ACaaS: The services model

Access & Identity Management Handbook 2021 Editor's Choice

The concept of Access Control-as-a-Service (ACaaS) is not new, but there are still many who don’t really understand what ‘service’ means. Of course, different companies offer different services too, which can confuse the matter.

In South Africa, the concept of a service can mean many things related to online access to services and data held on a remote server, with one of the regular questions being that of Internet connectivity and ensuring that your access systems are functional even if the Internet disappears for a while. The question of bandwidth and how much is needed for a full cloud service is also always top of mind.

Of course, let’s not forget Eskom and what could happen to your access control system when Eskom takes the day off.

To find out more about what a service, and specifically ACaaS is, Hi-Tech Security Solutions spoke to Gary Chalmers, CEO of iPulse Systems. iPulse has converted its business to providing access as a service, from its traditional role of manufacturing biometric readers – although the manufacturing part of the business is still in operation. (See for more about Chalmers and iPulse’s move to services, as well as additional business benefits the service model enables.)

Chalmers says that the as-a-service concept, despite concerns in South Africa, is definitely a reality. “With the massive explosion of fibre availability in South Africa (and in fact throughout Africa thanks to companies like SEACOM), almost every company now has more than sufficient bandwidth for ACaaS. It is important to note that unlike CCTV, ACaaS requires a tiny fraction of bandwidth to function effectively, making it far more of a reality than its bandwidth hungry brother.”

Does size matter?

Many commentators say that ACaaS is primarily suited to small or mid-sized companies due to its reliance on Internet connectivity, or perhaps for a company with multiple smaller branches all over the country.

Chalmers disagrees, noting that ACaaS is beneficial for every company, and in fact, the simple ease of scalability makes it far more suited to any size business than locally hosted solutions. “Typically, traditional access control is either small and simple, or large and complex, and there are solutions that target each of these areas exclusively, perhaps trying to provide a ‘lite’ version for smaller businesses. However, only ACaaS is truly able to scale from a single door to a multi-continent, multi-site, massive user-base organisation simply by increasing the resources available.”

Far from the idea of having to compromise on your access control installation to ‘what the cloud can provide’, Chalmers states that ACaaS provides far better service and support than locally installed solutions.

“Without anything on site to ‘break’, other than the biometric devices themselves, callouts are reduced to a fraction of what they are for traditional access, as almost every problem is solved remotely,” he says. “More importantly, with online solutions, providers are able to monitor customer sites proactively, and more often than not tell customers they have a problem, or better yet – fix it – before clients are even aware of it.”

Downtime performance

As mentioned above, many organisations are nervous of the cloud model for a function that needs to be operational all the time – such as access control. We asked Chalmers how these businesses can be assured that operations continue when the Internet goes down or when Eskom strikes again.

“All ACaaS systems that are intelligently designed cater perfectly for ‘offline’ modes, allowing devices to continue to function perfectly when not connected to the Internet,” he explains. “Of course, adding/removing people or retrieving clocks are not possible during these times, but all transactions are queued – both on the devices and in the cloud – and as soon as connectivity is restored, these are processed.

“Online solutions are also far better at handling power outages than locally installed solutions. All data centres, and the Internet, are typically designed to be ‘always up’, and since most access control devices are installed with a battery backup (in iPulse’s case), and access to the Internet is typically on battery as well, there is far less chance of the system going down than a fully locally implemented architecture, which must now provide backup power not only for the door controllers, but also for the intermediate controllers and servers that hold the system together.”

Hybrid solutions

Those readers following IT publications that talk about cloud services (which are all of them) will have noticed that many service providers are talking about ‘hybrid’ cloud solutions. These solutions see some processing and storage based off site in the cloud, but sensitive or critical data and services are retained on site. Amazon Outposts is an example of this (

In the South African context, a hybrid solution may provide better peace of mind when it comes to protecting personal information in light of the Protection of Personal Information Act (PoPIA). Keeping sensitive data on site reduces the number of potential risks, although recent events in the country show that data breaches are more a result of insiders providing information (accidentally or maliciously) to the unscrupulous rather than major hacking exercises. Chalmers notes that iPulse offers a locally installed version of its solution, which can be integrated with the web for authentication, or installed as a completely closed loop if required.

“High-profile clients require this when the security of data is an absolute priority. However, almost all of these solutions end up costing significantly more to service and maintain, and it is arguable whether they are more or less secure than the cloud-based offering. They are significantly more susceptible to power and Internet outages, as explained above, and overall, have more than triple the downtime of cloud-based solutions in our experience.”

