Unlocking Access Control RMR

March 9, 2023
Savvy integrators are finding game-changers in the access control space that can unlock the path to high-value recurring revenue

This article originally appeared in the March 2023 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.

As you walk the ISC West show floor, the majority of the Artificial Intelligence hype will be limited to the video surveillance software and hardware booths and showcases; however, true AI is being brought to bear on many security technology markets, albeit with less fanfare.

The overarching reason for the AI emergence is simple, but also game-changing: Upgrading existing security systems with AI technologies can enable the elusive transition that security departments worldwide have been hoping for – the move from reactive to proactive. And while preventive and preemptive capabilities seem like the holy grail for security directors, they may also prove to offer an equally game-changing promise for enterprise commercial integrators: They form the basis for high-value RMR.

Integrators on the hunt for AI and its associated RMR among the tradeshow booths likely tend to focus on the video analytics space; but savvy integrators are finding game-changers in the access control space that can unlock the path to that high-value RMR. Although this article focuses on the term RMR – as you may encounter at ISC West – some products provided as-a-service have an annual recurring revenue (ARR) element based on a monthly amount, which their manufacturers refer to as “annualized RMR” rather than calling it ARR.

Embracing Breakthrough Technologies

There are several important things to keep in mind regarding these breakthrough opportunities. Upgrades that significantly increase existing security system capabilities involve policy, procedure and security operations changes – things that customers and integrators have not previously had to consider when upgrading.

While AI is still in its infancy, thanks to the massive growth in computing power, its capabilities are advancing exponentially. This means integrators must expand the managed services component of their businesses to provide ongoing information, maintenance and guidance for the technologies in use by customers – once again adding significant high-value RMR in addition to RMR already generated on product and system sales.

Exponential technology advancement also means that manufacturer product roadmaps – and their ability to fulfill them – are of increasing importance. The role that security integrators will play in providing input to manufacturers regarding roadmap scope and direction will become magnified. Strategic partnerships between end-customers, security integrators, and manufacturers will expand as well.

Additionally, policy, procedure and security operations changes that come from AI-based deployments often require a deeper understanding of facility risk. Scoping out the value propositions for end-customers can involve teaming between security consultants and integrators to understand improvements to risk reduction and security operations.

Changing the Customer Mindset

For all the aforementioned reasons, these new RMR opportunities require looking closely at how breakthrough technologies differ from “old-school” industry offerings. For example, in the past, upgrading to provide improved security capabilities involved complicated and often troublesome integrations. That is not the case with the new breakthrough technologies, but many customers have long memories.

The inaccuracy is the idea that something so advanced as AI-enabled technology means it is more complex and potentially problematic. It is the job of security consultants, specifiers and integrators to explain in detail why the new technologies are actually simpler and less troublesome. Security integrators must understand the importance of changing the legacy thinking of end-user customers. In particular, many are distrustful of AI because of the disappointments of three generations of video analytics.

Additionally, customers who have experienced the commoditization of many varieties of video surveillance cameras have come to expect the same types of price-drops with access control products. These customers need to be educated about the fact that emerging access control technology trends are bringing new value and differentiation rather than commoditization.

Breakthrough Access Control Technology

Now that the groundwork has been established, it is time to experience the sizzle factor, with three breakthrough access control products leveraging AI technologies. They are illustrative examples of truly new product capabilities and value that can provide an excellent basis for RMR generation. While each description will not go into full details on its entire range of breakthrough capabilities, it will be clear where the RMR can be generated. In addition, these technologies can be deployed in small or large scales, enabling integrators and customers to start with smaller initial deployments that can be expanded as acceptance and familiarity grows.

The Rock (ISC West Booth 30075): Performing facial authentication at the door, the Rock product from Alcatraz AI qualifies as a breakthrough product because it lacks drawbacks that other face-based access control products have, and it includes impressive anti-tailgating technology as well. Compatible with any existing access control system that uses Wiegand or OSDP reader connections, each unit can be installed in about an hour using a provided wiring harness that works with the existing reader, or it can be deployed as a standalone unit.

