Managed access control — as well as hosted access control — is an area many security integrators are showing a growing interest in exploring. The benefits are many: a stickier customer, the ability to offer a number of extra services, and the all-important recurring monthly revenue (RMR). Yet, while a few are doing managed access successfully, others try it and decide it is not for them, or not the right time, or think it is too different from their business model.
With the increasing acceptance of cloud services and more manufacturers offering solutions that do the heavy lifting for the integrator on the back end, now is a good time to seriously consider adding managed access to your arsenal. In fact, many say if you don’t, you might be in trouble in a few years as more end users who have come to rely on outsourcing services such as IT and payroll will look to do the same with security.
“One trend we have seen is the increase of access control as a service, or cloud-based access control and manufacturers offering more [of these] options,” says Derek Arcuri, team lead – industry and application marketing, Genetec, Montreal. “Integrators are able to invest in this for their end users without having to go through the barriers of investing in servers or hardware up front. Since vendors like us are offering cloud-based offerings they can reduce their risk, get into this business and make a margin on these subscription-based offerings.”
Kelly Bond, vice president of dealer development, Brivo, Bethesda, Md., will be giving a presentation on building RMR at next month’s TEC 2019, sponsored by PSA (See sidebar on this page.) She says that since she joined Brivo to work specifically on boosting managed access control, she has seen a definite uptick in interest from integrators.
“Definitely they are more informed and wanting to do more. They are asking the right questions such as, ‘How do I increase an RMR compensation plan?’ ‘Do I teach my old dogs new tricks or do I hire people specifically to sell in a different way?’ Those are some of the conversations we are having.”
Honeywell Building Technologies, Atlanta, also has seen a good amount of interest in its cloud-based hosted and managed solution, says John Smith, senior channel marketing manager. “We are definitely seeing the shift. We have been selling managed and hosted for the last seven or eight years and we are now beyond any number we thought we would be at this point. The ones that really get it, we are seeing more of.”
Yet for all those that “get it,” there are many others who know the opportunity is out there, but aren’t sure how to access it, says Brian Matthews, director of sales, Feenics Inc., Ottawa, Ontario, Canada. “While we still see very few integrators in the grand scheme of things offering full managed access, almost all of the partners I work with have a customer that they think would be perfectly suited to being a managed access customer,” he says. “However, I would say half of them talk about this being a long-term strategic goal for the company.”
Matthews says now is a good time to get serious about it, both from a customer interest perspective as well as the numbers of viable solutions available. “I think that overall it has been an evolution to a services-based economy that has driven this. Companies outsource some of their most critical components such as payroll and IT to third-party solutions. They were already outsourcing guard services and this becomes a natural extension of that.”
What Feenics and other manufacturers provide is an easy entry into the managed services world, he adds. “If you are an integrator, a single login allows you to see all of your customers at once. Since we have multi-tenant architecture in the cloud, you can just click on that customer and do what they are asking. It is a single pane of glass.”
However, while the solutions may be there and available, there is much to know about how to go about implementing them. Here are some of the most important dos and don’ts manufacturers and integrators who have been through this suggest for those considering making the leap.
DO Your Homework
From choosing the right provider to understanding what you are getting into and figuring out how to start implementing it, doing the research is critical, say the experts.
“Establish a plan and do your homework,” advises Melissa Stenger, vice president of product management and marketing at ISONAS, Boulder, Colo. “Strategically price your RMR model. Build sales programs to incentivize your team. Select manufacturers you can count on and have products that are simple and easy to use.”
Andrew Fulton, head of product management for access control, Vanderbilt, Parsippany, N.J., echoes that last part. “The biggest piece of advice I have is to work with an access control software manufacturer that knows the business and can provide ample guidance in adjusting to this model,” he says. “To maximize the opportunity, the system needs to be easy and quick to install and allow fast and efficient management of the system.”
