Access and identity: looking ahead
November 2017, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
The access control market is a mainstay of the security world. It seldom seems to hit the big time showing massive growth and amazing technology leaps, yet at the same time it nearly always continues to be a growth market, something you can rely on if that’s where you make a living. Perhaps it’s because of the necessity of access and identity management in almost every facet of commercial and public life that the growth continues – you can’t suddenly decide to let just anyone into your building or campus, just as you can’t take anyone’s word as to their identity.
It wouldn’t be right to say that the access market was a laggard either, the past two years have seen good global growth: Memoori estimated access control grew 10% in 2016 (compared to 4,2% for video surveillance and 3,6% for the intruder alarm market), while IHS Markit is more conservative and puts the growth at 6,1%, still ahead of the general market.
Access today is still defined by cards, PINs and tags that open doors, verify identities and so on, matched by a growing use of biometrics (primarily fingerprint biometrics). Biometrics itself has become more common as people have become used to unlocking their smartphones with a fingerprint and every second company now has some form of biometrics installed.
The market for these products will continue to grow – there is an enormous installed base that needs to be fed and watered – but we are also starting to see mobile credentials grow (IHS expects 200% growth in 2017), the continued move to IP communications and Access Control as a Service (ACaaS) and smarter integrated solutions designed to help access control start delivering value to the business apart from verification and entry/exit. The emergence of smart applications, wireless locks as well as offline electronic locks bears testimony to this. As far as integration is concerned, there is no shortage of combinations in which access plays or can play a critical role. Building management systems (or smart buildings) are possibly the easiest example of this trend for access to do more.
The digital access and identity market is in much the same position. There have been changes and advances, but nothing that grabs the headlines. An interesting comment that was made in Hi-Tech Security Solutions’ round table is that the market is in limbo at the moment. The technology is there to do so much more and offer so much more, but it seems to be waiting for something to force a change. It’s as if we are at an inflection point, but need a kick to start climbing to the next level.
Before we start the climb, however, Hi-Tech Security Solutions asked a few players in the security market for their impressions on the past year, and more importantly, what they were expecting to see happening in the market in the next year or two.
Holding its own
Johannes Tlhabi, local representative of Canadian access company RBH Access Technologies, notes that the access and identity (A&I) market has held its own in the past 12 to 18 months, even in the midst of a slowdown in economic activity that has seen an overall decline in the consumption of services in general.
“If companies are not generating enough turnover and profits in their core operations, the supporting services (at least some) seem to be the first to be compromised if not neglected entirely, and certainly A&I is not spared in such cases. Harnessing extensive investment in product development that was made over many years, RBH Access has been able to maintain its bar as far as its international markets are concerned, largely due to the flexible nature of its products that allow the company to be preferred in any type of economic activity.”
On a more positive note, Walter Rautenbach, MD of neaMetrics, says, “The need for A&I is not something that can be hindered by economic downturn. Financial pressure on individuals increases illegal behaviour to meet basic needs, fraud and crime increases as well as petty misconduct such as stealing time. This should therefore increase the demand for tighter controls and A&I.
“If the higher theoretical demand for A&I translates to more sales is another question. It is definitely a more difficult sale as clients need to justify the capital expenditure, while results might only be seen over the medium term, raising the question of if it is really required or if the money in the bank will provide more benefit in uncertain times.”
ZKTeco’s MD, Hendrik Combrinck, says the company has seen healthy growth in the A&I market over the past year. “We have seen a shift from advanced enterprise systems back to simpler standalone IP solutions because of the economy, but our growth was still much better than the previous year.”
He adds that because ZKTeco caters for all the market segments, “it is easy for us to gauge the market and decide on where to focus our attention to fully maximise our strength. The segment we had profound growth in was definitely the small to medium IP installation market with no more than 20 readers per site.”
John Powell, CEO of Powell Tronics, says the market for his company has continued on much the same trajectory year-on-year for the past three years. “We have found that customers (dealers/contractors), professionals (consultants) and their customers (end-users) have become much more knowledgeable with regards to the systems/solutions they require and what they can deliver.
“There is generally a strong focus on ROI (return on investment) and often price wins the day, however, we encourage our customers to look at important factors like serviceability, reliability and selecting proven integrated solutions. We are finding that although there are a number of budget biometric terminals/systems out there, the manufacturers like Morpho and Impro are preferred as the head-start on competitors that they have is vital to Powell Tronics as a premium brand value-added resellers/distributor.”
In addition, Powell says that project-based, IT-oriented contractors that have sufficient knowledge and resources seem to be thriving at the moment. The company has also noticed that some of its bigger installers are becoming more focused on market segments, instead of going for as much business as they can.
