Frank Close began his foray into managed access control when he “failed” in being able to deliver what a client needed. “We sold a security system for three doors with keypads, based on what the customer told us they could afford. We were trying to design it for that amount and I met with them, but we realized it just didn’t make any sense. At the time we had just had a sales call with Brivo and I said to the client, ‘If money was no object, would this solution work?’”

Without any training or background in this type of system, Close, who is CEO of Guardian Security Systems Inc., Seattle, and his team took the leap and installed it for this customer as a beta trial, and the rest is history. “Our failure taught us that there was a huge customer need out there,” he says.

In the earliest days of managed access control, companies like the pioneer of managed access control, Kastle Systems, Falls Church, Va. (SDM’s 2015 Systems Integrator of the Year), had to literally design everything from scratch. But today there are multiple providers such as Feenics, Brivo, ISONAS, BluBØX, and more, that make entry into this market much easier for the security integrator, as well as more traditional manufacturers such as Honeywell, AMAG, Genetec and others coming on board with offerings of their own. And that is a good thing, because customers are increasingly demanding it.

More than that, security integrators are increasingly looking for offerings that bring in RMR, and hosted and managed access is one of the easiest ways to get that at the moment — particularly for those not interested in the traditional intrusion/monitoring model, says Colin DePree, sales manager and employee owner, Pro-Tec Design, Minnetonka, Minn. His company just launched a hosted access platform in June 2017.

“In part it was due to the desire to get into the RMR business, while not having an intrusion alarm background and not wanting to get into it,” he says. “We became an ESOP company in February 2016. As an employee-owned company we have to grow and drive value to our organization. One of the biggest things that was missing when we did our self-assessment was the RMR component.”

DePree found hosted access very accessible, particularly now that there are several companies that offer it. “It wasn’t a large financial investment, outside of the time and energy of the employees…. For my CEO and our board of directors it was much more about needing to find RMR sources and finding ways to drive it. So it was, ‘Go do it, prove it can be done and we can expand from there.’”

Many of those that have started feel it is a matter of survival. “It seems as though the industry is becoming more commoditized,” says Jay Slaughterbeck, managing partner, Strategic Security Solutions, Raleigh, N.C. “We have distributors trying to sell direct and customers trying to install their own things. It could be said that if the integrator doesn’t begin selling and supporting more services they will be left behind.”

Mike Traniello, vice president of sales and marketing, Technical Systems Group Inc., Rochester, N.Y., agrees. “People are using the Internet all the time, and more and more customers are becoming self-reliant and leaning less on us for our technological knowledge and resources. That is impacting our margins on installation. RMR is a way to keep our margins up and produce consistent revenue, while better servicing the customer.”

For security integrators who do already have an RMR model, expanding to managed and hosted access is a logical step, and managed access particularly is less daunting for them, says Craig Leyers, senior vice president sales and marketing, ADS Security, Nashville, Tenn. Almost half of his company’s access control business today is managed access.

“We manage it all within our monitoring center,” he says. “Having a UL-listed 5 Diamond rated monitoring center positions us well to offer round-the-clock response.”

This is something any integrator looking to get into this should keep in mind up front, Close adds. “This is a whole culture change. These are not less demanding customers because it is managed access. They still want things fixed at 2 a.m. It is going to be a long road, but those that take that path will be quite successful.”

For those considering hosted or managed access, or even on the fence about it, SDM spoke with several security integrators — whose experiences range from having offered managed access for years, to developing their own managed offering, to starting slowly with a hosted offering that is done for them — to find out the top five reasons hosted and managed access is good for business.

 

1

RMR

The top reason to consider getting into managed or hosted access control is, of course, the RMR that it brings. While many integrators report that these solutions are still a very small portion of their total offerings, they are happy with the results so far.

“We didn’t have any RMR from access control before,” DePree says. “For us, the results are absolutely meeting our goal. We weren’t sure what our target was. But as soon as we realized what the potential was we were hitting our goal and beyond because we were able to land a couple of larger opportunities that immediately showed the impact. It is hard to quantify … but because we didn’t have anything beforehand we are up 1,000 percent. We started with zero and now we have an RMR stream.”

