State of the Market: Access Control 2017
This year’s story on access control is one of disruptors, drivers and deciders.
The March to Standards
One potentially hindering factor on the access control market, particularly as it plays more deeply in the IT space, is the lack of cohesive standards. At least three organizations are actively pushing for standards at different levels: SIA’s OSDP (Open Supervised Device Protocol); ONVIF’s access control profiles; and PSIA’s PLAI (Physical Logical Access Interoperability).
“The industry realizes they have to embrace standards, especially as they have IP products,” says David Bunzel, executive director, PSIA, Santa Clara, Calif. “PLAI was initially about physical access control systems (PACs), but it has expanded significantly. The synchronization between disparate PAC systems was one of the first use cases. Since then we have addressed issues of building management.” In the past six months they have also addressed cybersecurity, he adds.
With large end user customers such as Microsoft as one of the driving forces behind PLAI, the standard has gained traction and while he couldn’t disclose yet which one, Bunzel says one of the “big three” access control manufacturers will soon be announcing a native implementation with PLAI. “That is a big deal and will hopefully spur the others.”
Robert Hile of Securadyne Systems was a founding member of PSIA, he says, and is happy to see it move forward. “It is a good thing for the market that end users are pushing for it and clamoring for more and more open standards. All these things speed up deployment, lower cost and facilitate hosted and managed.”
OSDP will drive a lot of these new technologies forward, predicts Matt Barnette of Mercury Security. “One of the pain points customers overlook is when there is an update to firmware how are they going to update those in the field? The traditional method is to walk around to every reader. OSDP allows us to send it down to the panel and update the firmware. That is going to be critical to the adoption of some of these new technologies…. Encryption between the panel and reader has kind of been the missing link.”
HID is another one of the drivers behind OSDP, says Brandon Arcement. “We need a way to manage the lifecycle of the business, which is currently disconnected and requires ‘sneaker net’ to make changes. That is why we put our weight behind that. We are seeing more and more end users and channel partners see the value and adopt it at an increasing rate.”
Brivo’s Steve Van Till chairs the SIA Standards committee. “OSDP developed under my administration and I am happy to see it taking off. We hope it will be the replacement for Wiegand for the next 25 years.”
The industry needs standards to set “a unified language and agreed upon set of behaviors,” says Jonathan Lewitt, chairman, ONVIF Communication Committee. “This alleviates the pressure on manufacturers to continually manage this interoperability on a one-on-one basis. As a result of ONVIF and other standards, manufacturers can focus instead on enriching the solutions and experience for their customers. This means that systems integrators and customers benefit not only because they have more flexibility, but also because the products they are purchasing can have expanded functionalities.”
Integrator Chuck Engelmann of Envision Technology Group agrees. “I think standardization of protocols, products and languages is a huge, huge factor in the business. It is critical for customers to have a system they are not necessarily locked into. It gives them greater flexibility to use products best suited for the application.”
Are We Really Still Talking About Proximity in 2017?
According to Dean Forchas, consultant relations manager with HID Global, standard 125 kHz cards are actually more expensive to produce today than many of the smart card replacements. With so much information out there on the insecurity of standard proximity and the cost of higher security alternatives so low, why is proximity still so entrenched?
There are several reasons. For many years proximity was the gold standard in access control and there is simply so much of it out there it will take time to replace it all. For enterprise customers who can have tens of thousands or more cards and hundreds or thousands of readers, it can be an expensive prospect.
“Proximity is extremely simple and compatible and the user experience is phenomenal and can’t be matched,” says HID’s Brandon Arcement. “Prox is still viable. For each end user to evaluate the risk versus convenience and cost [takes time].” But the message is getting out there.
“We have a huge upgrade order from one of our global partners that was using 125 kHz cards and they have 27,000 cards deployed and 125 readers on the wall,” says RS2’s Gary Staley. “Security was aware that there were newer, more secure technologies, but they had no budget to change that many cards and readers, until the IT department saw some YouTube videos about how unsecure that card is. Now magically they have a wide open budget to replace them.”
