Canadian Security Magazine

Making access control more accessible

Jennifer Brown   


Management of access control has increasingly been migrating to a web interface, which has made it more attractive to end users in an outsourced model and for security systems providers to adopt as an additional service they can provide to earn more recurring revenue.

According to statistics from IMS Research, the global access control market was forecast to reach over $1.8 billion in 2010.

In the fall, the U.S. arm of IMS predicted the demand for Software as a Service (Saas) and web-based access control systems in the Americas in particular would grow significantly. The firm’s access control market analyst Blake Kozak says trends in access control are centered on the ideas of flexibility, scalability and integration.

In his report, Kozak stated that SaaS, web-based access control and electronic cylinder locks will be at the forefront as the market emerges from the recession and companies look to go lean, not wishing to adopt large infrastructure systems, hardware and software, but rather pay for access control services in a utility model.

Web-based access control can be connected to the Internet for remote configuration or through an intranet for standalone access control. In an attempt to make access control easier and more affordable for smaller businesses, the market continues to see an influx of SaaS and web-based access control systems. Both approaches share similarities in that they are both scalable and can reduce or eliminate costs associated with PC-based systems.


The difference is this: Web-based access control systems use either PC-based software or embedded web servers in panels while with SaaS, everything is configured, updated and managed via the “Cloud” and updates are automatic and not controlled by the user.

Companies like Keyscan and Brivo are among those providing Software as a Service Access Control. SaaS allows end users to have some basic control over their system from virtually anywhere there is an Internet connection. The dealers that are looking to create recurring monthly revenue use the same panels and software that they are already familiar with and with Keyscan’s reverse network licences (K-RN) and the NETCOM6 network communication board, the panel uses the Internet to find the host server itself.

This requires no more IT knowledge than installing a standard system and makes it easier to work with end-user networks, firewalls, etc. Plus, the dealer can then package (and price) their services to the end-user however they like without having to pay a monthly fee to Keyscan as in other models.

In April, Kantech announced the release of hattrix, a security platform that addresses the shift toward outsourcing security, similar to other services such as IT. hattrix encompasses three dimensions of security services — a hosted access control solution, a fully managed solution, or a hybrid approach where end users can employ different access control services to meet their specific needs.

hattrix offers “WebStation” which includes email reporting and live events viewing to enable end users to remotely control their own security management tasks in real-time over the web for a hosted approach, or turn over some or all security responsibilities to a Managed Service Provider (MSP) for a hybrid or fully managed solution.

Brivo has been providing access control as Software as a Service for 10 years now with 2.5 million users on their system.

“We have about 15,000 administrators log in to the platform everyday,” says John Szczygiel, vice-president with Brivo Systems. Szczygiel says web-hosted access control was an anomaly that years ago had to be explained to potential clients who were skeptical. But increasingly, people realize they use SaaS as an application in their daily lives. Online banking is the example provided most often when explaining how SaaS works. The bank provides the service and you don’t have to maintain, buy or update the software behind the service. You go to the site, authenticate yourself and go about doing your banking.

What really catches the eyes and ears of facilities managers and security professionals now is the bottom line conversation that comes with SaaS.

“You don’t need to invest in hardware so you have the initial capital savings as well as on-going operational savings. There is no software to buy so no on-going expense there — the administrative and technical support required can’t be underestimated. Where they find a lot of value is in the software, hardware and not having to deal with that and personnel — we’ve had customers describe how they see 100s of hours a year doing security patches — or auditing the systems. There is also the issue of privacy — to ensure nobody internally is pulling private information,” says Szczygiel.

When it comes to buying access control in this way, the decision is often by a Chief Information Officer (CIO) when the security of a facility is managed by the IT department, an increasingly popular model especially with smaller organizations.

Those adopting the SaaS model range from small businesses with one or two doors up to large business with thousands of locations.

“They find the benefit of having hosted access control and not having to invest in infrastructure for good security,” says Szczygiel.
“The SaaS model applies really well to organizations with geographically dispersed facilities. The SaaS applications hit those situations out of the park in terms of deploying in multiple locations, providing the local administrator the ability to log on and administer the system,” he adds.

Kozak says web-based access control systems will continue to gain market acceptance, particularly in the Americas where there is a preference towards “out-of-the-box” type solutions.

“With web-based access control when you have server onsite or offsite – people would use a web browser to log into an individual panel and or to manage the access rights but with Software as a Service there is nothing on the customer site except for the browser and card readers and in some cases panels but in terms of software as a service it’s managed remotely and end user doesn’t have the ability to request updates or the updates are done automatically,” says Kozak.

It is the dollar savings that more often than not will make the case for these kinds of access control models. “You don’t have systems to maintain or deal with updates,” says Kozak. “You can manage it yourself, or have it hosted and pay monthly fee to manage all access rights.”

Print this page


Stories continue below