9.26.24 – SSI
We’ve come a long way from clunky key rings that give a select few people access control to every door across a massive facility.
Access control is becoming an increasingly important part of a security systems integrator’s work, as business leaders and homeowners place more emphasis than ever on protecting their livelihoods and the goods and services they offer their customers.
For those who enjoy sci-fi movies, we may have to wait a while until biometrics are the industry standard across the access control space, but we’re moving further away from the days when every key needed for every door throughout the building were collected on a single key ring.
Ross Samek, vice president for Hawkeye Alarm, a physical security life safety integrator with about 20 employees in Waterloo, Iowa, says access control goes hand in hand with its other major components, commercial fire systems and video surveillance.
“I think, in the last few years, when a new building is built, access control is included in the design phase, especially in the education vertical market,” he says. “It’s definitely changed from the days of ‘we had something happen and now we need to come up with a better system of security.’ It’s definitely more on the front burner of the building designers and building management.”
Steve Capogna, owner of Alarmingly Affordable in Staten Island, N.Y., says access control is about 20% to 25% of the company’s business and they are moving further into the cloud access control market with their almost 13,000 customers in the greater New York area.
“It started out that I was going to use cloud-based for my under-16-door systems, but we’ve recently done 100-plus systems and we’ll be doing even larger ones,” he says. “We’ve got the cloud-based takeover down to a science now, where we build in-house, and we roll it out.”
“We maintain two databases for the duration of the takeover, which could take as long as two weeks, and the client is very happy. They’re never down for more than a few hours per reader, per panel. Cloud-based systems put the control in the palm of your hand,” says Capogna.
More from the Access Control Experts
Exton, Pa.-based NextGen Security works primarily with large enterprise companies across the U.S., including petrochemical and energy, as well as in the higher education and healthcare verticals, says vice president of customer development Brian Courdoff.
Access control makes up about 40% to 45% of the company’s business, he says.
“Everything is going to more of a digital, more user-friendly type of application,” he says. “I do agree with a lot that’s going on with getting away even from the plastic cards. I love where we’re going with biometrics and some of the different avenues that we can take doing single-factor or dual-factor authentication to make it easier for people to use.”
Jim Lantrip, senior vice president of operations at Allied Universal and a member of the board of directors for the Foundation for Advancing Security Talent, says the days of keys are dwindling but not gone entirely, although they’re a rare sight among their customers in data centers, critical infrastructure, the nuclear space, biopharma, medical facilities and commercial office buildings.
“We don’t really do that very much, but it’s still out there unfortunately,” he says. “It’s still very inexpensive, comparatively speaking, to put a standard lock set on the door but you lose everything that access control brings you.”
“You lose the ability to control who can come and go. If that key’s lost, anybody can come and go. You don’t know who did it. You don’t know when anybody went in and out of a door. You don’t have the ability to say when anybody can go in and out of a door, you don’t have the ability to give access to somebody else without giving them a key,” says Lantrip.
“I won’t say keys are dying because I don’t think they’ll ever go away but for important doors, like exterior entry exit doors and internal doors into important spaces, we see access control is the only thing that’s happening out there,” he says.
Mark Peterson, director of national security services for Security Hunter, a 75-person operation that works strictly with the federal government, whether that is in the Department of Defense space or in the civilian sector.
Access control represents about one-third of the company’s business along with intrusion detection and video surveillance.
“All of our installs are using pivClass or CAC readers,” says Peterson. “We’re not doing anything else other than what would be allowable in a federal environment.”
In most cases, says Peterson, there’s a competitive bid process where the government has to advertise the solicitation with a scope of work and anywhere from six weeks to six months before the award date, depending on the complexity of the award and the number of anticipated returns on proposals before the job is awarded.
Security Hunter maintains a 20,000-square-foot warehouse of all its most commonly used parts that helps it get ahead of any procurement lead times, he says.
Biometrics Increasing in Importance in Access Control
Hawkeye Alarm is typically installing mobile credentials, key card readers or key fob systems, with an occasional job that involves biometrics.
“The mobile credentials are very, very popular,” says Samek. “We don’t really get into much of the biometrics. We don’t have too many of the high-security customers that need the level of the biometrics. There has been interest over the years, but usually, once we start throwing around the price tags for those devices, then it’s not that important anymore.”
Alarmingly Affordable doesn’t shy away from installing biometrics-based access control systems, but Capogna has prioritized those with a Bluetooth component.