What are users after?
Looking past the doom and gloom of a poor economy, Rautenbach believes survival of the fittest drives companies to optimise their offerings and operations. “Failure to do so is not optional and doing so definitely extracts more value for consumers and keeps complying suppliers in the game. It’s not all about paying less, but rather about extracting more value from the same.
“In the A&I market this is achieved through integration, the synonym for synergy where 1 + 1 = 3. Some typical examples include using the same infrastructure for both access control and time management, resulting in better protection of assets while enabling employers to have tighter control over time theft, and more control of overtime and general workforce optimisation.
“In another example, one would have previously sold a special purpose-made mobile workforce management device, where today we will sell you an open platform device that you can use for mobile workforce management, but which can also have other mobile applications running concurrently on the same device. So now justifying the purchase doesn’t stop at one function, but can add benefit in many others.”
Money might be scarce, he adds, but it definitely does not halt the demand for convenience. Some examples he provides include the strong move to mobile credentials and IoT. “Not only are mobile credentials a ‘cost-saving’ as your mobile can be your card, but it is definitely a convenience as you don’t have to carry a card with you, and the chance you will forget your phone at home is slim – and it just looks tech savvy. The same goes for IoT, which offers real-time sensors for security, enabling you to turn off/on a light while on holiday, but to also show off by not having to get off the couch to do the same.”
ZKTeco found that the old faithful fingerprint access control systems were still the most popular and still perform much better than other technologies in the economic environment we are in now. “People still come back to technology they know works and are a bit sceptical to try new technologies at the moment,” notes Combrinck.
Trending at present, according to Powell, are in-house value adds that eliminate human error, improve efficiencies within organisations and give management access to information – either automated or live on the spot. For example: Can we eliminate the responsibility on the guard at the entry and exit points? How can we make sure that there is no fraudulent activities with respect to exams or events? How can we prevent buddy clocking and actually only pay labour for hours worked? Both end-users and installers have been insisting on good service this year. We get several calls a week asking for recommendations as the service being received is below par.”
“Over the past year, there have been times where one would certainly believe that everyone is sitting tight and waiting for a better economy, but there have also been times where normality prevailed and a sizeable number of industry players were kept busy,” Tlhabi says. “The ordinary user is stuck in between balancing the security needs of his organisation and financial resources/costs on the other end.”
What about integration?
One of the critical aspects in every area of the security market is integration, and access is no different. We have already seen a range of integrations taking place in access and other markets to offer more value and convenience to the buyer, as well as to offer more data for analysis and future decision making. Tlhabi notes that integration is no longer just a buzzword or a discussion for the future when it comes to the A&I market. “It is the here and now. It has become the very first question on every customer’s lips, even if the customer has very little idea of what that means.
“Today’s A&I system designs are geared towards integration from the word go. Some do it better than others and some do it quicker than others, but the fact remains that A&I systems that are designed to exist in isolation will not be around for very long. A&I system designs are often called upon to produce solutions that integrate to at least three or four systems from different vendors, except perhaps for a very small deployment where one would imagine that a simple solution off the shelf would do.
“Flexibility in achieving these types of integration at different sizes and levels of deployment has been key to the success of leading brands like RBH Access and others.”
The integration we’re seeing is not simply a ‘keeping up with the Jones’ reaction to other market players. It has become a necessity in a security world where words like value, total cost of ownership (TCO) and ROI have become standard and buyers, mostly, don’t simply buy something because it’s cheap and they have to show they are doing something security-related.
Backing this up, Rautenbach says that integration options are really a ‘permission to play’ in security today. “Manufacturers and suppliers that do not allow for integration really limit their potential and are identified a mile away by security specialists and system integrators.”
Powell Tronics is an example of the value integrated solutions provides as it has written various links and platforms to enhance the flexibility of Impro products. “We have already integrated at least ten different brands into our two major ones, Impro and Morpho,” says Powell. This integration offers additional functionality, but also a goldmine of data.
Data everywhere, but is it used?
When addressing the question of data, meaning the data generated by access and other systems that can be used for further analytics and business intelligence (or big data) requirements, Powell says any system or platform requesting data for analytics needs the data to be empirical, accurate and easily obtained.
This is not always the case, unfortunately. Not enough openness has been achieved in terms of data sharing at the moment, according to Tlhabi. “Strides are being made by industry leaders and those who can see the potential of this trend, as well as its convergence with closely related sectors like IT and many others that will, to a large extent, all benefit from this trend. However, there are still a lot of players who would rather err on the side of caution when it comes to exposing data, contributing to a data pool, or even using data that is already collected and made available by others, just in case their business’s critical data is ‘infiltrated or stolen’ by others.”