Managed access control is a different business than traditional security sales, says Matthew Netardus, head of system design, Security 101, Hampton Roads, Va., of his experience developing a managed access offering. “The biggest advice is definitely get started on restructuring that side of your business early on,” he says. “We thought we could run this like we did the rest of our business. To successfully run a managed product in an economically viable way, you really have to treat it entirely different than a traditional six-door access sale. It is a different business.”
Louis Boulgarides, CPP, president and CEO, Ollivier Corp., Los Angeles, is another integrator who has been there and gone through the process. “The process for us involved going out and vetting various products to use for managed access. Our criteria is we didn’t want to have to host those systems ourselves. We wanted the company we use to have a fully cloud-based solution. We ended up with BluBØX and Brivo as the primary platforms we were using.
“One thing that is challenging is there are a lot of companies that are moving into this space and saying they can do a lot of things. We spend a lot of time vetting the people we are going to partner with. Most products can’t do everything. If that customer has a bad experience or the product doesn’t do what you promised, it can kill your program before you even get going. That is one thing we learned.”
Don’t forget the legal aspects, adds Brent Mahoney, sales engineer for Omaha, Neb.-based G4S Secure Integration. “Managed services create a different type of legal agreement than a typical installation. Uptime and availability needs to be defined in a different [way] ... Start with the contract then price out your offerings. Seek outside legal advice on contract structure and language.”
DON’T Grow Faster Than You Can Manage
As with anything new, you have to walk before you can run, which is why Netardus and his company, Security 101, took their time finding and developing a solution. “We got the process started about three years ago,” he says. “We built the solution on the Genetec backbone so we can offer a series of different offerings, not only fully hosted but fully managed. We went through a series of iterations, testing them at my office, my house, making sure we felt comfortable from a cyber security perspective and were using the right hardening practices. We got it built a year later, and that is when we started moving toward the beta phase with a series of businesses.”
He also kept the number of customers down intentionally, with two larger organizations and a handful of smaller sites, he adds. “We have kept that fairly low as we grew this because we didn’t want it to grow faster than we were able to manage. We wanted to grow it steadily and slowly.”
There is a tendency to want to move too fast and get overwhelmed, says Patrick Barry, CEO, BluBØX, Andover, Mass. “Integrators quickly learn that the more customers you have, the more manpower you need to fulfill their requirements. They quickly realize that the better recurring revenue solutions are ones where they don’t need to scale their manpower with their customers.”
Make sure you are good and ready before you launch, Netardus says. “Make sure you are willing to give it away for six months and say, ‘If you are not happy you don’t have to pay.’ If you are not confident your product will bring enough value that they will be willing to pay for it in six months, you are not ready to launch.”
DO Get Buy-in From Your Employees
One of the biggest challenges for many integrators is transitioning from a traditional sales model to an RMR-based one.
“The challenge for any integrator in providing more managed access is the shift from a more ‘sell and install’ model to that of RMR, which takes quite a bit of adjustment and the development of new procedures for sales and support teams,” Fulton says.
“I have done a lot of training and the biggest thing I tell everybody is make sure you pay your people for RMR,” Smith adds. “The biggest mistake I see is integrators hear about the attractiveness of RMR from hosted or managed services, but their business model has been enterprise integrated systems and now they want to get into this. If you don’t pay on RMR and make sure their salespeople are committed, if they are out selling a $200,000 building system, what is going to be their incentive to sell a $2,000 laundromat?”
Boulgarides solved this by offering both types of compensation. “We have a structure where they are compensated for both installation and RMR. We don’t have dedicated salespeople for one or the other.”
Netardus turned to the IT model when working on his company’s plan. “I actually adopted a lot of procedures from the IT industry, which is built for managed technology services, not security integrators. … Every single thing about this is separate and different from the core Security 101 model.”
Whether you cultivate existing employees or add new ones to promote this new way of doing things, Piyush Sodha, co-chairman of Kastle Systems, Falls Church, Va., stresses the service aspect of managed services. Kastle pioneered managed access back in the 1970s. “It is all about the service. We benchmark ourselves with JD Powers to ensure we receive independent assessments. … Every employee at Kastle is rewarded based on our JD Power Scores.
