Access control as a service

Access & Identity Management Handbook 2018 Access Control & Identity Management, Infrastructure

In an economic environment where cutting costs is king, there is still an acknowledgement that access control is a necessary function in every business. In smaller firms, access control may simply be a security door that the receptionist opens when someone arrives, while in larger enterprises it could consist of significant investments in technology and human resources.

While you can’t beat the price of a security door, larger installations are more dynamic, complex and expensive. This is why access control doesn’t receive the publicity that ‘cooler’ technology solutions do; it is installed to be forgotten for a long time (with the exception of maintenance and expansion, of course).

When a company decides it’s time to revamp its access control, it will again be faced with a large expense for hardware, software and manpower. Today, however, there is an alternative to spending the big bucks and having everything installed and managed on site – Access Control as a Service (ACaaS), which promises to make the access control spending more manageable.

There are a few ways to implement an ACaaS solution depending on the requirements of the user. The common scenario is to have the access control software and data stored on a cloud-based server (potentially with a backup on site), where the integrator or service provider manages everything for the user. The management can simply be making sure the system is running and accessible (and secure), or the service provider can take over managing everything related to access control, including enrolment. In some cases, the integrator will also assist in financing or arranging financing for the hardware and rent or lease it to the customer on a monthly or annual basis.

Whatever the final agreement looks like, ACaaS is becoming more popular with end-user companies and with integrators as they have closer control over multiple clients’ solutions without having to be on site. IHS Markit expects cloud-based access control to grow at over 9% through to 2021, which is more than double the rate of growth expected from traditional on-site solutions.

Can we expect the same growth locally? Are local end-users looking from the same services and solutions from ACaaS? Hi-Tech Security Solutions asked two local ACaaS operators for their insights on cloud-based access. Our experts are:

• Johan Van Heerde from Skycom, and

• Vikki Vink from Impro Technologies.

Growing locally?

It’s not uncommon to hear that cloud services in various local industries aren’t taking off as they are in First World countries because of the poor local infrastructure and because large companies have a burning desire to control as much as they can.

However, things are looking up in some areas according to Van Heerde. “There is definitely growth in the demand for ACaaS services, but in our experience, it's been more in the SME markets rather than the enterprise level companies. The larger corporates still prefer managing the IT environment within their network environments and thus prefer locally hosted systems which reside within the controlled realms of their respective IT and network policies.

“The SME market, on the other hand, does not want to maintain access control systems and prefers to outsource the solution as a whole and only use the functionality and output of the fully hosted and maintained system.”

Vink says ACaaS has yet to become a popular option in South Africa. “Part of this can be attributed to concerns around security and the traditional preference for on-site solutions. However, internationally there is growing interest in this solution as organisations become more accustomed to cloud solutions, such as with software services like SalesForce, Cisco WebEx, Google Apps, Office 365 and so forth.”

She adds that while the demand remains low, Impro expects this to change over the next two to three years because the benefits of ACaaS, when correctly managed, result in cost reductions, improved efficiency and rapid deployment.

“For example, there would be no requirement for onsite servers and the associated management of these. All access control software would be based in the cloud, with authorised users accessing the system through something as simple as an Internet browser. This means that deployment can be achieved within a few days. The only hardware would be a physical reader on the door.

Even credentials or tags can be virtual today. For example, at Impro Technologies we are able to offer customers the ability to have their access card securely embedded on their mobile device. This provides greater convenience for the user and ensures reduced loss of cards or duplicated cards (we always know where our cellphone, is but not necessarily our access card).

Where does it fit?

In an industry where one size does not always fit all, are there certain markets where ACaaS would make a better fit. Van Heerde has noted that the SME environment is one area where it is finding acceptance, and international research indicates industrial and manufacturing concerns are more inclined to adopt this approach, as are companies that want to centrally control access for multiple locations.

“It is already evident that the distributed model has been adopted by many industries where you have a small system presence in a remote or temporary work area,” says Van Heerde. “A good example of this would be the building and construction industry where you would ideally put down a temporary structure to manage and control your time worked, access to site and health and safety aspects like breathalyser and licence control.

“In these cases you would not want to deploy a fully fledged system to the temporary site only to remove it after work is concluded. It is here where the worth of ACaaS and distributed systems-as-services come into play. These can be broken down further where these construction companies can have a local, centrally-hosted system with distributed functionality within their network realm or the whole solution can be provided to the company as an ACaaS by a company that specialises in this field.”

Vink agrees that ACaaS is better positioned for multi-sites, simply because it reduces the cost of having multiple servers on each site and the potential complexities of installation and management. However, for large installations such as manufacturing or industrial sites, the main barrier to entry in the short term will be their significant investment in servers (and the associated infrastructure) as well as personnel.

“This will change, and enterprises will start assessing ACaaS when it’s time to upgrade and the technology is proven,” adds Vink. “ACaaS is ideal for medium-sized businesses, specifically because of the reduced investment. For these businesses, the expense of servers and the associated management of firewalls, virus protection, disaster recovery programmes, along with qualified personnel to manage this makes ACaaS a natural alternative.”

