State of the Market: Access Control 2018
2017 was a very strong year for the access control industry, with many market forces working in its favor; 2018 and beyond looks even more promising
There is a frequently used analogy when it comes to the access control space, particularly at the larger, enterprise level: Big ships don’t turn around quickly or easily. For the last several years access control manufacturers have continued to innovate and promote new solutions and technologies (from wireless readers to big data, mobile credentials to cloud solutions, and more). But unless they were interested in being early adopters or living life on the “bleeding edge,” cautious end users seemed to adopt a wait-and-see attitude, for the most part remaining happy with their existing systems.
But this year, for the first time, manufacturers and security integrators that work in that space reported a refreshing change in attitude, and an increased interest in hearing about and actually buying and implementing new solutions to solve their pain points.
Jimmy Dearing, lead analyst for electronic access control for the research firm IHS Markit, London, U.K., says his company measures the access control market performance at a steady but modest 6 percent growth between 2016 and 2021. And SDM’s own research, the 2018 Industry Forecast Study (conducted in November 2017) also shows a relatively steady impression of the access control market with 75 percent of respondents describing it at the time as good to excellent, and 74 percent predicting the same for this year.
If responses from more than 30 manufacturers, integrators and other industry practitioners are any indication, share-of-revenue from access control may be picking up. Many reported business to be well above single-digit average, and some even noted access sales eclipsing video.
While a few did report a slowdown in construction, particularly in the office sector (something Dearing says IHS is also seeing), much of the market at the top end is based on retrofit or expansion; so those that were able to convince enterprise customers that it was time to move off the dime saw healthy growth.
“Business was definitely up in 2017 over 2016,” says Brian Thomas, president and CEO of Irmo, S.C.-based A3 Communications, an integrator that primarily focuses on the enterprise space. “We increased top-line overall revenue by almost 20 percent. As far as access control growth, that probably grew at a faster pace than even video surveillance.”
Bill Bozeman, CPP, president and CEO, PSA Security Network, Westminster, Colo. (featured on this month’s cover), saw similar indications from PSA members, who make up one of the largest security and audio-visual systems integrator cooperatives in the world. “Our percentage of growth was better than the industry norm, which is good for us and for our integrators,” Bozeman says. “As far as percentage growth it is real interesting. According to the big statistics, video is growing faster than access control and we have had that as well; but I will say that our access control percentage (last year) was high compared to video …. High-end integrators are doing well with access control, which has been a change for the better.”
Derek Arcuri, product manager for access control, Genetec, Montreal, also reported strong sales in the access control space. “We had another record year at over 40 percent growth in our access control product line,” he says. “Some of the reasons why are the confidence from larger sites that share our vision. More and more, customers are starting to see the value in distributed architecture with cost-effective appliances.”
Another approach that has gained traction in recent years is that of non-proprietary systems. This was helpful for open-source hardware manufacturer Mercury Security, whose growth significantly outpaced the industry average, according Matt Barnette, vice president of Mercury Security and HID global accounts, Long Beach, Calif. “The economy is certainly a big driver. Most companies that are big users of security equipment are doing well; and when they are having good economic times they tend to invest. But specifically in the security industry, there is a trend to open systems,” he says.
The market didn’t just move at the top end, however. The bulk of the access control market is the small and medium businesses or enterprises (SMB/SME). Recent years have seen more options for these customers than in the past, from more affordable wireless online and offline locks, to cloud solutions that make it easier on the end user while offering RMR for the security integrator.
In fact, Dearing says, according to IHS the access-as-a-service market is experiencing double-digit growth. “Access control as a service will grow the penetration of electronic access control in those smaller installations,” he predicts. Those who offer it are already seeing that.
“In 2017 we grew overall by 20 percent, more than twice the security industry as a whole,” says Steve Van Till, president and CEO, Brivo, Bethesda, Md., a cloud-based access control manufacturer. “General cloud acceptance has been growing,” Van Till says. “We grew our dealer base by 25 percent last year, if not more.” Not only that, but he says those dealers were much more productive than in previous years. “Maybe we have just gotten better at this, but five years ago we would sign someone up and they would do one to three jobs the first year. Now they are doing six figures in the first year.”