Jim Pinto, principal, Key Security Designs Corp., Oakland, Calif., says his company offers 90 percent to 95 percent cloud-based products. “We really only carry three products and two of them are pure cloud.... On a typical sale we get about 15 percent for the licensing for the SaaS and another 10 percent through service agreements, so 25 percent of the overall sale is RMR.”

Shawn Sharp, managing member, Kingdom Security LLC, Houston, Texas, chose to take a traditional access control system from RS2 and move it to the cloud. “Our RMR has grown significantly. We didn’t do a lot of intrusion or even site support agreements before and we had less than $2,000 a month in RMR. Now we are at $18,000 a month.”

Integrators who care at all about getting RMR have little to lose, says Gunvir Baveja, CEO, eVigilant Security, Lorton, Va. “You will constantly get revenue and you will get it over a period of time. If your business model is quick money now and you are not worried about the long-term then maybe this isn’t for you. But if you want to build a stronger, more sustainable business where the value goes up you should definitely look at this.”

 

2

Predictability of Income

One of the biggest business benefits to hosted and managed access solutions is being able to plan your budget and resources more reliably, Pinto says. “You know how much you have coming in with RMR so you can better budget your personnel when things get tough.”

Beyond that, having the constant source of income helps integrators take advantage of other financial resources from organizations that use RMR as a basis for valuation.

“When you have a constant source of income you can leverage that to get more lines of credit,” Baveja says. “It gives you more flexibility and the valuation of your company goes up as your RMR goes up.”

 

3

Cyber Security

Many security integrators feel that cloud solutions are more cyber secure than on-premise products. “If you have a solution sitting on a network that has access to the Internet, or another solution that was designed with cyber security in mind, you are benefitting your customers by offering them something that was designed with that in mind,” Slaughterbeck believes.

This opinion is often shared by IT managers as well, Pinto adds. “They get the cloud. They feel it is more secure than a server in an electric room because it has security compliance built in.”

Cyber security was one of the deciding factors for Traniello at Technical Systems Group. “We saw the security of this being a big thing. As we went to approach the customer we had to be able to convince them that that security was not only there but potentially better than on-site…. It is a matter of cyber security but also of redundancy. The level of redundancy you can create in hosted is more cost-effective than trying to create that in a traditional client-server situation.”

 

4

Efficiency

Hosted or managed solutions are not only easier to install, they are simpler to maintain and update as well. In fact, that is one reason Sharp decided to convert a traditional system to a cloud-based one. “We were trying to become more efficient on our installs. We were losing time on jobs initially setting up software, getting IT involved, getting servers on their domain, etc. That was why I started looking at this, to get a lot off the table when doing these installs.”

Kevin Smith, managing partner, Nighthawk Group LLC, Elgin, Ill., felt similarly when setting up his offering, which is 100 percent hosted under the ISONAS platform. “The biggest advantage for me is we don’t have to deal with hardware and network issues and interacting with third parties. We don’t do IT services, but we might have to get involved with troubleshooting PCs with these third parties; then we would have to convince the IT provider it is their problem to fix. That was time on our part that we never got reimbursed for.”

What’s more, cloud solutions allow for almost instantaneous software updates to be pushed down to everyone, which saves time and hassle.

“It’s just a better way to handle your client,” Pinto says. “With these cloud-type solutions you have all the tools you need to take care of most service issues. It’s a win-win. The client gets better service and there is less equipment required on the client’s site.”

 

5

Stickier Clients

If RMR is the holy grail that got integrators to consider hosted and managed access, by far the biggest benefit after doing it was finding that clients stayed longer. “It’s sticky,” says Jennifer Graham, vice president of marketing for Kastle Systems. “Customers don’t just rip out access control systems. Once they are in place, they tend to keep them. This gives integrators the opportunity to expand their offerings by providing them with a platform to add on other services/sensors.”

Unlike on-premises systems, hosted and managed access control is harder to jump to another provider. “Before, we might have a one- or two-door installation, then forget about them,” Sharp says. “But now because they keep going to Kingdom Cloud, they keep coming back. It makes them stickier and they remember who you are. Customers who wouldn’t normally call back, we see their activity and can troubleshoot them.”