This is a common problem across industries, as people and governments are starting to wonder how their data is being used. Hence the emergence of legalities like PoPI (the Protection of Personal Information Act) and other regulations to control data. While these laws don’t prohibit collecting and using data, they do add accountability to the possession and use thereof, which is likely to scare many people.
And it is here that Combrinck says that while data analytics is becoming a big part of the A&I market, the privacy and security issue is hampering the drive towards a truly open exchange of information. “Most of the analytics is centralised per site and gives users insight on where and what is happening and how to strengthen their own sites against security breaches and intrusion, but little can be done to share insights and intelligence to neighbouring sites to strengthen the community security systems and awareness.
“Access and identity systems generate a huge amount of data and if fully utilised and analysed can become a great tool in business and communities to proactively stop crime. Machine learning can easily be deployed on big data platforms and the systems themselves can make more accurate predictions and provide insight into local ecosystems.”
The problem of what to do with your data and how to manage it is only exacerbated when one relies on someone else to store and manage your data on your behalf, which is the basis for everything cloud related as well as the trend to ‘as-a-service’ operations.
Someone else’s computer
While the idea of running your access control as a service provided by a third party – Access Control as a Service (ACaaS) – is nothing new, it has taken some time to take off as a result of questions about its effectiveness and, of course, the reliability of the Internet in South Africa. It must be noted that ACaaS is not always about remotely hosting your access service. One can host it on your own premises, but allow the service provider to run and manage it for you.
Nevertheless, ACaaS has many benefits. For example, user organisations can opt for some form of monthly fee for their full access control solution, which may or may not include the hardware required. Someone else can also be assigned the task of maintenance and dealing with users – depending on the contract, of course.
Tlhabi explains that many other services have been offered this way before and customers now want to know why all services (including A&I) can’t be offered in the same way. Of the many benefits, he says ACaaS is one way of ensuring business success and ‘walking that extra 10 miles with a customer’.
Powell adds that his sales team, who interact with professionals in the local market, convey the feeling that ACaaS is not often requested and companies are reluctant to pay a subscription for access control alone, however services like payroll are being more successful as a service.
“The majority of the South African market has not taken to true hosted and cloud-based solutions yet. We feel that products like Impro Technologies Access Control are cost-effective enough with enough features and ability to expand to satisfy the bulk of the markets needs and wants.”
However, he feels that ACaaS is more likely to happen in the future where an end-user decides on the features they require from an A&I system and pay for those alone on a monthly or annual fee-based system, as opposed to them getting all of the features offered by the product, most of which they will never use.
Taking a different approach, Combrinck says, “Bigger manufacturers like ourselves have seen this trend growing quickly in the last four years. In the near future, our platforms will be launching to enable our system integrators to harness the power of ACaaS and create an entirely different business model around this.
“ACaaS not only makes it more convenient for the end-user to choose between payment methods like pay-as-you-go or monthly subscriptions, but it also makes it much easier for the system integrator to not only install but service the client’s systems as well. The ACaaS platform makes proactive service possible as the online nature will give the system integrator more tools to monitor the client’s system offsite and also know about any irregularities as they arise. This provides our industry with a good opportunity to become fully interactive and give better feedback to the end-user.”
Rautenbach adds that today we are ready for ACaaS, but there are still concerns about being locked out by an external provider. “On the other hand, some companies might feel safer with an external company taking control of data that can cause PoPI compliance issues. When the task of managing this compliance detracts from day-to-day operations, it is definitely a good motivator to outsource.”
Another issue he warns of is that anyone offering this service will become a good target for persons with malicious intentions, be it students or entities with a motivation to get illegal access to competitor premises. And how many system integrators would be willing to tackle this when the cybersecurity issues are added to the mix?
The mobile question
“The convenience factor has always been the trump card for mobile technology, but has always been hampered by a false sense of security,” adds Combrinck. “Now that the biometric technology has settled itself as a daily part of our mobile experience, it gives the user more options and they can use it as a dual factor authentication for their more sensitive transactions.”
No mention of access control would be complete without a mention of mobile credentials. As noted above, the uptake of mobile credentials are expected to soar.
“Mobile credentials in our mobile society are a convenient and practical way to introduce multi-factor authentication, strengthening card-only systems,” says Rautenbach. “My personal thought is that mobile credentials are at its infant stage and that there will be many more advanced mobile credential solutions for personal identity coming out this year. It is also the ideal bridge for linking physical and logical access.”
