Intrusion/Access Control/Physical Security: Make a Smart Move

Sept. 10, 2012
Transitioning from legacy to web-based access control is easier than ever, and gives additional levels of control and automation

This article originally appeared in the September 2012 issue of SD&I magazine

Historically, utilization of software for managing employee and visitor access privileges to facilities was restricted to specific enterprise PCs and workstations. This not only limited the ability of enterprise security decision makers to quickly respond to critical and day-to-day security events in real-time and from any location, but also came along with high cost burdens associated with these client/server-based access control systems.

Today, executives and security decision makers are more informed on alternatives to legacy access control systems that can provide greater flexibility and scalability. Notable among these emerging solutions is Web-based access control, which delivers feature, functionality and cost benefits to the enterprise relative to client/server environments.

Effectively communicating the key benefits of Web-based access control outlined below to existing and prospective customers presents security integrators and resellers with a significant opportunity to grow their business, improve recurring monthly revenue (RMR) and generate a more consistent revenue stream.

Extended mobility continues to rise

In a 2012 Forrester Research report, Cambridge, Mass., 52 percent of surveyed workers indicated they used three or more devices for work purposes, while enterprise mobility services firm iPass, Redwood Shores, Calif., estimates that 64 percent of mobile workers now carry a tablet. There is little doubt the increasingly mobile workforce is transforming enterprise end-user expectations on how, when and where they can access and interact with both critical and day-to-day business applications.

The mobile enterprise shift has implications for access control. Legacy client/server-based access control systems limit user access to a small handful of authorized PC and laptop workstations. This is not only an inconvenience for administrators who spend less and less time tethered to the office, but security vulnerability in the event that an administrator is off-site and needs immediate access to the system to adjust employee or visitor access privileges.

Web-based access control enables security and facility managers to interact with and manage employee and visitor access privileges quickly and easily from any location without being tied to a dedicated client workstation or paying for software licenses per user. With a 100 percent browser-based Web application, security integrators and resellers can now offer customers the flexibility to securely manage access privileges from a broad range of devices (smartphone, tablet, laptop), from any location (home, office, road) and via any standard Web browser (Firefox, Safari and Internet Explorer).

For administrators, Web-based access equals freedom: The freedom to access a Web application at home via a secure virtual private network connection when unforeseen incidents occur. Or the freedom to utilize the organization’s secure wireless network to manage privileges on an iPad or smartphone while on the move—particularly valuable for enterprises with multiple, dispersed facilities. No longer are users anchored to specific buildings simply because a PC loaded with access control software happens to be at that location. Finally, organizations have the technology freedom to seamlessly adjust permissions from, for example, a user’s iPad to an Android phone.

Cloud-enabled for rapid deployment

Security integrators and resellers who have traditionally delivered physical access control systems may question their “cloud readiness” to provide Web-based access control and how quickly they can deliver it. The fact is that integrators that already sell access control are fully prepared to offer cloud services. Web-based access control exists on the front end, so it can be quickly and easily integrated with door controllers, hardware, readers, wireless locks, switches, and wiring. As a result, Web-based access control that is cloud-enabled can be implemented in a matter of hours.

Web-based, cloud-enabled access control systems become even more valuable and cost-effective when an enterprise can leverage its existing virtualized environment. There are currently Web-based access control solutions that are purpose built to deploy in a virtual platform like VMware, eliminating the need to maintain a separate, stand-alone server or dedicated network appliance.

For customers that have already virtualized all or part of their IT infrastructure, security installers that can deliver cloud-enabled access control have a great opportunity. As an organization’s annual service contract of its client/server-based access control system comes up for renewal, security integrators can position themselves with feature-rich, cost-effective alternatives that leverage the organization’s existing virtual infrastructure.

Ability to deliver access control as a managed service

As enterprises increasingly seek greater pricing and scaling flexibility, forward-thinking security integrators and resellers are actively shifting their business strategy around the “as-a-service” model.

The ability to deliver access control as a managed service offers new recurring monthly revenue (RMR) opportunities for security integrators and resellers, as they can benefit from a more predictable revenue stream via monthly managed service fees and a competitive advantage that results from offering customers multiple options. Additionally, access control manufacturers that view the channel as a truly strategic component of the value chain offer web-based access control physical and virtual network appliances, ready-made for a hosted-managed service offering, as a service to the reseller. This approach means that resellers can achieve profitability for the head-end on day one, instead of having to purchase the head-end and manage the financing. This should not be confused with Software as a Service (SaaS), a structure in which the manufacturer owns the account. With “PACS Appliance as a Service,” the channel owns the appliance that is operating in the cloud and therefore owns the account.

For customers, this model delivers several key advantages:

Flexibility and scalability

The flexibility of the managed service model means that, if the customer chooses, the integrator can host all of the servers and equipment. By doing so, enterprise customers are not required to make up-front capital outlays to stand up servers at their facilities. That said, if a customer wants to manage the IT infrastructure itself, this option and others can be easily tailored as well.

Eliminates day-to-day operational administration

In a managed service model, the reseller and customer execute a service license agreement covering all aspects of the operation to include the day-to-day operational administration. There are myriad tasks that fall into this bucket such as adding doors, changing roles and policies, creating new tokens and replacing old ones. All of these tasks can be translated to a fixed operational expense for the customer.

Accessibility on the fly

For a Web-based managed service deployment for access control, customers can indeed refrain from interaction with the system software. That said, under certain circumstances whereby they need immediate utilization to view the system software it’s as simple as device of choice (iPhone, etc.), login (ID and password) and review—just like access to a bank account—secure, simple, and efficient.

Eliminates costly upgrades and maintenance

In addition to eliminating up-front physical equipment costs for organizations, the managed service model also rids the customer of significant and recurring costs associated with management the IT infrastructure. In fact, for many organizations the cost of installing, licensing and provisioning a new rack-mounted server can exceed the cost of fully transitioning to managed service model for Web-based access control, in some cases saving the enterprise customer upwards of 40 percent on recurring annual system support and licensing costs.

It goes without saying that organizations evaluating options for access control systems hold security in the highest regard. For this reason, security integrators must be prepared to address misconceptions that still exist around whether cloud and Web-based services are as secure as traditional access control systems.

The fact is that Web-based access control offers features and functionality that enhance an organization’s security posture. From one consolidated screen, administrators can view and manage alarms, video surveillance, facility maps, and identities including photo and personnel details. And if an event alarm is triggered by an unauthorized door held or forced open, computers in an adjacent room can automatically suspend network access and also send a command to an IP camera to stream video to the security or network operations center for further investigation.

For security integrators and resellers, cloud-enabled, Web-based access control can generate improved RMR, a competitive advantage in an increasingly crowded market and a more consistent revenue stream through a managed service approach—if integrators can effectively communicate the benefits of Web-based access control to enterprise customers.