It’s not just for small customers, either. “We still serve the exact same markets, primarily industrial and chemical plants,” Sharp adds. “All we are doing is changing the solution we are providing. Others sell a system and walk away. We are part of your organization.”

 

Choosing a Solution

Whether you are considering setting up a hosted or managed solution yourself, looking at some of the ready-made solutions, or perhaps your on-premise access control manufacturer now has a cloud offering, how can you best evaluate which approach is right for you?

“We went through a pretty arduous process to get there,” says Colin DePree, Pro-Tec Design. “We spent six to eight months researching who is out there, what each one brought to the table, narrowed it down to three, and got buy-in from everyone in the organization.

“We looked at a number of things, such as, ‘Is this a partner who will work with us and grow with us?’ ‘Does it provide the level of functionality we need and are accustomed to selling?’ ‘Is it something we can stand behind?’ ‘Can we sell it and how quickly?’ We are not accustomed to the RMR model and there are some really good platforms out there that are so dramatically different in terms of how they are set up and sold that we didn’t think we could get there fast enough. Lastly, we strongly believe in open platforms and are a really big Mercury fan. Feenics is built on the Mercury platform, so we went with them.”

However, since making this decision, he notes that a few of his primary manufacturers are close to launching a cloud platform of their own, which may result in them having the option to sell multiple cloud platforms. “We will certainly consider it. I think we will eventually have multiple hosted access partners, just like today we have multiple traditional providers. There will be different solutions that fit better in different applications.”

Shawn Sharp of Kingdom Security took a very different path. “We took the RS2 system and rebranded their server to host our own cloud solution. We looked — and still look — at a lot of cloud options. The key is making sure it has whatever needs you have for your market. For example, for us it was mustering. We couldn’t find any [at the time] that had what we needed with custom reporting and mustering and time and attendance, so we built our own.”

However, he notes that doing it yourself is a huge upfront investment, “more than I realized when I started. Unless you have some specific needs, the BluBØX and Brivos [and their like] are a really good option.”

ADS Security’s Craig Leyers was another whose company did it on their own. But with a monitoring center already in place it was much less daunting, he says. “We had an advantage when we got started because we had an organization that was staffed 24/7. You need to make sure you have the structure to accommodate what you are offering the customer and the fortitude to support that through the growth model.”

eVigilant uses both solutions, says Gunvir Baveja. “We do both hosted and managed. We are using a company that provides a hosted solution and another internally to host our own solution at Amazon or Azure. You need to take a look at your capability as an integrator. Do you have the IT resources to actually host it and manage databases and make sure there are no cyber vulnerabilities? There are many vendors out there today that are providing solutions where they will do the hosting for you…. The barrier to entry is much lower now. When Kastle and Datawatch did it, it was very complex. Now you are up and running within minutes.”

 

Not Your Typical Customer

The common wisdom around managed access control is that it is ideal for the smaller customer with a few doors and no IT department or designated person to manage the access control rights. While this is still largely true, many integrators note being pleasantly surprised that larger clients are just as interested — especially on the hosted side.

“We initially put a heavier emphasis on trying to identify new customers or new markets that maybe we didn’t go after before because of their lack of IT support, or pricing,” says Colin DePree, Pro-Tec Design. “For a long time we thought our client base had to have X number of doors, such as two to four, and we didn’t play in that space. But as we have gotten into it, we have learned there are a lot more people interested in cloud than we originally thought. We sold two really large enterprise-level solutions with cloud since taking it on.

“I would say there is not a typical customer. We have sold it successfully into small entities … but we have also seen on the other end IT departments that say to us, ‘If you are telling me I can take that security platform off my plate I will gladly pay for someone to do it elsewhere.’”

This experience is echoed by Jay Slaughterbeck of Strategic Security Solutions. “Up until recently property management was the sweet spot. Typically property management firms would have a computer in an electrical closet handling access control and little or no IT infrastructure. But recently we are pitching to enterprise-level customers that have IT support. They are moving Active Directory to the cloud, file share, etc. Why would they have an on-site appliance just for their access control solution? You almost have to offer it now or be left behind.”

