Access Control as a Service: An Easy Guide to ACaaS Opportunities
The rise of the hybrid workplace has put businesses, their legacy access control systems and integrators at a crossroads. Here’s how access control as a service (ACaaS) can guide both you and end users into this new frontier.
In this whirlwind age of digital transformation, it’s difficult to fathom how much will change in just the next year, let alone the next 10. But at the speed we’re going, experts are quick to weigh in with game-changing predictions.
One that applies to most companies: the retirement of the physical ID — a farewell they’re predicting we’ll have to make by 2030. But the plot thickens. When we look at why something as simple as a physical ID is talked about on such a grand scale, we start to put the pieces together.
Yes, it’s cumbersome to keep up with yet another physical item on a daily basis. Sure, people rely on their phones for virtually everything. But the key factor that’s driving this shift — and many others — comes down to one simple word: security.
According to the Federal Trade Commission (FTC), identity fraud incidents increased around 45% in 2020, leading to huge financial losses. And, according to Javelin Strategy, this trend continued in 2021, incurring a total loss of $56 billion for North America alone.
With those kinds of statistics, it’s no surprise that the forecasted spend on identity-led security by 2027 is $25.6 billion (according to a recent report by MarketsandMarkets). The increase in cyberattacks can be attributed to many different factors, but the rise in digitization is certainly at the forefront of that list.
With hundreds of servers across the globe and more data being uploaded to the web than ever before, personal information is ripe for identity theft. Not to mention, technologies such as machine learning help attackers multiply malicious efforts tenfold. And with chaos accelerating in many parts of the world, these bad actors are becoming more and more prevalent.
The ongoing development of cyberattacks is not only destroying the reputation of companies but also threatening their cyber-physical assets, potentially resulting in major financial losses.
And as we all know, the new hybrid work model has catapulted us decades ahead from a security lens. Working from home opens doors to more proprietary information access and less supervision. And due to more flexible scheduling, going to the office is often up to the employee’s discretion.
In other words, who monitors when employees, contractors or visitors walk into your building? All of this ultimately puts businesses, their legacy access control systems and integrators at a crossroads. Do they continue in the direction they’ve been going in? Or do they adapt by connecting all the digital and physical pieces together?
By uniting physical security, IT, OT (operational technology) and HR systems with a cyber-physical Cloud platform for identity, access management and security, integrators can offer undeniable value to both new and old customers while growing their own book of business.
Converged Security Value Drivers
Enhance workforce experience
▶ Simplify and automate building access
▶ Eliminate security gaps
▶ Automated controls for badge activation/deactivation
▶ Deliver continuous compliance
▶ Proactive policy enforcement
Keep auditors happy
▶ End-to-end audit data tracking
▶ Go digital with mobile credentials
▶ Seamless and touchless access
See immediate ROI
▶ Leverage existing technology investments
▶ Eliminate custom development & integration
Cloud-Based Access Control + Identity Access Management
It’s no longer enough to simply install access control systems. With so much at stake — from compromised data to financial losses — it’s imperative that integrators play a larger role with ongoing management of these solutions. In other words, by offering Cloud-based access control or access control as a service (ACaaS).
ACaaS combines the benefits of SaaS with on-premises access control devices that control access remotely through the Cloud and store data in a secure manner. For the end user, this means less manual work, more visibility into their processes, better compliance and less wasted money.
For integrators, it means focusing their time on offering additional services and creating more opportunities for recurring revenue. Technologies that converge physical and cybersecurity with IT, OT and HR systems are key solutions in this space; leading that charge are Cloud-based access hosting, privileging, visitor management, database maintenance and credential management.
By being able to maintain, upgrade and terminate these systems on an ongoing basis, integrators will be able to identify new ways into the end user’s organization and help pave the way forward in this new era of convergence. And here’s the kicker: it’s easier done than said.
Integrators can now use a Cloud-based approach — coupled with identity and access management — to connect physical security, IT, OT and HR systems through SaaS-based solutions, without the hassle of custom coding. It’s quick, it’s scalable and it’s easily integrated, which is a win-win for the integrator and end user alike.