Denis Hébert, president of Feenics Inc., Ottawa, Canada, had similar experiences. “The access control industry was very buoyant in 2017, with a continued interest in securing facilities…through flexible access solutions. Feenics was well-positioned for the growing push away from on-premise solutions to access-control-as-a-service alternatives, driving significant growth for our business.”
At all levels of the market there is optimism this year. Samuel Asarnoj, senior vice president, corporate strategy and business development, HID Global, Austin, Texas, points to seven leading indicators that echo the sentiments of many others: 1. Organizations are increasingly embracing the benefits of the cloud. 2. Growth in connected devices and environments is driving IoT at the edge. 3. Mobile access credentials are reaching a tipping point. 4. Trusted IDs are catalyzing convergence. 5. Data analytics are driving risk-based intelligence for predictive models. 6. Security and identity are now boardroom issues. 7. New directives are driving deeper data privacy and cyber security initiatives.
In today’s world, it is no surprise that end users of all sizes have begun to reevaluate their security systems with a cyber security lens. In fact, there are external forces that are requiring it.
“The U.S. Federal Trade Commission has decided it will hold the business community responsible for failing to implement good cyber security practices and is now filing lawsuits against those that don’t,” says Scott Lindley, general manager, Farpointe Data, Sunnyvale, Calif. Other regulations have also grown out of both cyber security and privacy concerns.
One of these is Europe’s General Data Protection Regulation (GDPR), which is set to become a major influencer, particularly among any companies that do business in the EU, or have employees there. With a May 2018 deadline, GDPR suddenly became a hot-button issue this spring, with many companies scrambling to comply in time. But according to technology industry association CompTIA, confusion reigned as recently as one month out from the deadline, with more than half of 400 U.S. companies surveyed either still exploring it or unsure whether it applied to them.
Regulations are a growing issue for most medium- to large-sized businesses. Waipahu, Hawaii-based Integrated Security Technologies Inc. specializes in military and DOD installations, as well as bringing those technologies to commercial customers. Christine Lanning, IST president, says regulations have definitely increased sales in access control. “What has changed over the last year is that at the end of the year for government contractors you have to comply with NIST 800.171 on cyber security,” she says. “There are over 80 [regulations] on the cyber side. When you install physical security systems you have to comply with those. It is no longer an option.”
John Robuck, managing director, Capital One, Bethesda, Md., too, sees a recent trend. “Part of our business is to finance government contractors. One of the things I know that business is really focused on is cyber security and there is a lot of money in that. The security industry has been a little slow to embrace that, but I would say over the last year I have heard more and more dealers speak to the importance of layering in cyber security.”
Bozeman was an early proponent of cyber security for his integrators and noted a reluctance, not just on the part of end users. “I have been on my bandwagon for a long time. The entire industry was late to the table. Nobody gets a pass …. The good news is no one has their head stuck in the sand anymore. It is a change from even two years ago. A lot of people are still trying to figure it out, but ... no one is denying the problem.”
Jason Ouellette, general manager, Johnson Controls, Westford, Mass., says there has been a vetting period as many customers figure out where to go next when it comes to solutions for these and other problems. “They are spending a little more time vetting out cyber security and GDPR, as well as absorbing some of the newer technology shifts and what are they going to do with mobile and cloud solutions.”
Beyond the regulation requirements, there is also a new “owner” of the security system, Dearing says. For years the IT department has been in the room, particularly at the enterprise level. Now, they are increasingly calling the shots. “For the system owners, the proportion being managed by the traditional physical security teams is falling and the proportion being managed by the IT team is increasing.”
Bruce Stewart, business development manager, access control, Axis Communications Inc., Chelmsford, Mass., agrees. “It think a lot of it is the IT convergence. IT managers and directors are becoming more involved in the security decision-making …. If not fully involved with the decision they have a good deal of presence when it comes to making decisions.”
With this change, large enterprise customers are waking up to the idea that not only is their 10- to 15-year-old (or more) access control system probably not secure from a cyber perspective, but that newer systems can offer them so much more return on their investment.