“Surround yourself with people who are passionate about customer service. Clients are more loyal to people who solve their problems than they are to systems. Great technology is easier to replace than great people.”
DON’T Get Easily Discouraged
While some integrators go too fast out of the gate, others try out managed access and too quickly decide it isn’t for them. Not so fast, say those who have succeeded.
“In order to do it the first thing that has to happen is the integrator has to be willing to invest and not move away from it just because it isn’t going gang busters,” Boulgarides says.
Matthews has seen this happen before. “I saw an integrator that hired five people to go and sell hosted and managed services and never looked at the average lifecycle of an access sale. It is a long game. It is not something you are going to have overnight success with … Figure out how to make that transition. Is it a new employee? When can you support them? How do you finance it? Do you have a customer in mind that will pay for 50 percent of that employee? It requires a slow, methodical approach. I haven’t seen anyone that jumped into this and overnight made money at it.”
The integrator has to be all in,” Bond says. “They can’t be wishy-washy. They either have to say, ‘I want every solution that walks in the door to have RMR or be offering something you can attach RMR to.”
Sodha says be prepared to lose some sales to the traditional model, but it is worth it in the end. “Be patient. Not every potential customer will initially grasp the powerful benefits of buying the fully managed security services we describe, and we may lose some sales early on. However, those lost opportunities will frequently return to us when they come to realize the value of our managed security approach after they’ve experienced two or three years of service they receive from a more conventional access control provider.”
Boulgarides adds,” I think you have to really make a commitment to it. Invest in it, invest in leadership and stick with it even if it doesn’t start off amazing. People sometimes want to move in that direction but they don’t have great success so they move on to the next thing. You have to make a commitment and stick with it.”
DO Find the Right Customers for Your Business
Many integrators and even manufacturers assume that the ideal customer is the small to medium business that doesn’t have their own IT or even security department. In the bulk of cases that is true; but, you should not assume that will be the case for yours. Some are finding success with enterprise clients, as well.
Know your customer base and how managed access can help them. “Make sure you and your customer have the same expectations of the end result,” Matthews says. “Ideally it may be a customer that the integrator already has a long-term relationship with and a clear understanding of their needs. Managed solutions should have some key metrics such as how many schedule changes, employee adds/deletes per month, and reports might be expected.”
That is what Netardus did, he says. “We focused heavily on the right type of client — those that won’t have 50 to 100 changes every day. Long-term we do want to aim for those, because we can bring the most value, but we don’t want to run before we can walk.”
The important thing about managed access control is it is a commitment between integrator and customer, Arcuri says. “There is a long-term relationship based on service. … Managed services are one way to get closer to the heart of the customer’s security business and ultimately provide a token of trust. If the end user trusts you to manage all their security, it is harder for them to move away. It makes them stickier. We think it adds a lot more value and success because you are building that relationship-driven business with end users.”
DON’T Get Left Behind
Perhaps the biggest piece of advice from those in-the-know is simply do something to start preparing for this model, before it is too late.
“If you are only selling security hardware, software and installation services, then you are in a race to the bottom,” Barry says. “Integrators should know that the cost and margin of physical security hardware continues to drive to zero, [while] the value of physical security services remains high and even increases over time.”
Stenger adds, “Integrators should consider managed access as an opportunity to expand and differentiate their business. Managed access is and will continue to be one of the key drivers of growth in the physical security market and understanding this business model will be a benefit to future growth of their organization.”
While traditional models are not going away by any means, more and more customers are likely to be asking about managed options, Bond says. “End users will be aware that cloud-based services are available and if they don’t have a solution to offer they may end up losing business because of it.”
Netardus says part of his motivation was he didn’t want to give the “Blackberry” speech. “I would like to think we are more prone to new and unique ideas out of this office, but we had to look at the next five or 10 years and say, ‘Let’s assume we are right about the path, but what could put us under? How do we make sure we don’t have to give the Blackberry speech?’ This was a concept that we felt, if we don’t have the ability to do this we will be in trouble.”