It doesn’t always go that smoothly. Many integrators report demonstrating for customers how easily proximity is copied, but in the end they still decide the benefits outweigh the risks.
Still, Forchas says HID saw a record number of upgrade projects last year driven by those vulnerabilities. At a recent technology conference he outlined the four main ways end users can be upgraded as economically as possible:
Rip and replace. This is the fastest way and is almost the least amount of money, but isn’t always practical. It is most often done by smaller organizations.
Change the readers first. Multi-technology readers allow users to change at a slower rate while introducing the new cards to the population at their own pace. However, they don’t get the full benefits of the system until it is completely finished.
Change the cards first. This gets done more quickly but is a more expensive option.
Do both at the same time. This is the most expensive option, but often the most convenient.
He also recommends integrators propose a “shell game” to get even more business. “The shell game is when you switch the existing proximity readers to doors that are low security (but weren’t secured or only had a hardware key), while putting the higher security readers on the original doors.” This allows the end user to secure more doors with electronic access control, while still working towards upgrade, just by using their still working proximity readers on a different door. “It raises the bar for strategy by thinking through and maintaining some of the client’s existing infrastructure,” Forchas says.
Anixter’s David Cronk agrees that the proximity upgrade represents a big opportunity for integrators. “Today most access control systems are still using unsecure proximity card technology that can easily be compromised. Integrators have an incredible opportunity to upgrade these systems with multi-technology readers, which can read both legacy proximity cards and secure smart credentials. Once the migration to secure credentials is complete, the proximity technology in the reader can be disabled. This is a multi-million dollar opportunity just waiting to be captured.”
The R&D Tax Credit: A Tax Break for System Integrators
The most recent reports show the global systems integration market is set to grow exponentially over the next few years. However, while the need for such services is clearly expanding, the real question will be if there is enough technical talent here in the U.S. to keep up with the increase in demand.
Considering an already well-documented shortage in STEM talent — and the higher competition for workers that follows within a shallow labor market — these questions and issues are what preclude industry executives from a good night’s rest.
Recognizing this trend, Congress has sought to stay ahead of the curve by strengthening and expanding a premier tax incentive for systems integrators — the Research and Development (R&D) Tax Credit. With expansions made as recently as December 2015, the R&D Tax Credit has evolved through the years into a major anti-outsourcing initiative to help American businesses stay competitive against the growing number of foreign entities landing on U.S. soil. Designed to reward systems integrators for their ingenuity and hiring American STEM workers, the credit offers significant tax savings for a company’s daily, technical activities.
As it relates to systems integrators, the improvements these companies make to enhance the efficiency of a systematic process — be it integrating multiple systems to improve the security of a facility; the design, programming and configuration of an access control system within a commercial building; or performing system level tests and evaluations to ensure solutions achieve all performance and functionality requirements — will traditionally qualify for the credit. As a wage-based incentive, generally the more technical employees a company has, the better the tax rewards will be, with the salaries of those workers driving up higher credit results.
What does the R&D Tax Credit mean for systems integrators at large? Simply put: greater innovation, faster growth and more skilled workers.
Qualifying for the credit means companies will save more on their annual tax returns, meaning more dollars for systems integrators to reinvest back into their workforce. This means more on-hand capital to hire, attract and (in many instances) retain workers, leading to better services and more dynamic and innovative businesses. In the end, this will lead to more competitive companies, a stronger economy and fewer sleepless nights for industry executives.
The R&D Tax Credit has the potential to change the direction of the systems integration industry. Executives would be wise to further educate themselves and explore their options for capturing the valuable tax dollars to which they are entitled. — contributed by Tracy Lustyan, managing director and system integration team lead & Justin McAnally JD, senior associate director – alliantgroup.
“State of the Market: Access Control” presented here is part three of a five-article series to be published throughout the year. The series will also address the topics of Video Surveillance (February 2017), Security & Monitoring (March 2017), Fire Alarm (May 2017), and Connected Home (August 2017). Each article will feature additional content that is available online only at www.SDMmag.com/StateoftheMarketSeries.