To many security dealers and integrators, cloud-based access control is something that utilizes a cloud-first or cloud-only approach. Typically, it is used for hosted or managed access control, and is primarily aimed at smaller-sized end users that don’t have their own security or IT departments. Right? Not so fast. 

There are commonalities when it comes to defining what access control in the cloud is — and what it isn’t. For example, Jeff Perri, president and COO, Prodatakey, South Jordan, Utah, defines it as a seamless environment for the user. 

“In some cases you will find platforms in and out of our industry that tout they are cloud-based but really they are just Web-hosted from the site. What we find in the security industry is there is really this noise that has made it difficult to define what true cloud-based access control means. For us the definition is unity of platform. What I can do on my computer I can do from my smartphone or tablet and have 100 percent functionality on all platforms.”

BluBØX, Port Washington, N.Y., has a six-component definition of cloud-based access control, according to company president, Patrick Barry. These include: broad network access; on-demand self-service; a shared pool of configurable computing resources such as servers and storage applications; the capability to be elastic and rapidly provisioned and deployed; minimal and outsourced management; and measured service.

For Steve Van Till, president and CEO of Brivo, Bethesda, Md., the true cloud server is not necessarily public. “Publicly available means not a private server,” he explains. “We see some people taking old, non-cloud software, running it in a virtual private server and calling it cloud.”

Nor is cloud necessarily managed. It’s usually hosted, but that can get murky as well, Van Till says. “It can be a managed system without cloud. Many managed offerings hide the fact that they aren’t a cloud solution. People also equivocate on the term ‘hosted.’ Taking old software and putting it on a virtual machine at Amazon is hosted, but certainly not cloud.”

Others are looser with their definition of cloud. Ross McKay, director of products for Pittsford, N.Y.-based LenelS2, part of UTC Climate, Controls & Security, a unit of United Technologies Corp., calls his company’s evolving cloud product line — which is starting with infrastructure as a service — a hybrid solution. “It will have some data on-prem and some off-prem. [Our customers] want to be very surgical about what data is within their own four walls and what data is outside.”

This is part of an emerging trend that may change or expand the definition of cloud, adds Peter Boriskin, vice president of product management at ASSA ABLOY Americas, New Haven, Conn. “In today’s cloud environment it is important to define cloud-based access control not only in what it does, but how it is set up. Some utilize a public cloud where the system is operated by a third party.…Meanwhile we are seeing larger enterprises and government entities that prefer to set up their own private cloud so they can be the custodians of their own data. We are also seeing hybrid models where confidential data can be stored onsite while the processing power can be handled by a third party.” 

Boriskin says cloud-based access control isn’t so much a technology trend as it is a market trend. “We are seeing a whole new level of acceptance of the solution. There are now so many access control manufacturers leveraging the cloud that it is finding its way into all verticals and market segments. 

“It’s hard to put an exact number on it, but it would be safe to say that current growth of cloud-based access control solutions is easily 10 times the growth of non-cloud solutions. More contextually, we are at a point in prevalence where every integrator needs to have access to a cloud-based solution of some type or they risk being left behind.”


Is Cloud Access More, or Less Cyber-Secure?

If you speak with cloud-based security providers many will tout that they are more cyber secure than on-premises solutions. But is that really true? Conversely, some users are reluctant to put their information in a public cloud for security reasons. Who is right?

Brivo’s Steve Van Till  says there is still some lingering concern about security, though it is better than five years ago. “It used to be people’s number one concern [about cloud]. Now they are using cloud for everything so that has largely dissipated,” he says.

Does that mean the opposite is true, that cloud is more cyber-secure? Not necessarily, Van Till says. But the nature of cloud does give it the advantage. “Cloud is not intrinsically more secure but it is better managed by people. Most systems are completely untended and unprotected.”

Cloud also has the advantage of remote updates and patches, keeping things more up-to-date than an on premise system, unless the users are extremely vigilant.

Cyber security is relative, no matter if it is in the cloud or on premise, says Derek Arcuri, Genetec. “It is foolish to say cloud is always more secure. It depends on the end user. Some might be the state-of-the-art Silicone Valley organizations where their practices are very strong. Others don’t invest as much in security as Amazon or Microsoft. We selected Microsoft Azure [as our public cloud] because we trust them. They spend billions on their cyber security efforts. It goes back to the principle of do I store my money in a checking account or under my mattress? Someone might have a crazy secure house, but we trust Microsoft just like I trust my bank.”

