Access control as a service

Access & Identity Management Handbook 2018 Access Control & Identity Management, Infrastructure

In an economic environment where cutting costs is king, there is still an acknowledgement that access control is a necessary function in every business. In smaller firms, access control may simply be a security door that the receptionist opens when someone arrives, while in larger enterprises it could consist of significant investments in technology and human resources.

While you can’t beat the price of a security door, larger installations are more dynamic, complex and expensive. This is why access control doesn’t receive the publicity that ‘cooler’ technology solutions do; it is installed to be forgotten for a long time (with the exception of maintenance and expansion, of course).

When a company decides it’s time to revamp its access control, it will again be faced with a large expense for hardware, software and manpower. Today, however, there is an alternative to spending the big bucks and having everything installed and managed on site – Access Control as a Service (ACaaS), which promises to make the access control spending more manageable.

There are a few ways to implement an ACaaS solution depending on the requirements of the user. The common scenario is to have the access control software and data stored on a cloud-based server (potentially with a backup on site), where the integrator or service provider manages everything for the user. The management can simply be making sure the system is running and accessible (and secure), or the service provider can take over managing everything related to access control, including enrolment. In some cases, the integrator will also assist in financing or arranging financing for the hardware and rent or lease it to the customer on a monthly or annual basis.

Whatever the final agreement looks like, ACaaS is becoming more popular with end-user companies and with integrators as they have closer control over multiple clients’ solutions without having to be on site. IHS Markit expects cloud-based access control to grow at over 9% through to 2021, which is more than double the rate of growth expected from traditional on-site solutions.

Can we expect the same growth locally? Are local end-users looking from the same services and solutions from ACaaS? Hi-Tech Security Solutions asked two local ACaaS operators for their insights on cloud-based access. Our experts are:

• Johan Van Heerde from Skycom, and

• Vikki Vink from Impro Technologies.

Growing locally?

It’s not uncommon to hear that cloud services in various local industries aren’t taking off as they are in First World countries because of the poor local infrastructure and because large companies have a burning desire to control as much as they can.

However, things are looking up in some areas according to Van Heerde. “There is definitely growth in the demand for ACaaS services, but in our experience, it's been more in the SME markets rather than the enterprise level companies. The larger corporates still prefer managing the IT environment within their network environments and thus prefer locally hosted systems which reside within the controlled realms of their respective IT and network policies.

“The SME market, on the other hand, does not want to maintain access control systems and prefers to outsource the solution as a whole and only use the functionality and output of the fully hosted and maintained system.”

Vink says ACaaS has yet to become a popular option in South Africa. “Part of this can be attributed to concerns around security and the traditional preference for on-site solutions. However, internationally there is growing interest in this solution as organisations become more accustomed to cloud solutions, such as with software services like SalesForce, Cisco WebEx, Google Apps, Office 365 and so forth.”

She adds that while the demand remains low, Impro expects this to change over the next two to three years because the benefits of ACaaS, when correctly managed, result in cost reductions, improved efficiency and rapid deployment.

“For example, there would be no requirement for onsite servers and the associated management of these. All access control software would be based in the cloud, with authorised users accessing the system through something as simple as an Internet browser. This means that deployment can be achieved within a few days. The only hardware would be a physical reader on the door.

Even credentials or tags can be virtual today. For example, at Impro Technologies we are able to offer customers the ability to have their access card securely embedded on their mobile device. This provides greater convenience for the user and ensures reduced loss of cards or duplicated cards (we always know where our cellphone, is but not necessarily our access card).

Where does it fit?

In an industry where one size does not always fit all, are there certain markets where ACaaS would make a better fit. Van Heerde has noted that the SME environment is one area where it is finding acceptance, and international research indicates industrial and manufacturing concerns are more inclined to adopt this approach, as are companies that want to centrally control access for multiple locations.

“It is already evident that the distributed model has been adopted by many industries where you have a small system presence in a remote or temporary work area,” says Van Heerde. “A good example of this would be the building and construction industry where you would ideally put down a temporary structure to manage and control your time worked, access to site and health and safety aspects like breathalyser and licence control.

“In these cases you would not want to deploy a fully fledged system to the temporary site only to remove it after work is concluded. It is here where the worth of ACaaS and distributed systems-as-services come into play. These can be broken down further where these construction companies can have a local, centrally-hosted system with distributed functionality within their network realm or the whole solution can be provided to the company as an ACaaS by a company that specialises in this field.”

Vink agrees that ACaaS is better positioned for multi-sites, simply because it reduces the cost of having multiple servers on each site and the potential complexities of installation and management. However, for large installations such as manufacturing or industrial sites, the main barrier to entry in the short term will be their significant investment in servers (and the associated infrastructure) as well as personnel.

“This will change, and enterprises will start assessing ACaaS when it’s time to upgrade and the technology is proven,” adds Vink. “ACaaS is ideal for medium-sized businesses, specifically because of the reduced investment. For these businesses, the expense of servers and the associated management of firewalls, virus protection, disaster recovery programmes, along with qualified personnel to manage this makes ACaaS a natural alternative.”

