This article originally appeared in Access Control Trends & Technology 2023, a special bonus publication to Security Business magazine, Security Technology Executive, and Locksmith Ledger magazine.
The Proptech Advisory Board within the Security Industry Association recently collaborated with CREtech, a company with vast experience in proptech and commercial real estate, to produce The SIA Proptech Report. This report assessed proptech trends, market size, and purchasing interests related to security solutions in commercial real estate, including office environments and multi-family housing. The study involved surveying and interviewing many North American developers, owners, and operators.
When the topic of interoperability was raised, 83% of respondents believed that the current levels of interoperability between different security solutions were either fair (38%), poor (22%), or nonexistent (22%) - a staggering 83%. The question and responders' views were focused on broad security interoperability, not just access control. However, upon speaking to these developers, owners, and operators, you quickly realize that the majority view "security" as synonymous with "access control."
While they may be aware of our industry's focus on video, robotics, and much more, access control is a utility, and developers, owners, and operators view it as such. Access control helps secure buildings by keeping bad people out while enhancing the physical user experience for tenants, guests, visitors, and contractors. If a building had a voice, access control would be its mouth and vocal cords. It is front and center and top of mind.
And with that comes great responsibility and expectations on how it should show up.
Access control is an often underappreciated but crucial aspect of security. Beyond the technical capabilities, access control is the "distribution channel" for many other security products, including locks, readers, elevators, turnstiles, cards, fobs, video systems, alarms, and more. Access control systems are our industry's closest service to a "single pane of glass" for management, control, and data visualization. Although there are third-party platforms that aggregate access control data, access control systems on their own often play a critical interface role.
So, access control systems are the closest thing our industry and our customers have had to deliver interoperability in a very fragmented industry of parts and pieces. However, upon closer examination of that sentence, things begin to fall apart.
And it is the "interoperability" part that falls short.
Interoperability between access control software companies and third-party locks, readers, elevators, turnstiles, cards, and fobs are rare. However, some lock companies are beginning to support other credential providers, and some reader companies are starting to support standards like OSDP. Additionally, some access control software companies support certain controller types like Mercury.
Let's not fool ourselves: what we have is more or less "integrated."
The Difference Between "Integrated" and "Interoperable"
Interoperable systems are capable of different systems working together smoothly, with attributes such as compatibility, scalability, flexibility, and adherence to standards. Interoperability = seamless.
On the other hand, integrated systems comprise separate components designed to work together. Still, they may not work smoothly with other systems or components outside the integrated system. Integrated = works well with others.
And here is the rub. The market wants interoperability, and our industry promotes and markets that we have it. However, we deliver something quite different but similar integration. Integration can frustrate and disappoint customers when they discover how our industry operates because as the customer pushes, we start to show the cracks in our systems.
Sure, we can tell how and why we do this as an industry, and when we do, we do it in the name of "safety and security." But the market is far more educated, aware, and has more options. And, if we were honest, we would also admit that we have been a cottage industry pushing proprietary systems. Our industry is what it is and sells this way because we know, and history has shown, that once you are locked into our system and install our hardware on the wall, it is rare for that product to be replaced.
The way we work is less about technical reasons and more about incentives. It is in our bones, our legacy, and how we have become experts in taking on the risk of keeping people and places so safe. But, again, those days are ending, and that is ok because, with all the technological advancements on the market now and coming soon, we can start to see how doing things differently may deliver better outcomes.
But is There Really a Downside to Us Being Integrated versus Interoperable?
The truth is that both integrated and interoperable systems have downsides.
Here are three examples of the downsides of integrated systems
- Vendor Lock-In: Integrated systems are often provided by a single manufacturer or a limited set of manufacturers, which can result in lock-in. Customers become heavily reliant on a specific manufacturer's technology and solutions, and switching to another system or manufacturer can be challenging and costly.
- Lack of Flexibility: Integrated systems are designed to work seamlessly within a specific ecosystem. However, they may need more flexibility to integrate with external systems or adapt to changing business needs. Customization options may be limited, and components can be difficult to add or modify.
- Limited Innovation: Integrated systems may need to catch up in adopting new technologies or innovative solutions. These systems' development cycle can be slower than open or modular systems. Upgrades and new features depend on the manufacturer's roadmap, potentially limiting the ability to leverage emerging technologies or respond to market demands quickly.
While many pursue and push for interoperability, it is essential to note that it is not all upside. There are some downsides here as well to be aware of.
For example, there are four downsides to interoperability:
● Complexity: Interoperable systems often involve integrating multiple disparate components or technologies from different manufacturers. This complexity can make system implementation, configuration, and maintenance more challenging (especially long-term). Compatibility issues may occur due to differences in standards, protocols, or data formats, requiring additional effort to resolve.
● Integration Costs: Achieving interoperability typically involves additional costs, such as integration services, middleware (new to our industry and growing!), or custom development. Multiple manufacturers may charge for their products or services, and coordination among different parties may be required, leading to increased expenses.
● Compatibility Risks: Interoperability introduces the risk of compatibility issues. Updates, changes, or upgrades in one component may impact the compatibility of other integrated systems. Ensuring smooth interoperability can require ongoing monitoring, testing, and adjustments. This also means that investment to support interoperability is new and expensive.
● Security Concerns: Interoperability increases the attack surface for potential security vulnerabilities, especially cyber. Integrating systems from different manufacturers with varying security standards may introduce risks if adequate security measures are not implemented across all components. It's crucial to consider security implications and adopt robust security practices when implementing interoperable systems.
So, Which is Better - Integrated or Interoperable?
Ultimately, the decision between interoperable and integrated systems should be based on a thorough evaluation of business requirements, existing infrastructure, budget, scalability needs, and the ability to manage complexity. Some organizations may prioritize flexibility and customization, favoring interoperable systems, while others may prioritize simplicity and quick deployment, leaning towards integrated systems.
Customers want interoperability, mainstream markets expect it, and it is where our industry is headed. The transition from integrated to interoperable will take time, and integration will not disappear. There will always be optionality and choice. However, interoperability will become the new norm, and those that get moving will benefit greatly. If not, once customers demand it and more companies from outside our industry start delivering on that demand, the legacy industry will be forced to comply. It's not a matter of if but when.
Something Else to Consider
The access control industry is changing and becoming more popular in a broader market. Its original purpose of keeping bad people out is being expanded to include allowing the right people in and providing additional value. As a result, the idea that it is the only way to integrate the various parts of the security industry is being challenged. More and more data aggregation, tenant experience, worktech, property management, point of sale, CRM, HR, ERP, and all Enterprise Software companies are seeing our nascent industry as an opportunity to combine with their core offering. This featurization of our industry is a massive threat.
We can summarize this evolution of the business as follows: our product integrators (access control systems) are being integrated, and the resulting outcome is a value arbitration of our industry to someone else.
So, what should we do, and how do we participate in or at least attempt to slow this disruption down?
In short, we need to look seriously at how the access control industry views its core offering. As an industry, we must also clearly understand our views on what we value, what we are and are not willing to give up, and what other space we have permission to command, and be aggressive and unapologetic about it. And subsequently, we need to answer the question, is what got us here over the last 30 years going to be what is required for the next 30?
It may be time to stop integrating and start interoperating. The access control industry is an essential utility that delivers a value proposition many wish they had. Let's function as if.