As an example of the benefits that can be gained all around, annual projections for an AlertEnterprise customer with 30,000 employees are 75%+ of identity and access tickets automated and processed through cyber-physical identity access management; an average of 20% workforce productivity gained by providing the right access at the right time without delays; and $15.7 million in total annual savings/cost recovery on direct and indirect costs.
But what happens when a company, say, merges with another company, adding more systems in more locations? Or they have infrastructure they just aren’t ready to let go of? Ancient tales will have you believe that you have to rip and replace in order to install under one physical access control system (PAC). But that’s no longer true.
When you use a Cloud-based identify and access management system, you can keep legacy platforms and have them all run under one system. Integrators can help existing customers by adding services and capabilities to their current platforms, instead of having to rip and replace their current infrastructure.
Solving for Infrastructure (or Lack Thereof )
In today’s hybrid world, company doors are swinging open and shut without much visibility or control. Who is coming in and why? And when are they leaving? The problem is that traditional access control systems don’t have the capacity to manage that level of variability among a large work force.
The only way to do so is through an identity-led access management security approach that addresses policy-based access control, visitor management and the ability for HR and IT systems to converge digital and physical identities for better management of all kinds of workspaces, no matter where they are.
And then there’s the current supply chain management issue that seems to have no end in sight. Installing new hardware and systems has been extremely challenging for integrators due to a lack of access to needed parts. Having the ability to provide these services to current customers creates a major opportunity as they navigate supply chain issues.
A Smart Approach to Security Convergence
Different companies have different security needs. Luckily, integrators can cater to them with ease. A good place to start is by asking them about their particular use case: are they looking to identify how to best let employees and contractors into a building? What does that process look like for visitors? Do they want to provide self-service portals for asset requests?
Then it’s time to breach the topic of systems — everything from the amount of buildings and doors to the number of employees. We need to think about systems in terms of identities, so it’s important to find out how many people will be managed within the system.
Moreover, because the goal is to bring together different systems under one platform, it’s imperative to consider systems outside of security — like HR, IT and OT. All of this also benefits the integrators; when it comes to pricing, they can account for the number of identities, lobbies, workspaces, kiosks and other systems or data needing to be connected.
When considering how to configure and market ACaaS and IAM offerings, follow these steps:
- Start with the use case: employees, visitors, assets … or a combination of all three?
- Quantify systems: how many buildings, doors and/or employees are we focusing on?
- Focus on identities: how many people, lobbies, workspaces and kiosks will be managed within each system?
- End with integrations: will we connect PACS with HR, IT and/or OT?
Which markets does this apply to? The short answer is all of them. But a good starting place would be with companies that have specific regulations and mandates in place — think healthcare, financial services, utilities, energy, high-tech, datacenters and airports. This could also be applied to industries such as manufacturing, automotive, pharmaceuticals and education.
However, any company that is manually managing their access control system and physical security tools, like employee badges, could benefit from convergence. In other words, integrators can scale from small to really large.
More often than not, customers experience above-par performance and, in turn, add new use cases on their own terms. They want to manage and automate in more ways, and integrators are in the perfect position to open those doors — securely and with ease. There are systems that require very little maintenance in terms of software, and new policies and workflows are configurable from the system and the Cloud.
Finding a solution that supports all Cloud options is instrumental. And because it’s Cloud-based, it’s all about annual and recurring revenue. Yearly licensing is a great opportunity for integrators to show value of book and recurring business.
So, Integrators … Which WayIs It Going to Be?
It’s no surprise that the world is changing quickly, with evolving security risks and ever-changing work processes at play. The hybrid work model is here to stay, which opens doors to more companywide silos, data gaps and general uncertainty around work processes.
The good news is that integrators are perfectly positioned to build business resiliency through existing channels and assets by merging various systems, practices and policies so that departments can operate from shared data and accommodate policy enforcement, risk prevention and compliance measures.
By playing an ongoing role, they can help businesses navigate this new frontier. And, while they’re at it, they may just discover new opportunities for designing, configuring, commissioning, pricing, marketing and maintaining ACaaS and IAM offerings.
Jason Alestra is Vice President of Strategic Channel Sales, North America for AlertEnterprise.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!