“During Y2K there was a lot of money spent on getting access control systems Y2K-compliant and that was about 20 years ago,” says Tom Echols, president and general manager of global accounts, Security 101, West Palm Beach, Fla. “Those systems finally got to the end of their life. The reality is access systems can easily push 15 to 20 years and at the enterprise level there are really true ROI and compliance issues that having enterprise-standard access control really can drive.”
These issues include identity management, situational awareness, optimized actionable response from better data management and cyber security, says Ken Schafenberg, vice president, integrated solutions division for Boca Raton, Fla.-based ADT (SDM’s 2017 Dealer of the Year).
Phil Aronson, president of Aronson Security Group (ASG), Renton, Wash., adds: “The ability to aggregate the data, analyze it and turn it into intelligence that you can act on is the challenge. We see the emergence of a hub or platform that increasingly manages interoperable applications and sensors. Some of the access control vendors are beginning to position for just that.”
Big data, physical security information management (PSIM) and physical identity and access management (PIAM) systems all seek to address these needs. “What we are finding is a lot of companies being bombarded with audits and compliance requirements,” says Kurt Takahashi, president, AMAG Technology, Torrance, Calif. “We are seeing an increase in all these regulations that companies have to abide by …. When you have to comply with that monthly audit, people don’t realize you have to have copies of all those requests and approvals and show people were accurately taken in and out of that door. That is where access and identity management changes the entire conversation.”
Genetec is another vendor focused on these big-data-type solutions. “We also find access is moving away from locking and unlocking doors,” Arcuri says. “Now we are taking up bigger conversations about managing the flow of people, spotting abnormities and telling the customer a lot about their own businesses as opposed to just locking doors.
“Big data crept up on us,” Arcuri adds. “It used to be a buzzword and now it has made it into the conversation.”
The whole smart building concept is quickly gaining momentum, says Robbie Danko, marketing manager for integrator LVC Companies, Minneapolis. “In many cases it is access control that is driving how a building is used in terms of getting information. In that way, access will evolve more quickly than it has in the past. People are used to living in a smart home and they work in a dumb building. As tenants change, their demands are changing and those expectations are going to change.”
While smart buildings are traditionally seen as an enterprise-level play, at the smaller end of the market, similar influencers tend to come up from the residential market — specifically the smart, connected home. This was particularly evident this year with the well-known connected home platform company Alarm.com announcing its entry into the SMB enterprise and access control space.
“We saw an opportunity to apply our cloud platform and specialized engineering expertise to natively integrate security, video, energy management and access control into an easy-to-use, all-in-one service designed for small- and medium-sized business owners,” says Brian Lohse, senior director of commercial sales for Alarm.com, McLean, Va. “We see how smart home technology and the integration of multiple connected devices and solutions is driving growth in the residential security market. We expect to see the same in the SMB access control space, as well.”
Cloud-based technologies are having their moment in the physical security market, says Eric Widlitz, vice president, North American sales, Vanderbilt Industries, Parsippany, N.J. “They offer a kind of freedom that many small- to medium-sized businesses require for operating their security systems using a mobile device or tablet.”
But cloud is not confined to the SMB market, adds Eric Green, global product manager, enterprise access control, Honeywell Home and Building Technologies, Atlanta. “We also see interest in hosted systems from the enterprise sector. A growing number of customers no longer want to personally monitor the access control system and own the hardware themselves. Instead, they want to use a hosted system they can pay for on a recurring basis based on their usage.”
While there are a host of companies that came to market as cloud-first or cloud-only solutions, more manufacturers have gotten on board the cloud trend, Barnette says. “All the major manufacturers are busy rewriting software to add more browser capabilities and cloud initiatives. I think we will look back in 10 years and say, ‘Why did we do it any other way?’”
Integrator Hank Monaco, vice president of marketing, Johnson Controls, Milwaukee (formerly TycoIS), says his company now leads with hosted and managed solutions. “It is off a much smaller base, but that business is growing dramatically, probably even two to three times what conventional is growing at.”
SDM’s 2018 Industry Forecast Study asked readers for the first time about cloud-based access as a service, and one-third of respondents reported offering it currently. One top of that, half offer managed access control. (See chart, page 52.)
