When some technologists assess the state of the physical access control industry, they look at it through the same eyes as a teenager might view his father’s Buick. Reliable, staid and not much to brag about. But based on conversations shared by the convened expert panel below, it is very obvious that the access control industry is not dead and it is far from boring as we sit on the cusp of 2019.
With the advancements being made in mobile technologies, cloud technologies, Artificial Intelligence (AI), biometrics on mobile devices, and wearables, access control is now more integrated with what is considered “state of the art” technology than ever before, according to one vendor. Another says that the emergence and continued evolution of cloud-based hosted and managed access control solutions across virtually every vertical market deepens the spread of virtualization. And it is this trend towards systems mobility, unification and cloud utilization that are driving innovation in the access control sector.
One expert nailed it pointing out that the challenge is most security end-users and systems integrators accept the norm of legacy architecture which totally contradicts the environment of technology progression seen in other tech industries. Editorial Director Steve Lasky invited several of the most respected technology solutions providers in the access control market to share their insights on industry trends and their roadmap for 2019.
Joining us for this SIW Online Roundtable are Robert Lydic, Global Vice President of Sales for ISONAS; Peter Boriskin, Vice President of Commercial Product Management for ASSA ABLOY Americas; Rick Caruthers, President of Galaxy Controls Systems; Ross McKay, Director of Product Management at LenelS2 Response; Kami Dukes, Director of Business Development for AMAG Technology and Joe Grillo, CEO of ACRE.
SIW: Some critics say that access control technology is stagnating and innovation is dead. Can you counter that claim with your insights of what security professionals may see in the next 12 to 18 months as it relates to access control systems and software?
Robert Lydic: This could not be further from the truth. What is true is that access control as an industry does not move rapidly as the costs and proprietary systems tend to be cost prohibitive to most end users. There is however a very significant amount of innovation and new products that are fundamentally shifting how access control is delivered and utilized. There is a huge shift in access control software being delivered in the cloud. Nearly all of the legacy software products are having to rewrite and rearchitect their products to answer the questions of tomorrow while bringing forward the desired functionalities of the past. In the hardware innovations, we are seeing increased innovation in wireless locks, Bluetooth reader technology, OSDP adoption, visitor management deployments, and universal credentials. However, how people use their access control systems will be the greatest innovation. There are going to be disruptive technologies implemented on how a person accesses a facility, moves throughout, and uses other technologies within the facility.
Peter Boriskin: Innovation in access control technology is far from dead. With advancements in mobile technologies, cloud technologies, Artificial Intelligence (AI), biometrics on mobile devices, and wearables, access control is now more integrated with what is considered “state of the art” technology than ever before. In fact, the gap between access control technology and “state of the art” is much smaller than it was even five years ago. You don’t have to look 12-18 months out for this to be true – it is true today, and that gap will continue to shrink over the next year or so.
These innovations are being used to increase security levels in markets that were historically underserved. We can leverage the power of mobile, cloud and wireless technologies to enable enterprise-level security in markets where it was previously out of reach from a financial standpoint. This means that businesses in these markets can bring video, access, lock management and intrusion into their facilities at a level they couldn’t before. These innovations are also having a profound effect on the user experience. Where security may have been seen as a barrier or hindrance in the past, it is now enabling a truly seamless experience. For example, a college student can now use their mobile phone to communicate with their friends, buy a coffee, do laundry, and get into their room in the residence hall. Access is managed in the same way as every other aspect of their life.
Rick Caruthers: We are witnessing quite the opposite across the industry along with our channel partners as we see access control technology achieve new benchmarks both in how systems are implemented, as well as the advanced capabilities they now provide. Front and center is the emergence and continued evolution of cloud-based hosted and managed access control solutions across virtually every vertical market as the trend toward virtualization continues to gain increased traction. Cloud-based access control delivers numerous economical and operational benefits, including making high-performance access control available for organizations that otherwise could not afford this level of performance. As a result, we will continue to actively pursue new and enhanced technology developments to further augment both cloud and resident-based access control solutions such as higher levels of VMS integration, embedded badging, event monitoring via mobile or web-based user interfaces, and more.
Ross McKay: This is an exciting time for access control and many advancements are on the horizon. The areas of mobility, unification and cloud utilization are some of the key themes driving innovation. Mobility means, among other things, customers can do their jobs wherever they are and on whatever device is convenient. With powerful functionality now available on mobile devices, our customers have never been more efficient or effective. Mobility also covers mobile credentialing – the biggest technological advance in the reader and credential market for many years.