“We’re getting away from credentials and administering the Bluetooth credential with your email address,” he says. “Biometrics, I’ll do it occasionally on a low-throughput room like an IT room, a safe room, but the Bluetooth is what’s really taking off right now.”
“When we sold our systems, we always included the Bluetooth reader, but we didn’t enable the license. Now, when people are coming back, they don’t have to buy the new reader. We just enable it. It’s another fee per month, of course, but we see a big benefit in that,” says Capogna.
NextGen Security is getting more questions about incorporating access control into mobile phones and even using biometrics, says Courdoff.
“It’s really good for us to go back in and see where our customers’ deficiencies are and at least educate them on the facial recognition across the board, on what they could be doing day to day to better serve their community and staying up on the technology side, as well,” he says.
Courdoff continues, “People are getting back on their technology, getting their budgets back, understanding that they have to move forward with their technologies, as well as showing ease of use of how it is to do either some type of enrollment of a phone or some type of enrollment across a digital platform.”
“You look at it 20 years ago, when we started putting card readers on turnstiles, and everyone was like, ‘Wow!’ Now, you’re putting applications like Alcatraz on turnstiles where it’s facial and people are coming through without having to stop and take out cards or put their coffee down on the turnstile. And it does become an easy use again,” says Courdoff.
Allied Universal installs access control systems with “a whole variety of biometrics,” says Lantrip, although the space is on a bit of a roller coaster.
“We saw a big push initially, and then some laws started coming out, saying you can’t just do biometrics the way you want to and you have privacy laws on the biometric data, how it’s stored, where it’s stored, what it’s tied to, how you link it to a record with a name on it,” he says.
“It’s an important part of the industry, but its growth curve, was, I’ll say, slowed down or slightly hampered by some of the rules and laws that are there to protect people and protect people’s information,” says Lantrip.
Security Hunter has limited applications where they install biometrics, primarily with fingerprints but occasionally with retinal scanners, says Peterson.
The Role of Recurring Revenue
Hawkeye Alarm maintains regular contact with its customers, even after the installation is complete, leading to ample opportunity for recurring revenue, says Samek.
“We always try to offer the lowest total cost of ownership-type systems,” he says. “But we also service the locks, the strikes, the magnets. We do it all so we’re all the way in from the prewire stage, the hardware installation, setup of the software, training and then there’s a lot of refreshers on the training and showing maybe some new staff how to operate the software.”
“With the coming of the web-based access control and cloud-based access control, that definitely opened up a few RMR markets for us, giving us a little more revenue stream. With our traditional server-based access control, there were no reoccurring licenses, and so we couldn’t really justify charging for licenses that didn’t exist. Now, with the more interactive and online options, that’s definitely opened that up for us.”
After struggling to determine a pricing model for cloud-based access control systems for about nine months, Alarmingly Affordable has found its sweet spot, says Capogna. The company never sells any product without securing a maintenance or service agreement from its clients.
“The client now knows why they’re paying recurring [revenue] on that,” he says. “In addition to the maintenance that’s always been 1% of sale price monthly month for 13 forward, they now understand they’re paying for hosting and sometimes admin, but what they’re not paying for is the maintenance of an on-site server, the licensing, the upgrade of that machine moving forward.”
“It’s ‘pay me now or pay me later.’ They’re finally getting it, and it’s well received, and I’m not fighting that anymore,” says Capogna.
Cloud-based access control “is where it’s at,” he says. “It’s just so far superior to anything that I’ve seen. Like when the digital video recorder came out in 2001 [or] 2002, and we jumped in on that. We’re killing it, and the client loves the fact that they have it in the palm of their hand and the information that we push out to them.”
NextGen Security continues to explore different ways to generate recurring revenue, says Courdoff.
“We know, with our enterprise customers, some are very good at what they do and how they manage their own systems,” he says. “We are looking at that and have different ways to bring revenue into our organization as well.”
“It’s not just the revenue piece. It’s about the technology, as well. If it’s smart for our customers, that’s when we’ll present it to them. It’s good for integrators, too, that we have another reason to go back and talk to our customers again,” says Courdoff.
Lantrip sees plenty of recurring revenue opportunities in access control.
“It starts with hosted solutions,” he says. “A solution in the cloud tends to bring a good RMR to you, but even premise-based solutions have software support agreements or software update agreements.”
The access control market is “really breaking into a lot of other areas,” says Lantrip. “Standard alarm monitoring, we’re seeing through the access control platforms. We’re seeing indoor locating through the access control platform that all of those controls can drive additional recurring services and additional one-time services for additions and subtractions to the platform.”
