Managed Services Committee on Access Control

May 13, 2021
“Everybody is going to want to protect their doors and their businesses.”  - Bryan Mularcik, IPS Sales Rep, in March 2020, when asked what he thought the pandemic might do to our business.

As the pandemic unfolded in spring 2020,  our industry pondered how it might impact customer’s security needs.  At IPS, we anticipated a change in customer demands.  We started seeing some almost immediately; other changes took time to materialize.  Some we expected; some were a surprise.

With almost a year behind us, the impact and kind of changes has become much clearer. A pair of industry reports looking back at 2020 have recently been released and their data complements what we see.  HID’s 2021 State of Physical Access Control  and Security Sales & Integration 2021 SSI RMR Deep Dive studied both end users and security integrators, just like IPS. 

We thought we share some of the highlights from these reports and our observations in this blog: 43% of organizations reported that their current access control system does not meet their current needs.  According to HID, only 43% of customers felt that their access control system met their current needs.  What’s shocking about this number is that when HID started this survey in 2018, the results were over 70%.  This swing illustrates the impact of an extremely difficult and challenging year on access control. Remote administration requirements became much more the norm. 

As we left the office or campus and began working remotely, so did the access control administrators.  Where life was routine and regular schedules existed, change was the only constant. Administrators needed access to systems.  Some required additional licenses.  The most simple kinds did not support remote administration.  Simple activities like changing a schedule that could have been accomplished with a few clicks at a workstation in the office became more difficult.  If you wanted to limit access to certain times for group of employees to support social distancing, that became challenging.

Even adding new users or replacing credentials became a greater chore.  Where the admin may have had a box full of cards or fobs in their desk, it wasn’t in their home office.  Many asked if there wasn’t a simpler way.  Can’t I just send someone a credential to install on their smartphone?  Little chores became difficult.

Remote management needs rose.

Fewer people in buildings changed the dynamics of managing those facilities.  Just like admins who help set up the system, access control system managers (often the same person) were not present onsite.  This increased the demand for getting alerts and changed how they got delivered.

Was a credential denied at a door?  Who presented it?  Is a door propped open? 

Prior to the pandemic, an alert on a hard client on workstation may have been adequate.  In 2020, that alert needed to be sent to smart phone.

Mobility features which may have been categorized as “nice to have” became a “must have”.  The ability to unlock a door from anywhere you’ve got a cellular or network connection became extremely useful.  Need to momentarily unlock a door for a contractor or an employee?  Remote managers wanted to grant access using their phones.  Simply click a button and unlock.

Integration is more important.   

Get that alert that a credential was denied?  Want to check out who it was?  Don’t want to log into a separate system since doing so remotely is a challenge?

These needs amplified during 2020.  The desire to access video through the access control system surged forward.  Working remotely drove the desire to simplify operations.

Visitor Management Systems became more valuable 

As facilities reopened, visitors started coming back shortly thereafter.  Protocols were often put in place to screen visitors for there current health, recent travels and other risk factors.  Much of that was done by either asking questions or photocopying a questionnaire and having someone write the answers down.  It was a paper heavy system, at best.

After doing this for months, many organizations longed for an electronic system that could check in visitors and review site safety protocols.  By using an application designed for visitor management, it would enable tracking guests better, support contact tracing and, in general, keep better records.

New sites, new doors

Not surprisingly, demand for new access control systems grew.  Companies that didn’t previously have an electronic access control system now wanted one to have more control.  In many cases, these were simple, smaller systems featuring readers on exterior doors.  Set schedules, add users and manage users.  It wasn’t unusual for a business to just want one door with access control.  Some locations proved particularly challenging without networks and requiring cellular to communicate with readers.

Ironically, in some situations, fewer people in facilities translated into more doors needing access control.  Added levels of protection grew whether it be limiting access to a server room, executive offices or exterior doors.  Fewer people onsite increased security requirements.

Cybersecurity concerns continued to increase

When placed on a network, access control systems can potentially create vulnerabilities.  As more and more IT professionals get involved with access control, their concerns about vulnerabilities increase.  It is another potential opening.  The massive Russian hack piggybacking off of Solar Winds application created more awareness and concerns about cybersecurity across organizations ranging from large to small and public to private.

Interest surged in touchless and frictionless access control systems

Following the guidance of health professionals, we were told to frequently wash our hands.  As people became concerned about germs and viruses, it had in impact in touching public surfaces.  Many inquiries were made about reducing touches in security.

Picture a front door that has a sensor on it.  When it senses a person, it opens.  The employee can proceed to a turnstile and present their credential.  The turnstile opens and allows them to head to the elevator.  They get in the car and it automatically directs them to their floor.  The notion is a pathway is created all the way to their workspace with limited surface contact.

The preference for alternative credentials increased

As a society today, we barely function without our phones.  You might leave for work without your wallet, but you definitely won’t forget your phone.  Administrators continue to ask for blue tooth credentials which can be loaded on an individuals phone (and just as easily, created remotely).  The trend has been labeled “Phone as a Badge”.

Additionally, “Face as a Badge” is a new technology which is gaining momentum.  FaaB revolutionizes credentials.  It creates a completely touchless authorization and increases the security.  A fob might be copied and a card may be stolen, but a face is truly a unique credential.  FaaB has become a preferred 2nd or 3rd authentication factor means for high security areas such as server rooms, bank vaults, etc.

Cloud-based offerings continue to increase in appeal

According to SSI’s report, cloud-based access control grew by 7% in 2020.  Commonly referred to as Access Control as a Service (ACaaS), it removes the server controlling the system from the local site.  On-site door controllers are connected to a cloud-based server.  The admin uses a browser to update users, schedules and more.  It eliminates maintaining another server onsite, which can often be a benefit to the company’s IT department.  (If they don’t have an IT department onsite it makes even more sense.)

ACaaS is often associated with paying as you go as opposed to a large one-time capital expense.  The cost of access control can be transferred to an operating budget which can be much easier on many budgets. ACaaS usually require a much lower down payment and a monthly fee.

ROI & Cap ex spending is a challenge

HID reported that the biggest obstacle facing companies was creating an ROI or getting a capital expenditure approved.  Traditional on-premise systems can run from $2,500 to $5,000 per door for installation.   A four door system could easily run upwards of $20,000 including locking hardware.

With many companies facing financial uncertainties in 2020, investing in new access control system may not have been a possibility.  This probably contributed to the increase in ACaaS subscriptions.

Evolving and changing demand inspires new products and features

In summary, 2020 saw demand for new systems, features and applications.  That only 43% of organizations felt their system met their needs is staggering figure.  The industry responded with new products and modules.  All of the trends and changes listed above can be accomplished.  Many systems that are currently deployed have a new software update or module that can be unlocked.  That’s good news for many customers – their existing system can be expanded or modified to accommodate their unmet needs.

Lastly, new offerings have come onto the market which have placed a premium on mobility – literally using your smartphone to manage the system and simplicity.  If you only need one door in an out of the way location, there is a affordable solution available to you.