Unification means bringing together multiple sources enabling customers to make informed decisions. Users may associate video with events or fuse HVAC and security data in an intelligent building. This brings together relevant data into a single user interface, something our customers are demanding more and more.
Kami Dukes: Access control is not dead. It is more stringent and widely used than ever before. If anything, heightened innovation is disrupting the access control market and is rapidly exposing the inherent risks associated with legacy applications and dated architecture. The industry has progressed to an operational mindset around the identity, the person with justified and compliant access to secure areas. The challenge is that legacy architecture is complacently accepted and has not matched the progression we see in other tech industries. For example, no one would second guess replacing every single switch on a hacked and compromised network. Why would that same thought process not be applied to the physical controls around data and IT closets? Organizations are overwhelmed with stagnant systems, unsecure protocols, credentials that can be cloned at the corner store, and manual identity and access management processes.
The industry has countered this stagnation with the introduction of panels with onboard operating systems that allow for managed services and the flexibility to change in alignment with cyber threat countermeasures. OSDP introduces secure communications to the door. An individual must prove who they are, what they have and what they know. Biometrics are on the rise to address not only this but introduce efficiencies in getting through the door. Today, access control is tighter, more prevalent and required. In the next 12-18 months, there will be major upticks in people understanding the risks associated with legacy platforms and that technology updates are needed to provide a safe environment.
Joe Grillo: Access control may not be moving at the speed of video by way of development and innovation, but there's a significant shift in how access is controlled and achieved happening, including the rise of biometrics, the development of more wireless locks, an increase in the use of mobile credentials, cloud-based solutions and more open-platform architecture. There's a lot of room for innovation in access control as we see so many devices tied to the network and thus, at risk of cybersecurity breaches. So another innovation that will continue on into the next year to 18 months will be the shifting and growing focus on cybersecurity from step one when a product is in its infancy and developed by a manufacturer. That will be critically important moving forward.
SIW: The buzzwords are as ubiquitous as smartphones, but given the introduction and development of Cloud, Mobile and Managed access control, where do we stand with a robust implementation for each use-case, and what will the next “whiz-bang” technology be in 2019?
Robert Lydic: The Cloud adoption is expanding at a rate of over 40 percent. In less than five years it will become the largest software deployment model in the access control industry. When teamed with mobile credentials and hardware innovations it will enable the next “whiz-bang” microtrend of frictionless access control
Peter Boriskin: These terms aren’t just buzzwords – we are not only hearing them in our industry and everyday life; we are now seeing these technologies being implemented in very exciting ways. ASSA ABLOY offers solutions that work with smartphones, are managed in the cloud, and utilize managed access control to address previously underserved markets where enterprise level access control was often cost prohibitive.
As we look ahead to 2019, with the proliferation of more devices and more cameras in more places than ever before, we will need to see a solution that applies intelligence to manage this massive volume of data.
Growth in Artificial Intelligence (AI) and big data within security will allow the operators and managers of these systems to separate the signal from the noise to understand what data just normal course of business and what data is interesting or actionable. Today, more than 50 percent of all alarms are ignored simply because there is too much information for operators to process.
This is an excellent example of a clear market need driving a solution. This is good for us an industry because it helps us grow and evolve. As new technologies help us more efficiently provide access control deeper into the building, AI will allow us to do it in such a way that allows our customers to gain better and more meaningful control over their facilities.
Rick Caruthers: We see cloud, mobile and hosted/managed systems with increased intelligence and functionality continuing to gain market share here in the USA, where established traction will drive further growth. We are anticipating this to spread globally in 2019 with companies offering “regionally based” cloud-hosted instances on a country by country basis. These developments are the catalysts for new technologies across mobile applications, new and more efficient forms of credentialing, system integration and more.
Ross McKay: Each of these areas is only beginning to transform the industry, yet they’re already delivering real benefits to real customers. The cloud can be used in many ways – IaaS, PaaS and SaaS – to cost-effectively deliver service to a range of customers from enterprise to SMB. Among other benefits, the cloud expedites the delivery of managed access control to customers. Mobile credentialing is transforming the reader and credential category by enabling security to coexist and add value to other emerging mobile device functionality such as payment and scheduling.
Kami Dukes: Hosted solutions are being deployed into vertical markets we did not expect. In the recent past, organizations primarily demanded on-premise solutions. They are more accepting of cloud-based solutions because they are easier to deploy, quicker to manage and inexpensive. Today, technology firms prefer cloud-based solutions.