Peterson has enjoyed the bounty of recurring revenue in the access control space.
“There’s always a profit in a maintenance contract if it’s been evaluated and bid properly,” he says. “I have both kinds of contracts that fall directly under my purview. One is all-encompassing and then I have others that, as long as I have to put a tech on the ground, they have to pay for it. If I can remote into it and resolve it through their enterprise, it’s already covered under my help desk services.”
Explaining Access Control to Customers
Most of Hawkeye Alarm’s customers understand the access control market or are at least able to articulate the problem they’re having and the solution they’re seeking, says Samek.
“They come to us, saying, ‘We want to put a key fob on this door. Put that door on a schedule.’ They don’t need to know all the intricacies that go along with it,” he says. “That’s where we come in, being able to look at the physical door and knowing what strike, what specific hardware is needed for that type of opening to really to make it work.”
The bulk of Alarmingly Affordable’s work comes from replacing access control systems by other integrators rather than installing systems for the first time, says Capogna.
“Not many people install access control correctly,” he says. “Most people install access control as a glorified electronic key. That’s not what we do when we install an access control system. It’s not it. Yes, it has the convenience of being an electronic key. But it’s telling you if the door is open, it’s telling you if the door is forced. I’m sending you a lot of information.”
“At the end of the month on these takeovers, people are saying, ‘I can’t believe what this system has done for me. It has alerted me to problems that I didn’t know I had!’ And then, you go to the videotape, and you tie it all together. Our access control systems do a lot more than just open a door,” says Capogna.
Customers are definitely becoming more educated and sophisticated about all things related to security and access control, says Courdoff.
“There is a lot more technology out there,” he says. “The IT acceptance is now good, especially on the access control side. We’re not big bandwidth hogs or anything like that. We make people feel better. We’re definitely still sitting there in a good spot and educating those who need to be educated.”
Lantrip calls access control “a very mature product” that most of Allied Universal’s customers understand and ask for when they talk.
“I don’t know when the last time I was involved in an opportunity where the customer did not understand what access control was and wasn’t seeking it out actively,” he says.
Security Hunter’s clients are about evenly split in terms of knowing about access control and needing to be educated about it, says Peterson.
“Several of our contracts require us to provide bi-annual updates on new technologies,” he says. “Generally, we’ll go maybe 90 days after ISC West or after GSX. We’ll have another update for that. We’ll have to [provide] a brief overview of what technology is coming down the pike. What do we think will make it not only through the new shiny period, but what will actually provide long term?”
“The U.S. government isn’t guinea pigs. Generally, products going out to the main facilities have to have anywhere from seven to 10 years of maintenance history before the government will buy it. They want to see that it’s going to hold up over time before they’re willing to put in tens of millions of dollars of investment into that technology,” says Peterson.
Future Growth Potential
Despite the exponential growth of the access control market, Samek sees plenty of room for it to continue its upward trajectory.
“We’re very fortunate to have a very loyal customer base that’s usually expanding and growing,” he says. “Once they like the system, and we can prove that it does what we say it can do, and it helps them manage their business — make something with their side of things a little bit more secure — then they see it as a convenience and want to add this convenience to this door…to that door.”
“We’re very fortunate that a lot of our existing customers drive a lot of our work, just by trusting the system and seeing that convenience. In the education market, a lot of places want to get away from unsecured doors and people propping things open, so adding that card reader to the majority of main entrances that staff use frequently really drives a lot of that, too,” says Samek.
While many customers are moving full force into the technological age, whether that means mobile access control or biometrics, there are still some who enjoy having a slightly more old-school key fob, says Samek.
“We still see a lot of interest in the physical key fobs,” he says. “The mobile credentials are nice in small quantities for your handful of end users. When you have a school that’s trying to deploy it out to a couple hundred teachers that might be more of a pain than just issuing a key card to them and having them pick it up and they also are using those for their ID badges and stuff like that.”
“I don’t see the physical credentials going away anytime soon. We still have a lot of interest in that. The number of doors has certainly increased when we’re doing a building. We’re not doing too many one and two doors. We’re doing all of the doors in the facility, moving into the interior doors,” says Samek.
Courdoff sees plenty of potential for growth in the access control space.
“I love that there’s competition out there,” he says. “I love that the competition on the technology side is pushing the manufacturers to another level and coming up with different applications.”
