Industry Influencer Q&A: Innovation at the Edge of Access Control
After decades in the industry, Mercury Security in the past year has embarked on a mission to transform traditional access control infrastructure. Using an edge computing approach, unlike traditional server-based models, Mercury controllers embed intelligence locally, enabling faster response times, improved reliability during network outages, and better scalability. The controllers can serve as unified hubs for multiple building technologies like video, intrusion detection, and automation.
In addition, Mercury’s newly unveiled embedded application environment allows custom apps to run directly on controllers through secure APIs for access control, device management, and system integration. Their upcoming app store will help integrators deploy solutions that create new recurring service opportunities.
In this exclusive Industry Influencer Q&A sponsored by Mercury Security, Steve Lucas, the company’s VP of Sales and Marketing, takes a closer look at these changes and innovations.
How is edge computing changing access control architecture, and what advantages does it offer over traditional server-based models?
Lucas: Traditional access control systems process most logic centrally, which can create latency, single points of failure and scaling challenges. Edge-based solutions embed intelligence in the controller itself, so access decisions and security logic run locally.
That architecture delivers several benefits. Systems continue to run even if the network or server goes down. Response times are faster because authentication happens on the controller. Scalability improves because you’re not constrained by central processing bottlenecks. And by keeping logic and sensitive data at the edge, you reduce exposure and detect threats in real time.
The biggest opportunity is that controllers can now run targeted applications directly. That enables new ways to solve integration challenges, improve system health monitoring and enhance user experience, capabilities that simply weren’t possible in a centralized model.
How does Mercury’s embedded application environment support custom applications on controllers?
It is a secure, open platform that allows code to run directly on intelligent controllers. Applications can interact with access events, inputs, outputs and system status without relying on a central server or cloud connection.
We provide a complete SDK and structured APIs to make development flexible and integration straightforward. The Host API manages core controller functions like access logic, event handling and configuration. The Device API enables direct control of third-party hardware, including locks, sensors and biometric readers. The System API supports secure, real-time communication with enterprise systems such as service assurance platforms, databases, identity management tools and cloud services. The Auxiliary Authentication API handles advanced authentication workflows, including biometrics and multi-factor credentials.
This architecture enables custom workflows and integrations to be executed locally, reducing latency and dependence on external infrastructure, increasing resilience during network interruptions and simplifying system design. It accelerates the development of new capabilities, extends controller functionality and increases ROI for the end-customer.
How can integrators use app-enabled controllers as hubs for other technologies?
App-enabled controllers can unify access control, building systems and security technologies into one intelligent hub. Applications running at the edge can coordinate video, intrusion, building automation, security analytics and diagnostics in real time, while providing real-time visibility into system health and tighter integration with third-party platforms.
This model opens the door to recurring services, such as uptime monitoring, compliance checks, diagnostics and analytics, all without additional servers. Mercury’s embedded application environment also introduces standardization across hardware and software integrations, simplifying deployment, reducing troubleshooting time and streamlining updates.
Our upcoming Mercury App Store will make it easier for partners to discover, deploy and update applications, speeding time to value. Ideal applications include system health monitoring, certificate auditing, proactive maintenance alerts, video integration and automated control of lighting, HVAC or elevators based on access patterns.
How does Mercury balance cybersecurity with innovation flexibility?
Security is built in from the hardware up. We use encrypted communication, secure storage, strong authentication and trusted boot processes to protect against tampering and data compromise.
Key protections include TLS 1.3, encryption for all data at rest, OSDP Secure Channel for reader communication, secure boot with ARM TrustZone, 802.1X for network access control and detailed event logging.
At the same time, our open architecture and embedded environment allow partners to deploy applications in a secure container on the controller. This means they can innovate at the edge while meeting the cybersecurity requirements of modern IT environments.
What opportunities does Mercury’s open ecosystem create for integrators?
Our platform gives integrators freedom of choice. They can work across more than 35 Mercury-based OEM platforms, leverage the Technology Partner Ecosystem and use third-party applications to create best-of-breed solutions tailored to each client.
Standardizing on Mercury hardware accelerates deployment while simplifying deployment and support, while custom apps and integrations deliver a differentiated experience. Our App Store will expand these capabilities, enabling new recurring service models for monitoring, diagnostics and automation.
By tapping into this ecosystem, integrators can go beyond installation to deliver ongoing value, deepen customer relationships and scale their expertise across a wide range of projects.