This trust is generally not in question. “There are several positive aspects to the public cloud, as it is staffed with experts who look at security and up-time around the clock,” says Peter Boriskin, ASSA ABLOY. 

In fact, it is a large part of the reason many say cloud is more secure, adds BluBØX’s Patrick Barry. “It absolutely is more secure than the traditional client-server architecture or hosting your security system in a private datacenter. Anyone who says otherwise is penny wise and pound foolish. You will never be able to achieve the cyber security protection that public clouds provide. The most important thing you can do for your building is to separate the people from the computers, data and networks when it comes to cyber security.… The cloud is not perfect (no solution is). But it is better than client-server.”


Manufacturers themselves are coming at cloud from all sorts of perspectives. Prodatakey originally introduced its cloud-based system as an addition to an existing standalone platform because they saw the trend coming, Perri says; but they were surprised by the reaction. “We anticipated we would see a gradual decline in on-prem solutions and increase of cloud as people started to adopt. What we saw instead was a hockey stick in cloud connectivity. As people saw there was a cloud option they jumped to that.”

Derek Arcuri, product marketing manager, Genetec Inc., Montreal, calls this the ‘iPhone effect,’ comparing cloud adoption to the disruptive technology of the early 2000s. “All of a sudden people got used to working on a smaller screen. That forced the market to adapt to create smaller products. We are seeing that in our market where cloud-based is growing because of the expectations in consumer life like sharing photos held in the cloud. No one wants to install files on a machine.”

Cisco predicts that by 2020, global cloud use will account for more than 92 percent of total data center traffic, notes Eric Widlitz, vice president, North American sales, Vanderbilt, Parsippany, N.J. “Cloud services have become well established across almost all industry sectors, and changing customer demands mean that many businesses are now reinventing their offerings to harness the power, flexibility and functionality it offers. This is a trend we will see continue to grow as more intelligent software is developed and able to integrate with cloud-based systems.” 

Cloud solutions have expanded horizons in a real way, says Wayne Jared, vice president of engineering, 3xLOGIC, Westminster, Colo. “Cloud solutions change people’s thinking and open up new opportunities as a result. When the ‘right solution’ evolves from a closed network to a solution that can be accessed from anywhere, suddenly mobile credentials, remote management, broader integration with other devices and solutions become obvious.” 

Most security integrators today are interested in finding new ways to get the coveted recurring monthly revenue their dealer counterparts have enjoyed as part of the security alarm business. Cloud offers a great way to do that; but there are many other benefits to cloud-based access control for both integrators and their customers. 

“For integrators, especially small integrators, cloud-based access control allows them to provide a scale beyond their size,” Boriskin says. “For end users, cloud breaks down barriers to access.”

Cloud is easier to install, because it doesn’t require on-site computers, servers or database specifications, with all that entails, Widlitz adds. “These, plus no complex network routing  make it easy to install. Remote diagnostics, technical issues and services can be carried out from a Web-based portal or smartphone — by simply logging in, it’s possible to remotely view status, grant and revoke access, view video and more.” 

Beyond the RMR for simply hosting cloud access, integrators can choose to do more managed services, or charge for diagnostics and maintenance that is now much easier and more cost effective to offer. 

“The real value-add for integrators is the service offering they can provide their customers,” says  Chris Wilson, vice president of operations, Paxton Access, Greenville, S.C. “They can get the system installed easily and provide value remotely from configuration changes, adding and removing users and reporting on the system for their customers.”

This is huge for dealers and integrators, says Richard Goldsobel, vice president, Continental Access, Napco Security Technologies, Amityville, N.Y. “One of the biggest things we spend time on and our dealers spend time on is loading software on various platforms and maintaining it, keeping up with service patches and security patches and security individual users and domain privileges. Getting all of that right is a huge support time issue. In a hosting environment you eliminate a huge portion of those headaches…. Dealers love the RMR, and that is great; but all of those support issues become much simpler as well.”

Not only are diagnostics after the fact easier, but getting the job in the first place might be easier as well, Arcuri says. Often integrators will compete based on price and a big metric for that is the total cost of labor. “Integrators that do lead with access as a service often come out ahead,” he says.