She adds that in addition to the cost savings, the biggest factor that will drive this is convenience. “Businesses will be able to focus on their day to day operations, without concern, knowing all the other considerations have been taken care of. They simply log into a secure portal that is already preconfigured and secured for them, and are able to quickly pull reports, enable or deny access, thus reducing a significant infrastructure headache.”

Cloud versus cloud

Some people have dismissed the idea of ACaaS as they believe they can host their own access control function in the cloud without having another service provider or vendor involved. While this is true, it is the ‘as-a-service’ part of ACaaS that makes it valuable to companies.

Simply hosting in the cloud can be done, but the company would still have to take responsibility for installing and running its hardware and software. Vink explains that current hosted solutions are generally more of an IaaS (Infrastructure as a Service) model where users are still responsible for managing the applications and updates etc.

“With ACaaS the application can be run directly from a web browser and, more importantly, the vendor manages everything – the applications, runtime, backups, networking, data, servers, storage etc.”

However, she warns that offline functionality is still non-negotiable in any installation. “This is crucial whether you have on-premise, hosted or ACaaS. In any of these instances, if a server goes down, the access control system must still be able to operate normally. This is one of the key differentiators that Impro provides – if your link back to the server (or associated infrastructure) is lost, people are still able to gain access. This is achieved by not being solely reliant on the server to provide the decision-making.”

Van Heerde notes that three-layer redundancy is a decisive factor when it comes to selecting your system in the long run. “Layer one core system benefits, as in the case with the XTime suite, lies in its capability to do full offline validation, meaning all validations takes place on the controller/access control unit even if it cannot connect to the main server at that time. At the same time all transactions are buffered and recorded and will be downloaded to the database once the connection has been re-established.

“For Layer 2, redundancy tools can be deployed onsite from a general laptop are of utmost importance to accommodate and mitigate worst-case scenarios. In Layer 3, controller backed-up data is directly accessible with software utilities.”

As with most technology solutions, the benefits and ultimate functionality of an ACaaS solution depends on the options one chooses, and this will naturally influence the price. And while the capex/opex argument makes a significant difference to many bean counters, one must ask whether the ACaaS route is actually going to save money in the long run.

The money question

“In my opinion,’”says Van Heerde, “the cost saving would not lie so much within the physical infrastructure and server costs, as server space is pretty much accessible and obtainable in various offerings from renting, to owning and hosting ,and infrastructure is a given whether hosted or local.

“I think the saving will be through the actual manpower required to maintain and manage these systems. With a locally hosted system you would require skilled resources to maintain and support the system and everything pertaining to it. A typical integrated system would require an administrator, IT support, database administrator, infrastructure support and management of all these aspects dependent on the size and geography of the system.

“At the other end, a fully hosted system would still require the above structure to support the system, but the structure and the cost would now be distributed among various clients, thus alleviating costs and in-house responsibility for the system.”

Vink echoes this thinking, noting that ACaaS also moves the problems from the user to the vendor, who is now responsible for guaranteed uptimes, server failovers and data protection. “As we all know, data protection and privacy laws are becoming more stringent, therefore to have a service that manages this for a business also reduces its legal liabilities.”

For more information, contact:

• Impro Technologies, +27 (0)31 717 0700, [email protected],

• Skycom, +27 (0)10 001 4672, [email protected],


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Navigating the evolving tech landscape in 2024 and beyond
Residential Estate (Industry) Infrastructure
Progress in the fields of AI, VR and social media is to be expected, but what is not, is our fundamental relationship with how we deploy solutions in our business and how it integrates with greater organisational strategies and goals.

Bespoke access for prime office space
Paxton Access Control & Identity Management Residential Estate (Industry)
Nicol Corner is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. It is also the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption.

Next-generation facial recognition access control system
Enkulu Technologies Products & Solutions Access Control & Identity Management Residential Estate (Industry)
With a modern and innovative design, iDFace is the ideal device for monitoring and controlling people entering and exiting a building using facial recognition technology, including liveness detection, for enhanced security.

Long-distance vehicle identification
Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The STid SPECTRE reader can identify vehicles up to 14 metres away, across four traffic lanes, ensuring secure access to an estate without disrupting the traffic flow.

Multi-modal access control solutions
Suprema neaMetrics Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Suprema’s latest multi-modal access terminals are top-of-the-range, highly secure, easy to install, and easy to use. They feature biometrics, mobile access, and RFID and are both PoPIA and GDPR compliant.

Battery-powered video doorbells
Ring Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Ring has announced the latest addition to its line of video doorbells. The Battery Video Doorbell Pro builds on the capabilities of its predecessor, providing greater value and convenience for homeowners.

Tackling estate entrance challenges
Turnstar Systems Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The Velocity Raptor’s retractable spikes deter criminals from entering estate premises; equipped with LED lights, it provides visibility during the day and night, and in adverse conditions.

HELLO visitor access management
Products & Solutions Access Control & Identity Management Integrated Solutions Residential Estate (Industry)
HELLO is an on-premises visitor and contractor access management solution designed to be fully integrated and complementary with smart, on-trend technologies, securing estates and businesses alike.

Digital transformation in estate environments
Regal Distributors SA Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Digital transformation has brought all users into digital processes across every industry and activity, interlinking activities and crossing industry boundaries. This complexity leads to significant changes in previously established workflows, especially in visitor management.