Advantages on All Sides

There are advantages to each access model for both the client and the security integrator. For example, using the traditional model, where the client typically owns it all, from the network head-end to the access control peripherals, the advantage to the client is that they pay for the equipment upfront without monthly, quarterly, or yearly fees – other than a possible maintenance contract.

Although this saves money in the long term for the client, it saddles them with the responsibility of paying all maintenance fees as well as device replacement as the system approaches end of life. The advantage for the security integrator, on the other hand, is a source of recurring revenue that adds to available cash on hand as well as the year-end bottom line.

“We have [an access control] solution for everyone with a lower cost of ownership, higher reliability and more current software than their existing security platform can offer,” says Perlow. “In order to make this happen, however, we’ve had to re-educate our [traditional] clients on what managed and hosted access control can do for them and what resource it will free up for them internally.”

The advantage of hosting the access control system in the cloud is that it provides a more flexible, on-demand environment than a traditional, on-premises system. Cloud-based access enables the client or the security integrator to change head-end characteristics, storage capacity and add additional services on the fly. The system can be reconfigured in real-time without human intervention through a control panel that re-sides with the head-end in the cloud. Herein lies one of the most powerful advantages afforded using the hosted model in the cloud.

There are numerous combinations involving hosted and managed access configurations. An access control system can be hosted in the cloud while the client manages their own day-to-day affairs. The security integrator can provide minimal operations support by adding card/token credentials, removing additional ones, adding or deleting users, and more. A third-party service could also provide hosting, management, and other services as needed – all of them through the security integrator.

Note that software also can be offered as a service to the client, referred to as SaaS (software as a service). When the software development setting is provided to a client, it’s called PaaS (platform as a service); and when the hardware is offered as a service it’s usually referred to as IaaS (infrastructure as a service). For a complete list of current “as a service” offerings, see the sidebar.

Security in the Cloud

With all the security concerns involving network hacking in the news, many security integrators are left scratching their heads, wondering whether the cloud is secure enough for their client’s needs. When you read about the huge losses experienced by really big retail stores, such as Target, Home Depot, Neiman Marcus, as well as motion picture giant Sony, to name only a few, it’s understandable why integrators are concerned.

According to NIST (National Institute of Standards and Technology), the use of cloud computing is a lot like that of wireless communication when it first came into fashion for sending voice and data from one point to another. Over time, government agencies and private corporations learned how to better protect their data and communication path. The same process is repeating itself with cloud technology, and there are ways to assure that the client receives the best secure clo
ud service available.

According to cloud access security broker Bitglass, “It’s the job of SaaS application providers to ensure that their products are as secure as possible. After all, they’re asking enterprises to trust them with their data, which is highly valuable. Many SaaS vendors hire the best and the brightest in IT security, and buy the best security products in order to ensure the security of their customers’ data.”

The question is how can security integrators and alarm dealers know which cloud products to use? Brivo’s Odess offers some sound advice.

“A good way to assure that you get the most secure cloud service possible is to ask the right questions,” he says. “Ask the provider if they use sophisticated encryption. What is the provider’s SOA [standard operating arrangement] if the system should go down? What’s the service agreement like? You can tell those who are faking it. We hire white-hat hackers to find holes we may have in our system – it’s a core part of who we are and how we do business.”

Ask the provider to put it in writing how they prevent hacking from taking place. If they won’t put it in writing, Odess says to run in the opposite direction. Also, ask the provider what the device communication protocol is in the wild that communicates with the host. How is this information communicated? Is it always open or does it periodically call home? Is it encrypted and how do they manage this encryption (certificate/SSL)?

“How do you manage the info that is being shared? Is it in the cloud, and if it’s there, where is it hosted at [physical location]. Another thing is just because the colocation facility [that backs up the data] has a rating does not mean their stack has a rating,” says Odess. “If they use IaaS [integration as a service], which one are they using and how is it protected?”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content