Van Till agrees, adding there is an opportunity for more profit on the front end as well. “The number of hours they would normally invest installing the database and software, setting it up, bringing it to the customer’s building, making sure the licensing is correct and having a tech trained to do all of those things is a huge up-front expense that is eliminated. The integrator can choose to be more price competitive or get higher margins, depending on what the market will bear.”

Access control in the cloud started with small business end users because it made sense. Offering them a way to get many of the same features larger enterprises enjoyed while not having to have the same infrastructure was a natural fit. But the cloud trend has moved on in such a way that enterprise customers themselves are also looking for ways to employ cloud.

This was one reason Genetec put a plan in place about seven years ago to work towards an enterprise cloud solution for video as well as access control customers, Arcuri says. “When we launched Synergis Cloud Link that was our first external move to start preparing customers for the cloud. We began offering access control in the cloud in November 2017. We scanned the market to see where current cloud-based vendors were serving. We decided to stick to our enterprise guns and offer it to them because no one was really satisfying that need. So far it has been fairly successful.

“The enterprise market has a thirst to move to access as a service, but they haven’t been able to get the response they were looking for [from providers].”

Genetec is not alone in that assessment.  Honeywell, which introduced its SMB solution, MaxPro Cloud, in 2015, recently released a version of ProWatch that can be hosted in the cloud, says Aaron Barbe, SMB offering manager for access control, Honeywell Building Technologies, Atlanta. “It is a relatively new trend to move hosting software and IT solutions to cloud management…. Some enterprise customers have requested the ability to host access control in the cloud. They want to get away from all the infrastructure.”

Brivo’s Van Till is also noting the changing attitudes. “From the outside we look like a company addressing the SMB market; but our growth has been more pronounced in the enterprise space in the last couple years.”


Advice for Integrators Looking at Cloud Solutions

As more and more security integrators look at cloud-based access control solutions, here are some words of wisdom from industry experts:

“Don’t be shy to understand the value and to deliver that to your customer and charge for it. Dealers who are new are sometimes gun-shy to charge for RMR. Don’t short-change yourself as an organization.” — Jeff Perri, Prodatakey

“My best advice is really start small. Prove out your own solution at your own office. There is nothing like teaching yourself. I learn every day by failure. Don’t wait until you have the business in hand to learn.”  —  Richard Goldsobel,
Napco Security Technologies

“Focus on training or converting your sales force to be able to do this kind of sale. People that have been selling traditionally have a hard time changing their behavior. To be successful you need new employees starting fresh, who are used to RMR.” — Steve Van Till, Brivo

“The customers reaching out, at least to us, often represent very large systems. Most integrators seem to believe that cloud access control systems only serve small customers with a handful of card readers.” — Paul DiPeso, Feenics


Because it is a burgeoning trend, there is not good data on the adoption levels of cloud access in the enterprise space, Van Till adds.  But he notes that revenue streams from this end of the market have been steadily increasing. 

Boriskin sees this as growing evidence of the need for hybrid cloud solutions. “We are seeing larger enterprises and government entities that prefer to set up their own private cloud so they can be the custodians of their own data.”

McKay says that while Lenel doesn’t have enterprise customers demanding cloud, there is a sense that access control is a bit of a dinosaur in the enterprise. “The IT guy says, ‘You are the only one left on-prem; you are the red-headed step child. When are you going to get rid of that?’”

The use of cloud is increasing overall in the enterprise, leading those customers to view older access control solutions with a critical eye. 

“With the increase of bandwidth, WiFi availability just about everywhere and server farms on every continent, global entities now see ACaaS (access control as a service) as a credible offering,” says Paul DiPeso, executive vice president, Feenics, Ottawa, Ontario. “Feenics has a number of enterprise customers with hundreds, and some with thousands of readers in a hosted environment because the metrics proved that the cloud improved their total cost of ownership.”

More Online

For more on cloud-based access control, visit SDM’s website, where you will find the following articles:

“What Do Enterprise Security Customers Want?”

“State of the Market: Access Control 2018”

“The Access Control Cloud: Security Integrators Share Their top Benefits”

“How the Cloud is Making Access Control Simpler”