“In general, at the end of the day I’m happy to be a part of it, helping secure buildings, helping secure data, helping secure facilities for different venues and different verticals. And I’m really excited about where we’re taking this technology from where it was 20 years ago,” says Courdoff.
He expects cloud to be the name of the game in access control in the near future.
“I definitely see a lot more cloud applications — 100% full cloud and hybrid — because we still have disasters that happen out there in the world that you can’t help that there will be no Internet connection,” says Courdoff.
“I could also see, and I’m hoping at some point, plastic goes away,” he says. “I want the key rings mostly gone. I want the cards mostly gone, stuff that you can lose and transact. I also see bigger authentication out there behind the scenes and that’s where I do believe you’ll see biometric-type, facial recognition-types, all applications like that.”
“The speed that they’re able to get things done now is really good. You go in and you look at where it was five years ago to where it is now, and the implementation, and how they can bring your face…your fingerprint…into a system has really improved,” says Courdoff.
Allied Universal is seeing “a good growth in the cloud side of the business, where the head end is in the cloud somewhere, whether we’re managing it or they’re managing,” says Lantrip.
“We’re seeing a shift to more and more adoption of cloud-based head end, cloud-based platform and all the benefits that come from that on the access control systems and I think that adoption will continue,” he says. “We’re seeing it across all segments of the software space so it’s only natural that access control would go that way.”
The retail and small office markets are “still slow to adopt access control,” says Lantrip.
“They view it as an expense they don’t need, but don’t recognize the advantages it can bring to them,” he says.
Staying Educated on Access Control Advancements
With so much change in the access control market — and with more sure to come in the future — it’s important to stay on top of what’s next in the space, says Samek.
“I personally subscribe to IPVM (Internet Protocol Video Market, an industry research group) and they do a lot of great research topics and discussions on the latest products and testing,” he says. “We find a great value in in that platform and being able to read discussions between other integrators from all over to really know all the different ways to come at a problem.”
Capogna doesn’t go to security industry trade shows to learn what’s hot in the industry.
“We’re constantly scouring the internet,” he says. “If I can’t find it on the Internet, it doesn’t exist. We will not sell anything that’s brand new. When something comes out, we buy it. If we don’t like it, we throw it out. We’re constantly looking at new things. Right now, I’m looking at a wireless lock set that runs on an existing wi-fi back end that’s more affordable.”
Courdoff has been on the technical side with a systems integrator and also worked on the applications and sales sides for a manufacturer before joining NextGen Security. That’s helped him learn about the latest and greatest in the security industry from a variety of perspectives.
“We as an organization do like to test things,” he says. “I work very closely with our engineering team and see what they’re testing. I understand technology, not from just a sales point, but from the technology side, as well. And I do pay attention to what’s going on.”
“One big difference is, say, 20 years ago, there might have been five access control systems out there. Today, there are hundreds of manufacturers out there and there’s a lot of people doing a lot of good things. You’ve got to look at the investment that people are making in their R&D. You have to look at where they’re going with their technology, where they’ve been and how they support the customer day 30, day 90 [and] day 180,” says Courdoff.
Allied Universal relies on its product committee, among other resources, to stay on top of the latest innovations in the access control space, says Lantrip.
“We don’t believe that a single person can take stay abreast of everything so we have a product committee with segmented responsibilities for people to gain information and bring it back to the committee and then disperse it among the sales teams, the engineering teams, etc., so that we can then take that to the customer,” he says.
“Bleeding-edge technology has its risks, and we avoid it fairly heavily, because of the inherent challenges of the unknown with them,” says Lantrip. “Leading-edge technologies are an area that that we work in very well, and we have a number of customers where we will test with the customer.”
“We’ll do betas on their test networks with them and in their environment just to understand exactly what we’re going to get out of it, what we’re going to see for it and how it’s going to benefit them, as well as benefit us,” he says.
Peterson calls himself “a sponge for knowledge” who participates in several industry groups, both online and in the local area, to find out what’s new and coming soon in the access control world and other segments of the security industry.
“We get together, discuss new emerging technologies, use case scenarios, even the far-fetched ones,” he says. “You never know, you could be sitting down with a customer, and they say, ‘we have a weird situation.’ I just had that conversation not a month ago, believe it or not, and there is a technology that can cover you and we’ll talk about that.”
About the Author
D. Craig MacCormack, Digital Editor
Craig MacCormack is a veteran journalist who joined Security Sales & Integration in June 2023 as digital editor. He covered AV, IT and security with SSI’s sister publication, Commercial Integrator, from January 2011 to June 2021.