Richard Goldsobel, vice president, Continental Access, Napco Security Technologies Inc., Amityville, N.Y., has seen the pace pick up as well. “The largest trend is our dealers providing hosted services. That is growing at a nice pace.”
At all levels of the market, Goldsobel is seeing positive movement for access control systems in general. “A number of years ago with the economy down, there were certain problems but no money was available. The money and desire is there now …. I think there is more knowledge about it and desire and money, and with those three factors it has definitely escalated the sales cycle to some degree.”
Integrator Jamie Bumgardner, vice president and COO, Prime Communications, Omaha, Neb. agrees. “I think every day customers become more aware of potential threats to their business and they have a much larger awareness of controlling the perimeter. They want to understand who is coming in and who is leaving and when. End users are becoming forward thinking in the way they issue and manage credentials all the way from two-factor authentication to mobile credentialing. They are leveraging current technology.”
One thing many security integrators point to as helping move customers along is the industry’s recent innovations, as well as a willingness on the part of the manufacturers to provide migration paths that are less painful, especially for customers with a large base of installed cards and readers.
From free or low-cost mobile credentials, to open platforms, to readers that can be upgraded remotely or easily from Wiegand to OSDP, hybrid cloud solutions and innovative subscription-based structures, manufacturers are creating more paths than ever before to work with integrators and their customers to help with costly and cumbersome upgrades.
“A lot of our tech partners are getting smart about how to make it less painful to get from where you have been to where you want to go and we are working with them to do just that,” Monaco says. “It doesn’t have to be rip and replace. It can be done over time .… We are seeing that with some of our manufacturers, creating hybrid solutions and ways that we are trying to help our customers to finance changes.”
One of the most potentially disruptive technologies to come about in recent years is the mobile credential, which uses the smartphone as the credential. Yet with issues ranging from cost to bring-your-own-device policies to still wanting a visual badge, customers didn’t rush to switch. The early adoption phase may be ending, however.
Ran Dagan, vice president of product and technical programs, G4S Secure Integration, Omaha, Neb., predicts 2019 will be the year to watch. “2017 was the year for early adopters. In 2018 we will see it grow and I think 2019 will be the year of the mobile credential. It is such a conservative industry and people want to see others walk that bleeding edge. There has been more interest through the first quarter of 2018, but next year I think it will blow up the market.”
Jason Cloudt, vice president of sales and marketing for Omaha, Neb.-based Security Equipment Inc. (SEi), agrees. “We are using some of the Bluetooth readers. We have a handful of customers using it today, but we have some larger proposals out there for thousands of mobile credentials to be used by some of our larger customers. The world is definitely moving that direction.”
Indeed, in a 2017 study, research group Gartner found that 20 percent of organizations will use mobile credentials for physical access control by 2020. “The most promising technology that provides the biggest sales opportunity for dealers and integrators is mobile credentials,” Lindley says of this research. While early systems were more costly and cumbersome, next-generation solutions coming out now provide an easier way to distribute credentials, he says.
Wireless locking solutions have come even farther on the adoption timeline. Peter Boriskin, vice president of commercial product management, ASSA ABLOY Americas, New Haven, Conn., says wireless locks are finally coming into their own. “As much as we’ve done with wireless locks the market has remained in early adoption mode — until recently. Today about 80 percent of doors are still using brass keys. If you look at it as market potential I think wireless still has the largest potential across the entire building environment.”
Cody McCormick, manager of technology integration, Communication Innovators, Pleasantville, Iowa, adds, “We are seeing an upturn in companies wanting to be on the new technology, whether that is driven by cyber security, or if it wireless technologies and they are trying to be cutting edge. Open hardware has made customers more willing to make that upgrade and that change.”
Future Market Changes
With a more positive outlook on the access control market and several technologies and trends starting to see signs of adoption, there are plenty of opportunities for security integrators coming up in 2018 and beyond. But the market is changing and it will be up to the integrator to follow those shifts and adapt.
One of the big changes will be the shift to “as a service” offerings, whether that is managed or hosted access control, network monitoring, cyber security or other services.
“The growth of cloud infrastructure has created a unique investment opportunity for the security channel to reinvent itself around a software-as-a-service model that provides greater value ranging from small to medium businesses, to the enterprise level,” Honeywell’s Green says.