From a functional standpoint, mobile solutions are widely used, however, adoption of mobile access credentials has been slower. Security departments use mobile solutions to remotely monitor and respond to alarms and enroll cardholders. Mobile solutions provide functional control of a system straight from your hands regardless of your physical location. Mobile has not been widely accepted for opening doors, but it’s coming. There is a greater push for migrating to OSDP and transitioning from proximity cards to smart cards for secure encryption purposes.
Some IT departments refuse to use managed access control, while some companies want one platform to manage all their systems, including services, and they don’t want the expense and labor that comes with too much hardware. They want everything interoperable. The OSDP and newer panel technologies allow integrators to host and remotely troubleshoot systems. End users are becoming much more comfortable with this model and enjoying the lighter load paired with resiliency.
The next technology we will see is data analytics paired with insider threat coming from the access control system. This will identify behavioral anomalies which can be pushed and paired in insider threat programs. Access control is the gateway to all the information that investigators need.
Joe Grillo: We definitely see cloud-based solutions as one of the biggest growth drivers for access control, which is a testament to its reach. Mobile credentials are on the rise. too, as well as a more “mobile” approach to access control where operators and leadership within an organization can control access and monitor a facility from a smartphone or Web browser. To that end, companies have spent a lot of time and resources ensuring the development of apps and mobile-friendly software. Additionally, managed access is certainly seeing a spike in growth as integrators see an opportunity for recurring monthly revenue (RMR) streams and a shift in how customers in the small- to medium-sized business space manage their security posture overall.
As we go into 2019, the industry will continue to shift priorities to more “open platform” technologies that will help deliver more options to customers — and this is a theme that will be carried from several manufacturers as one of the main areas for technology growth.
SIW: As an open-source technology, access control has the capability to integrate with many other devices. Do you see the SIA-developed Open Supervised Device Protocol (OSDP) standard for access control communications having an impact on technology development and interoperability in 2019 and beyond?
Robert Lydic: End users want an increasingly higher level of security for their facilities and the traditional Weigand protocols are not meeting the needs of many industries already. We will see a large adoption of OSDP for the coming years.
Peter Boriskin: Yes, the OSDP standard will have an impact on technology development and interoperability as we look to 2019 and beyond. One important driving factor is its adoption in government applications due to higher levels of security. In addition, the advanced capabilities of OSDP allow for creative implementations of access control, such as securely reading/writing credentials and managing other kinds of devices over OSDP. We will continue to see increased adoption and opportunities as the OSDP standard gains more traction in the coming year.
As more access control manufacturers leverage the standard, it will allow greater interoperability across systems from disparate manufacturers. This will benefit end users by providing a higher level of flexibility and a more cohesive approach to managing their facilities.
Rick Caruthers: Yes, SIA’s OSDP will certainly encourage manufacturers to adopt this standard across both hardware and software solutions, enabling higher levels of systems integration on the enterprise level. Although it’s impossible to predict what impact this will have on new projects, similar standardization efforts like ONVIF have proven to stimulate higher levels of integration for surveillance systems, which in turn stimulates system sales and installations. Time will tell, but I am inclined to believe that OSDP will be good for the industry overall.
Ross McKay: The OSDP standard enables encryption of data in the link between readers and controllers, making it a critical component of a secure end-to-end solution. It adds the ability to transfer files from head-end software to remotely update reader firmware and configuration. OSDP also standardizes biometric template management, facilitating the mixing and matching of readers from various biometric vendors. OSDP is a critical component of a modern, secure, efficient security solution.
Kami Dukes: Yes. It’s the first time in the access control industry that we have truly seen a standard defined as SIA plans to do with OSDP and the American National Standards Institute (ANSI). As consumers, we all have expectations that all technology must work with others in an automated fashion at the speed of light. While SIA and OSDP have not quite committed to that, they are making a major, positive push for the interoperability that we demand. Many folks are misled by commonly installed devices and systems which really prohibit successful security solutions for end users. Even beyond the importance of the interoperable standard, OSDP is about tighter security capabilities. It takes encryption and bi-directional, monitored communications all the way out to the reader. This has been a tremendous gap in legacy access control architectures.
Joe Grillo: We're obviously seeing a shift in how customers are interacting with their access control platforms, which means they're becoming more aware and involved in the day-to-day operations of their system. As we've seen the standard Wiegand protocol become more vulnerable to outside attacks, we have heard from customers that are concerned with the protection of their systems and are demanding a more robust option. Vanderbilt has answered this demand by making a big push over the last 12 months to make our products available using both protocols, which is a testament to the reach of access control devices that are interoperable.
