Total Cost of Ownership is a well-studied discipline within IT at large, but its results have seldom been brought to bear on the world of electronic access control. Now that the Internet-based Software-as-a-Service (SaaS) model for access control management platforms is in many cases replacing the traditional server-based approach, integrators and end-users alike should evaluate which is the most cost-effective solution.
Until recently, it has been common for buyers to think of system cost in terms of one-time, up-front server and software expenses; however, it has become a well established fact that the largest part of PC or server ownership cost actually lies in ongoing operational expenses, maintenance and support agreements. This is particularly true of computer systems providing infrastructure services such as access control, because they must be held to a higher standard of availability and performance than ordinary office equipment.
Recent research by Brivo Systems reveals that for most classes of applications, the SaaS model for security management platforms is the clear operational and financial winner, due primarily to the economies of scale introduced by hosted application services.
The study concluded that the SaaS solution has a nearly $26,000 (or 76 percent) advantage over a server-based solution. This article will examine the cost factors and methodology that led to this conclusion.
Cost Factors and Methodology
To perform a cost comparison between traditional server-based and SaaS security management platforms, the following categories of operational expense were examined:
• Initial installation costs , such as hardware and software license purchases, as well as labor expenses for provisioning control panels, servers or other software systems.
• Recurring fees , including SaaS subscription fees, server software licensing and hardware and software maintenance agreements.
• Operational expenses , such as electrical power, rack space and disaster recovery sites.
• IT staff costs , including routine maintenance, troubleshooting, patches for server-based systems and the cost of upgrades and replacements.
A number of additional factors are often included in a complete TCO analysis, but they vary considerably from organization to organization. These factors include organizational cost of server downtime (including lost productivity and explicit cost of IT and security staff time to remediate failed systems), and business risk cost of system unavailability (including lost revenues, liabilities due to service level agreements and loss of good will). These factors were difficult to include in a meaningful generic model and were excluded .
The costs of procuring and installing lock hardware, readers, sensors, control panels, wiring, and other common items were assumed to be equal across both server- and SaaS-based systems. In other words, all TCO differences between the two types of security management platform were the direct result of IT and operational expense factors, not the specific model of control panel, reader, etc.
Within this framework, the methodology for establishing the expense of every relevant management platform line item in our TCO model was to work from documented sources. Those included actual quotations from integrators to end-users for various types of system installation, or, equivalently, from published price lists available in the industry; published studies on the cost of various types of IT services and/or staff time; and published rate structures for publicly available services, such as electrical power, rack space and off-site backup services.
Two composite case studies were used as examples for the purposes of this article. The first is a single-site access control system with a total of six doors. The second is a two-site system with six doors per site, requiring a common access control system across both, linked by an IP network.