He continues that ACaaS is designed to massively reduce the total cost of ownership over time, while dramatically increasing the uptime and efficacy of the system. “Furthermore, ACaaS offers seamless multi-site integration in a way that no traditional access control system can, with a single-user record being required for every site being added to the system, making maintenance of users (a key issue with traditional access control systems) as easy as disabling a user, and within seconds, they are deactivated on every device in the world.”

Another implication for on-site installations that is often overlooked is the IT infrastructure. These are typically built and scaled for the installation at the time it is installed. The infrastructure is then generally ignored over the years as the system expands, which can result in under-powered computers driving your access control, which causes more failures and is highly likely to result in a catastrophic failure (such as complete database loss), over time.

“ACaaS systems simply scale their resources as the solution grows, and (if well designed) include automated backup of key data, allowing for instant reinstatement in the event of a catastrophic failure, such as database loss,” says Chalmers.

When referring to “scale their resources”, Chalmers is referring to the ability to add more processing power, memory and storage as required to the cloud setup in minutes rather than having to buy new hardware, bring the local systems down to install it and then starting up again. In a cloud service using (to use data centres from some of the big names as an example, Google, Amazon or Microsoft), scaling up is almost immediate (as is scaling down).

The question of costs

Customers like to know there is a maintenance and support service waiting to assist when required, but they generally don’t like to pay for it (especially in the first few years when they feel warranties should cover the whole system). How are maintenance and support services done in an ACaaS system – even if, as Chalmers notes above, most problems can be resolved remotely?

“iPulse has a single-price billing model that includes all support, maintenance, services and even a full swap-out of hardware devices in the event of any failure,” he explains. “There is therefore a clearly defined, single controllable cost without any nasty surprises.

“iPulse typically includes callouts as well, since our goal is to ensure that our product is remotely supported, and when it cannot be, this should not be the problem of the customer. This forces us to improve our uptime to avoid costly ‘truck rolls’, which in turn drives the uptime of the system – a win/win for everyone.”

iPulse Systems’ primary ACaaS solution is called the platform, which includes full access control, visitor management, health and safety, workforce management and time and attendance solutions. In addition, the company also offers an identity management platform that allows clients to manage identity (both on site and remotely), run loyalty programmes or create a full custom solution for their specific requirements.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.

Service orientation and attention to detail
Technews Publishing Editor's Choice Risk Management & Resilience
Lianne Mc Hendry evolved from working for an accounting firm to an accomplished all-rounder familiar with the manufacturing, distribution, and system integration aspects of the security industry value chain.

Are you leaving money on the table?
Editor's Choice Security Services & Risk Management
How many customers have you helped since starting your business? Where does most of your new business come from? If the answer is not from your database’s existing customers, you might have a problem.

Wireless fire tech offers unexpected benefits for load shedding
Technoswitch Fire Detection & Suppression Editor's Choice
For the long-suffering residents of South Africa, the policy of load shedding to help manage demand from the country’s ageing and poorly maintained electrical generation and distribution system, is a major inconvenience, and it can be fatal to fire alarm systems.

Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

ADI to close SA operation
ADI Global Distribution Editor's Choice
In a move that will shock the local security industry, ADI Global recently sent an email to its customers notifying them that it will cease its business operations in South Africa.

Bosch Building Technologies to focus on SI business
Bosch Building Technologies Editor's Choice
Bosch Building Technologies, which includes the security division, aims to “consolidate its capabilities to achieve a globally leading position in the systems integration market”, a move that will include selling most of its product business.

Securing road transport across Africa
Technews Publishing Editor's Choice Asset Management Transport (Industry) Logistics (Industry) Risk Management & Resilience
SMART Security Solutions spoke to Filipe de Almeida, the Portugal & Spain Regional TAPA EMEA Lead, and Massimo Carelle, the TAPA EMEA Africa Region Lead, about securing transport and logistics in hostile environments.

Cisco collaborates with DCDT for Digital Acceleration Program in SA
Editor's Choice News & Events IoT & Automation
Cisco signed a Memorandum of Understanding (MoU) with South Africa’s Department of Communications and Digital Technology (DCDT) to help further develop and strengthen the country’s digital economy through digital skills and talent development.

IMF/World Economic Outlook Update, October 2023
Editor's Choice
The IMF sees global growth slowing this year, Pierre-Olivier Gourinchas, Head of the Fund’s Research Department, said ahead of the launch of the World Economic Outlook (WEO) on Tuesday, 10 October.