Software for head-end systems, visitor management, credential management, device management, intelligence aggregation such as PSIM that can talk to the mandatory hardware and they are great candidates since they are complex and expensive to deploy and manage in-house. And while it may not be convenient to access the system from a web browser all the time, the incorporation of mobile devices via purpose-built apps make this more convenient than ever, if not liberating.
The picture is not all rosy, however, as there are plenty of gaps that remain. Many cloud solutions in the physical access space are quite underwhelming compared to current offerings in IT because:
- Fundamentally, cloud environments are IT infrastructures, and physical access, in general, lacks the expertise and insight in this area;
- Vendors are resistant to using recognized, neutral, standard protocols that benefit the community rather than the current closed ecosystem;
- New licensing and contract structures; and
- Lack of mass demand to steer vendors to produce better offerings.
It will be essential to incorporate recognized standards -based interfaces from hosted cloud applications that can communicate with onsite endpoint hardware devices, and, in turn, hardware manufacturers must open up their interfaces to connect to them. The reciprocation of both approaches will require the adoption of standards that already exist in IT rather than creating new ones just for physical access — which will also move the industry forward as a whole, not just within the context of cloud applications.
Even with all its advantages, the concern for security in the cloud is well justified. There is a common assumption that everything in the cloud is less secure and could be more effectively safeguarded in-house. As a general statement, this can be true, but it varies greatly across providers. One of the factors that have enabled adoption in IT is that they have become more skilled in evaluating cloud providers, auditing methodology, and incorporate sound principles into the service agreements that are potentially executed.
In summary, inspect what you expect, and have a sound methodology when doing so. The cloud is a very specialized area, but sources such as the Cloud Security Alliance (CSA) can be informative in this area. Another resource could be your colleagues in IT and information security.
The NET Effect
While the cloud’s proven benefit of paying “as-you-go” is good, even better is that it in turn enables end customers to stop paying and “go-somewhere- else” if their provider is not performing to expectations. In this paradigm, suppliers are now judged based on performance and quality of service they deliver rather than how tightly they lock customers in. This is quite possibly the most significant aspect contribution from the cloud model, because it is changing the way business gets done.
As radical as this may sound for physical access, it is quite the norm on the IT side. It may even serve as a mandate to not invest in offerings that “lock in” end-users. While many vendors may resist giving up this level of control, it will only likely make them less competitive in the market against others completely willing to do so.
As a result, some of the more conservative companies in the industry are now coming to market with cloud offerings. If the evolution of the cloud has taught us anything, it is that the genie is out of the bottle and it cannot be put back in.
Terry Gold is the founder of IDanalyst, a vendor-neutral research and advisory firm focused on security, identity and privacy. He is an expert in advanced authentication, digital identity and services over connected devices and has developed core methodologies that assist corporate clients and investors simplify complex technology initiatives and investments.