When looking at the convergence, or potential convergence of physical and logical access, Combrinck says it has become an almost daily occurrence for larger companies to ask for logical and physical access integration. “People want to make sure that an employee can only access his PC in his office if he is physically in the building. This double check has started saving companies millions of rand in stopping fraudulent transactions, not only in the financial sectors, but all over the spectrum. This also flows into the mobile market strongly because the mobile credentials will form part of the whole solution.”
Of course, while the possibility for integration exists, few have implemented it. Part of the reason, according to Tlhabi, is the reluctance of both the IT and A&I role players to work together to realise the opportunities that would benefit the end-customers immensely.
However, Rautenbach adds that the bridge between the two is definitely getting smaller. “There is certainly still some water to pass under the bridge before it disappears and however fast we have seen security migrating to IP, there is still in many instances a big gap between who runs physical security vs. logical security.”
Keeping ahead of the pack, Powell Tronics is already active in the physical-logical convergence world with a product named PT-AD. This supports integration from a single logon through Active Directory which defines the users rights, what they can modify on the access control software, where they can physically enter all based on their users attributes. “Our Active Directory product will ensure that people only gain access to areas of the network they are allowed into, and they will also have these permissions denied and their physical access credentials will also be denied once they are restricted from accessing the network.”
While we have looked at a few aspects of the A&I market in general in this article, each of the companies represented has its own focus areas for the next few months. RBH Access, for example, plans to make its mark on the local market. According to Tlhabi, it plans to provide “a whole different experience to A&I users in South Africa, from integration to multiple VMS systems at the same time, solid and redundant system network architecture, integration to logical systems, import and export of large data between systems, mobile applications, large scale management of alarms, multiple site management from a single database and many more features that one would expect in an A&I system in the next five years.
“We will intensify the market drive for our small to medium A&I system in Integra, to demonstrate that a decent A&I system does not have to cost an arm and a leg to deploy.”
“Powell Tronics will be focusing on ensuring it has the latest technology available from its suppliers, fully integrated with its products, and ensuring that the company delivers the best service to its dealers, ultimately adding value to the solutions that are being implemented,” notes Powell.
Suprema is about to become more of a name to be reckoned with in the mobile market. Rautenbach says the recent announcement that Samsung has selected the BioSign 2.0 mobile fingerprint authentication algorithm for the Samsung Galaxy J5 and Galaxy A7 smartphones is a clear indication of Suprema’s realisation of the massive potential of the mobile market.
“Achieving up to 50 ms authentication speeds and 0,0005% FAR, this self-learning algorithm increases accuracy with usage. What’s more, it’s capable of working on 2 mm x 2 mm sensors with no reason to exclude it from any device. This is supported with the launch of BioStar 2 mobile credentials as well as two new BioRugged ruggedised Android platforms that enable mobile identity processing.”
As far as ZKTeco is concerned, Combrinck says the company will focus on its biometric technology. “At the moment we have terminals with three biometric readers inside (fingerprint, facial and PAL readers), but our ultimate goal for 2018 will be to launch our Bio4 technology that will have four biometric readers inside. This is making it more accessible to all end users because of the drive in the market for multi factor authentication.
“We are also focusing more on the mobile device market to play more in the space of identifying your client or better known as ‘know your client’ (KYC). It is very important for companies to identify their clients as fast as possible and make the user experience at their locations more interactive and speed up the transaction times.”
On the access control side, ZK is building on its ZKBioSecurity platform to include more modules to strengthen its footprint and share in the mainstream access control market outside of normal standalone IP systems.
The news for the A&I market is, therefore, good for the moment. Not only has this industry been beating the odds by growing at above average market rates, with the future outlook indicating this should continue, there are also many new and improved products and solutions that will change and enhance what we have known for many years to be access control.
It’s a good business to be in, but it’s a business that is also changing as more companies move away from traditional readers and communications to the IP platform, requiring the networking skills the surveillance industry has had to acquire. And when it comes to integration, IP and open platforms are more important than ever.
And for those who may not believe the access market is lucrative with plenty of development going on, simply consider that the largest Chinese surveillance companies are now also focusing on access control with a host of new products and easy-to-use solutions. So while the future is bright and full of innovation, it will also be full of competition.
For more information, contact:
neaMetrics, 0861 632 638, email@example.com, www.neametrics.com
Powell Tronics, 0861 787 2537, firstname.lastname@example.org, www.p-tron.com
RBH Access Technologies, +27 (0)63 584 7768, email@example.com, www.rbh-access.com
ZKTeco (SA), +27 (0)12 259 1047, firstname.lastname@example.org, www.zkteco.co.za