It can be used even in U.S. states that have banned facial recognition because it performs facial authentication instead of facial recognition. It is not an image-based technology and stores no facial image data, but instead uses both 2D and 3D sensors to make a three-dimensional (3D) mathematical models of faces, called templates, and can store up to 25,000 templates per unit. Facial images cannot be reconstructed from templates, and so no PII is exposed. Templates are associated with a user’s access control system record.

The product’s AI-enabled technologies can, for example, detect whether or not a user is wearing a mask and restrict mask-less entry to assist with enforcement of COVID-19 protocols. For intelligent tailgating detection, the unit continuously monitors the space in front of a door using 2D sensors and a camera. First it detects people, next it detects faces, finally it detects the intent of a person to pass through the door and then authenticates the face of that person. If an unauthenticated person passes through the door, a tailgating alert is issued.

The Rock is available in two models, both of which have ARR components. The first model is a purchase with a perpetual license for software, with a small monthly amount (billed annually) for hardware to cover warranty plus an annual amount for software assurance that supports ongoing software development. The second model is Hardware-as-a-Service (HaaS) where the Rock and Software are bundled into a model that is based on a monthly amount that is billed annually.

DoorGuard: This above-the-door, wall-mounted LiDAR-based AI-enabled tailgating and occupancy sensing product from Orion Entrance Control works with any access control system (ACS) supporting general purpose inputs and outputs. While most other solutions only alert on tailgating, this system can signal the ACS to deny entry. Its overhead view catches tailgaters who hide behind an authorized person while enabling more accurate people counting. It can work with double-wide doors and roll-up gates as well as standard single-person doors.

One reason for its accuracy is that it uses AI to recognize many challenging situations within the door entry detection zone, including: adult vs. child heights; person carrying an object or wearing a hat; person pulling or pushing an object, such as a stroller or rolling laptop case; multiple people in close proximity down to zero inches of separation; dog or other walking pet animal; wheelchair occupied and unoccupied; one way or wrong way traffic; crawling on knees or belly.

DoorGuard is currently available for purchase and soon will be available through a hardware-as-a-service subscription.

Access Analytics: This cloud-based software from RightCrowd provides auditable integrity for large-scale physical access management, including large enterprise systems with thousands of doors and tens of thousands of credential-holders. At large scales, access privilege factors become complicated, including elements such as safety training requirements, contractor insurance requirements, medical and other leaves of absence, vacations, etc.

Although RightCrowd is known for solutions that appeal to the largest of Fortune 500 companies, Access Analytics is a viable solution for many companies with 1,000 employees or more.

Between 10% and 25% of personnel records in a large company change every year. The situation can lead to significant access privilege creep, where privileges are expanded as responsibilities change, often leaving outdated and inappropriate privileges in place. Serious access violations can occur unnoticed. Access Analytics makes it possible to ensure that there are no people with incorrect access privilege assignments, regardless of the number of qualifying factors.

Traditional databases cannot address such data management requirements; however, the problem is now solvable using a special type of database called a graph database, which is not based on traditional rows and columns of data, but is designed to store information about people and assets and the requirements and relationships that relate to them. A graph database is built to hold and navigate billions of relationships and query them with millisecond latency – much like how LinkedIn can show all of someone’s 1st-, 2nd-, and 3rd-degree connections, and their mutual contacts with 2nd-level contacts, all in real-time.

The a lightweight software application works with daily input feeds – typically simple CSV files exported from the systems with access privilege information; thus, it is a read-only system that doesn’t change any original access privilege information.

The brilliant thing is that the system uses a customer’s existing access management roles, responsibilities, processes and procedures to correct access privilege errors by notifying the responsible personnel about privilege assignments that need changing and privilege requirements that are about to expire. That makes it easy to implement using a gradual approach, and easy to sync up to access management role changes. There are no systems integration headaches, and the solution keeps working regardless of changes made to the number and types of sources of access privilege information.

This is a pure Software as a Service play for integrators. All they have to do is partner with the software provider, and the high-value RMR will follow based on the number of access control systems and amount of personnel who are covered.

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (www.go-rbcs.com). In 2018 IFSEC Global listed Ray as #12 in the world’s Top 30 Security Thought Leaders. He is the author of the Elsevier book Security Technology Convergence Insights, whose Kindle and paperback editions are available on Amazon. Follow him on Twitter: @RayBernardRBCS.