She adds that in addition to the cost savings, the biggest factor that will drive this is convenience. “Businesses will be able to focus on their day to day operations, without concern, knowing all the other considerations have been taken care of. They simply log into a secure portal that is already preconfigured and secured for them, and are able to quickly pull reports, enable or deny access, thus reducing a significant infrastructure headache.”

Cloud versus cloud

Some people have dismissed the idea of ACaaS as they believe they can host their own access control function in the cloud without having another service provider or vendor involved. While this is true, it is the ‘as-a-service’ part of ACaaS that makes it valuable to companies.

Simply hosting in the cloud can be done, but the company would still have to take responsibility for installing and running its hardware and software. Vink explains that current hosted solutions are generally more of an IaaS (Infrastructure as a Service) model where users are still responsible for managing the applications and updates etc.

“With ACaaS the application can be run directly from a web browser and, more importantly, the vendor manages everything – the applications, runtime, backups, networking, data, servers, storage etc.”

However, she warns that offline functionality is still non-negotiable in any installation. “This is crucial whether you have on-premise, hosted or ACaaS. In any of these instances, if a server goes down, the access control system must still be able to operate normally. This is one of the key differentiators that Impro provides – if your link back to the server (or associated infrastructure) is lost, people are still able to gain access. This is achieved by not being solely reliant on the server to provide the decision-making.”

Van Heerde notes that three-layer redundancy is a decisive factor when it comes to selecting your system in the long run. “Layer one core system benefits, as in the case with the XTime suite, lies in its capability to do full offline validation, meaning all validations takes place on the controller/access control unit even if it cannot connect to the main server at that time. At the same time all transactions are buffered and recorded and will be downloaded to the database once the connection has been re-established.

“For Layer 2, redundancy tools can be deployed onsite from a general laptop are of utmost importance to accommodate and mitigate worst-case scenarios. In Layer 3, controller backed-up data is directly accessible with software utilities.”

As with most technology solutions, the benefits and ultimate functionality of an ACaaS solution depends on the options one chooses, and this will naturally influence the price. And while the capex/opex argument makes a significant difference to many bean counters, one must ask whether the ACaaS route is actually going to save money in the long run.

The money question

“In my opinion,’”says Van Heerde, “the cost saving would not lie so much within the physical infrastructure and server costs, as server space is pretty much accessible and obtainable in various offerings from renting, to owning and hosting ,and infrastructure is a given whether hosted or local.

“I think the saving will be through the actual manpower required to maintain and manage these systems. With a locally hosted system you would require skilled resources to maintain and support the system and everything pertaining to it. A typical integrated system would require an administrator, IT support, database administrator, infrastructure support and management of all these aspects dependent on the size and geography of the system.

“At the other end, a fully hosted system would still require the above structure to support the system, but the structure and the cost would now be distributed among various clients, thus alleviating costs and in-house responsibility for the system.”

Vink echoes this thinking, noting that ACaaS also moves the problems from the user to the vendor, who is now responsible for guaranteed uptimes, server failovers and data protection. “As we all know, data protection and privacy laws are becoming more stringent, therefore to have a service that manages this for a business also reduces its legal liabilities.”

For more information, contact:

• Impro Technologies, +27 (0)31 717 0700, [email protected], www.impro.net

• Skycom, +27 (0)10 001 4672, [email protected], www.skycom.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Threats, opportunities and the need for post-quantum cryptography
AI & Data Analytics Infrastructure
The opportunities offered by quantum computing are equalled by the threats this advanced computer science introduces. The evolution of quantum computing jeopardises the security of any data available in the digital space.

Read more...
Unlock data insights and integration
Gallagher Access Control & Identity Management Products & Solutions
Gallagher Security announced the release of its security site management software, Command Centre v9.20, which enables integration with Microsoft Entra ID, a cloud-based identity and access management system that provides seamless synchronisation of cardholders across systems.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
Axis introduces ACS Edge and cloud storage
Axis Communications SA Surveillance Infrastructure Products & Solutions
Axis Communications has launched two new solutions within the AXIS Camera Station ecosystem, AXIS Camera Station Edge (ACS Edge) and AXIS Camera Station Cloud Storage (ACS Cloud Storage).

Read more...
Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...
Effortless and secure visitor management
Secutel Technologies Access Control & Identity Management Residential Estate (Industry)
Secutel Ventures has introduced SecuVisit, an access control solution designed to simplify visitor management while enhancing security. With two innovative components onboard, SecuVisit ensures seamless visitor check-ins anytime, anywhere.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Security professionals gather at Integrate 360
Gallagher Access Control & Identity Management News & Events
Gallagher Security’s Integrate 360 brought together some of the best minds in security, innovation, and technology for two days full of insights, demonstrations, and future-focused discussions.

Read more...
Suprema showcases enterprise security at Integrate 360
Suprema News & Events Access Control & Identity Management
Since 2006, neaMetrics, Suprema’s distributor in Africa, has worked closely with Gallagher, building a robust partnership resulting in seamless integration between Suprema’s advanced biometric readers and Gallagher’s security management platform.

Read more...