As more and more functions from banking to business processes get moved to the cloud, acceptance at all levels is growing by leaps and bounds, adds Craig Leyers, ADS Security. “I believe that customers in general are more comfortable with subscription-type services. The evidence I would give would be Microsoft 365. We used to buy disks; now it is all subscription. That helps reinforce a customer’s expectation. ‘Do I really want to invest in this premise-based software or do it as a service?’”

Mike Traniello, Technical Systems Group, agrees. “IT folks have a primary objective to keep their business running and security is never their prime focus. It’s not what they want to spend their time on. If they can move security off and do it in a way that offers additional cyber security, helps them ensure compliance, provides redundancy, shows ROI and provides convenience it is a win-win for them.”

Large or small, customers are more and more interested in this approach. “I think the managed cloud-based access control model has opened the door to access for everybody,” says Matt Smith, director of security sales, Guardian Security Systems Inc. “Not every install is 200 doors. But there are a lot of smaller companies that have a lot of sites that eventually add up to 200 doors. It is such a deliverable model that we kind of outpace people who are using their expensive IT resources on trying to manage access control.”

 

Selling the Solution

Selling service-based solutions is different, without a doubt. Here are a few of the ways security integrators have gone about changing their mindset.

“We brought it up to a few clients that we were fully planning on providing a traditional access system to, but quoted both, and we were shocked that the larger focus was on the hosted platform we quoted. They ended up purchasing that, rather than the traditional system.” — Colin DePree, Pro-Tec Design

“We started playing with it in 2013, but have only really been actively pushing it the last two years. The first year we sold one. The next year we sold two. This year 30 percent of our sales was cloud. A lot of it was learning how to sell it. It’s like learning to ride a bike. You have to practice it and understand what customer’s needs are.” — Shawn Sharp, Kingdom Security LLC

“When we first started working with this solution I would tell my sales team, ‘No one is going to call you and ask for a managed access solution.’ We had to find the demand for it and explain it. Today that is starting to change with new vendors and technologies offering these solutions. Now our sales guys use the analogy of ‘OnStar for your business.’ Someone with the correct credentials could call ADS, speak to us 24/7 and we can remotely open a door if they need that. It becomes a very valuable proposition to a customer who doesn’t want to make managing access their full-time job.” — Craig Leyers, ADS Security

 

Hosting: The Gateway to More RMR?

For many security integrators, the easiest and least disruptive way to get into RMR is to offer a hosted access control solution, often done for them by the provider. However, most say their plans don’t end there. It is an entry, or a beginning, but most have plans to offer more RMR-generating solutions, whether that is to add video as it becomes more available, or to begin to do more fully managed access control.

“When we started with a hosted platform about a year ago we didn’t know how to structure things so we handled everything on an annual fee for hosting, and charge time and material for services,” says Kevin Smith, Nighthawk Group LLC. “Now we are building towards a history with our customers. What types of services are they calling about? How much assistance do they need? For 2018 we are trying to roll out three levels of services. One is just hosting; two is manage the environment, set up doors, create groups, etc.; and three, we would handle everything from issuing credentials to setting up users. It goes from no hand holding, to a little bit of hand holding, to doing it all for you.”

Colin DePree, Pro-Tec Design, has a similar approach. “Ultimately the plan is to have three levels of offerings: generic hosted, full-service contract, and full managed,” he says. “I feel this is the best place to start, but I do think this is only the start. We are already investigating cloud video platforms and how to tie them into the access solution. We are also looking at visitor management in the cloud. We chose hosting because at this point in time it is the most realistic and sellable option we have.”

Jay Slaughterbeck of Strategic Security Solutions is also looking beyond hosted to managed access control, eventually. “Really it is based on customer need and there hasn’t been an overwhelming demand yet. But I like the idea that we have a vehicle to easily put us there if the customer wants it.”

Hosting is the gateway to much more, says Mike Traniello, Technical Systems Group Inc. “We do see the benefit of hosting. We think it is a trend that is going to continue and expand to video…. Doing this opens the door for those other RMR opportunities. It makes it easier to sell hosted video or full-service agreements. We can go to the customer and say, ‘We will host access for a base fee and for X more a month we offer a more comprehensive agreement.’”