However, not all have gotten on board yet. “Cloud-based applications and recurring monthly revenue are big buzzwords for dealers and integrators,” says Vanderbilt’s Widlitz. “But implementing these aren’t with some challenges and growing pains, as many integrators are having to completely change their business models to accommodate the addition of these services from a more traditional install approach. There is a real opportunity to add significant value for end user through the addition of managed services like access control as a service, and I anticipate more and more dealers and integrators wanting a piece of the pie as it takes off in the market.”
This has been the experience of PSA integrators, as well. “The majority of our enterprise integrators have not embraced the 10-reader managed services business model,” Bozeman says. “Their opportunities are more open architecture, data gathering, AI, and predictive analysis …. But for the middle-sized integrator the opportunity to create recurring revenue with managed services is fantastic. It is the greatest thing since sliced bread. I think it is the same opportunity the burglar alarm community had when the digital dialer was introduced.”
Manufacturers are paying attention. Jeff Stanek, general manager, North America for Pittsford, N.Y.-based Lenel (part of UTC Climate Controls & Security, a unit of United Technologies Corp.), says his company is heavily focusing on opportunities with its newly launched mobile Web and cloud capabilities. “Security customers are embracing new technology in a way not seen since the IP camera revolution,” he says. “Installing software and carrying cards are paradigms from the last century and will sunset in coming decades, to the benefit of users and administrators alike.” (For more on Lenel’s outlook on the market, see “New Access Technology & the Government” online at www.SDMmag.com/access-tech-goverment.)
Brivo’s Van Till adds that cloud has another important benefit going forward. “When it comes to opportunities in access control, the thing about moving to a cloud provider — whether it is us or someone else — is that all the interesting, future technologies are going to come out on the cloud. The first of those has been mobile …. But all the future things that are super interesting like AI and machine learning and big data and VOIP interfaces are all going to be cloud-based. So if you don’t move to the cloud you are not going to inherit the future of new things that come out.”
This is an exciting time to be in the access control market, says Spencer Britenstine, director of sales, South, Aiphone, Corp., Redmond, Wash. “Biometrics, cloud-based, wireless and mobile systems are making tremendous contributions to security and overall convenience. These technologies will continue playing a bigger role in access control in 2018. More data can make analyzing situations faster and more accurate. From an integrator’s point of view this can all be integrated through quick and easy installations using the corporate network infrastructure.”
Indeed, on the enterprise side, big data and smart buildings will give rise to more affordable PIAM-like options, some predict.
“With new machine learning technology we can now take those transactions and start to create indicators around abnormal behavior,” Takahashi says.
Vahary agrees. “Never before has more data been generated and recent advances in cloud computing have allowed for machine-learning applications to be developed and executed in a much simpler manner than previously available.”
These trends are only going to continue to develop, says Kelly Lake, director, strategic alliances, Vingtor-Stentofon by Zenitel Group, Kansas City, Kan. “End users will look at suppliers who can provide interoperable solutions that provide them real-time intelligence of risk and situational awareness. They will leverage technologies that can be accessed and deployed virtually through an outsourced SOC or through a mobile device …. They will want to apply analytics on the data and on the behaviors. And they will want to pull it into one central location like the access control platform.”
Ralph Azzi, solution architect for Communication Innovators sees the ongoing challenge with helping customers migrate turning into an opportunity. “We have to enable customers and convince them that the pain of staying is greater than the pain of change. A lot of enterprise projects are still running proprietary legacy systems without any cyber security measures. But more are willing to do that than in the past. We are able to bring up the subject and meet with them and propose a solution.”
SDM asked, “How would you rate the current (2017) state of the market and the potential for sales (2018) in the access control market?”
More than three-fourths of respondents expect the access control market to be “good” or “excellent” in 2018.
SDM asked, “How do you expect your equipment spending in 2018 to compare with 2017?”
More than 50 percent of respondents expect equipment spending to be up in access control, integrated systems and cloudbased services in 2018.
One month before the May deadline for compliance, just 23 percent of the 400 U.S. companies asked about their readiness for the European Union’s General Data Protection Regulation were fully compliant.