we’re keeping ahead of the curve,” Johnson declares. “We have people onboard here who can handle all the problems. You have to have people who are knowledgeable in the network. I’m getting more and more people who are network-savvy in my organization because there are so many more things getting networked.”


Custom Alarm derives RMR from service contracts. “The service contract is system management — they’ll do the basic stuff and have us do a little more of the difficult area,” Johnson says of customers.

“I have one system we take cardholders in and out and change those things, and they pay us a nice healthy fee,” he explains. “I’ve got a financial institution — we do all the badging throughout the upper Midwest.

“One of the levels would be basic support as well as service on the equipment, and then the next level is the management portion of it,” Johnson notes. Custom Alarm charges a fee per card and per month. Service after that is on an a la carte basis.

Steve Haselhorst, president of Associated Engineered Systems Inc., Hazelwood, Mo., can operate the Web-based access control system his company uses from a computer anywhere.

Deininger estimates that approximately 15 percent of Ingersoll Rand’s access control jobs are Web-based. Probably less than 5 percent of the total access control jobs are at the third level of Web-based access, in which the hardware can be accessed from the Internet.

Blue Mountain Technologies Inc., Vancouver, British Columbia, estimates cost savings of up to 50 percent using a Web-based access control system.

“Most business is repeat with customers who no longer accept old control panels with Windows GUI software,” maintains Steve Leach, president of Blue Mountain Technologies Inc. “Our technicians can do remote diagnostics and software upgrades from any PC.”

“The combination of IP devices and Web software allows central station hosting of hardware — a true Web service approach,” Leach emphasizes. “The benefit is in eliminating control panels. Everything from programming to hardware is going IP.”

For recurring revenue, Leach finds it easier to sell software and hardware maintenance contracts with a Web-based system as well as card programming services.


If a customer’s access to the Internet is restricted by a failure of their network or an emergency, Web-based access systems continue to operate securely.

Only the remote functions, such as updating the database or remotely unlocking doors, is delayed until Internet access is reestablished. Some systems can operate just on a client’s network and do not need the Web to operate. That is the case with Leach’s basic system programming, which can still be done locally via an Ethernet.

Web-based access control systems allow visitors to be entered into the database through the Internet.

Whether customers feel that Web-based access systems are secure enough varies. “From a security standpoint, some facilities managers and some security directors may not feel secure enough to have a Web-based system,” maintains Joseph Gallagher, Matrix’s vice president of sales and marketing.

Dan Cosgrove, systems design and sales consultant for Initial Electronics, recalls one customer who was concerned about security. “I have heard some concerns,” Cosgrove concedes. “The one time I had an objection was from an IT person expressing reservations about it being accessed through the Internet.”

But Cosgrove adds that manufacturers strive to have secure Web sites and use 128-bit encryption for communications.


“I definitely think the trend is to go toward Web-based access control, so it makes it much easier to access properties, make changes, add or delete cards, or pull reports, as opposed to going through a client’s software and a company LAN or WAN system,” agrees Gallagher.

Cosgrove sees Web-based access control systems as currently occupying a niche. “I’m not sure it’s going to be overtaking or capturing a whole lot of the good, historically traditional access control systems, but again it is a defined niche that may appeal to certain applications,” Cosgrove says of Web-based systems.
“As far as taking over traditional means, I haven’t seen that as of yet, although there’s a lot of great things about access anywhere in the world as long as you have the Internet that is going to take a little time for everybody to warm up to,” Cosgrove states.

“They’re definitely growing in popularity,” says Riotto of Web-based access systems. “A lot of managers travel between multiple offices. Just because you’re not physically at one location, you can manage it from wherever you are.”

Ciappetta thinks Web-hosted systems in which everything is taken care of for the customer and Web-based systems the customer owns and operates are on the rise.

“With the capability of the Internet, it’s kind of opened everyone’s horizons and brought the benefits of access to people that probably wouldn’t have bothered to do it before, because they wouldn’t have the IT personnel and wherewithal to keep it running,” she comments.

The advantages of each type of system appeal to different customers. “Sometimes a customer would rather not pay an annual fee and takes on the responsibility of managing it themselves,” she relates. “In other cases, they understand they will be saving over time on the same-sized system.

“Managed service is probably cheaper in the long run,” Ciappetta thinks. “You just don’t need the personnel and expertise from a computer standpoint. I think more and more companies are looking to outsource it.”

The majority of ADT’s business is still traditional access control, she declares. “But the percentages of the Web-hosted and managed are moving up,” she maintains.

Ciappetta points out that IT training is crucial for installing Web-based access systems. “I think that it’s important that anyone who is installing these systems make sure they have given their field personnel the IT or IP or network training required, because in a traditional security environment, sometimes that is not something an installer may have encountered before or had to deal with,” she notes.

“We’re really kind of pushing it to property management companies, where they have difficulty getting connectivity to multiple property sites with multiple systems,” Gallagher points out. He emphasizes that Web-based access is particularly helpful for customers with multiple locations.

Ken Durocher, vice president of Advanced Video Surveillance Inc., Fairfield, N.J., checks terminations for a Web-based access system on a network-based field panel.

Sometimes Web-based access systems are more complicated to install than traditional access systems. “Once our technicians learn it and go through a couple of installations, they’ve been fine with it,” Gallagher asserts. “It’s a little more training from a traditional technician’s standpoint.”

Shoemaker of Initial surmises that in the future, it may be possible for companies with multiple locations to administer their access system from one location. They would simply send access control panels to their multiple company locations and have people there install and link the Web-based access control system.

Deininger explains the reasons for customers’ preferences for different types of Web-based access control systems, and he thinks their size is not the only reason.

“It depends on the type of customer,” he theorizes. “If the customer you’re dealing with is a service-based company, where they’re outsourcing services, they typically want someone to manage their entire system. If they’re a manufacturing company and they control their destiny, whether the largest or the smallest, they like to have the control,” he maintains.

“So I think each one of those offers a unique solution to a different customer set,” he declares. Leach of Blue Mountain is optimistic about the future popularity of Web-based access systems. “They are the future of security,” he predicts.

Sidebar1: Adding a Web-based Overlay to Access Control

A type of Web-based access control that is in a category mostly by itself acts as an interface with existing access systems to convert them to Web-based control. Called OneFacility, it also can be used to provide a single interface for a variety of access control systems.

“There’s an added overlay, which is OneFacility, but you have to weigh that against the administration that you save in not having to manage two systems,” points out Patrick Barry, vice president of sales and engineering for Touchcom Inc., Bedford, Mass.

OneFacility is an ASP suite of more than 26 Web-based applications for building and facility managers that drive building systems and provide real-time, interactive communication between property management, tenants, security, engineering, leasing and vendors.

It encompasses most building functions besides access control and has particular applications for building management, Barry notes.