The recurring monthly revenue (RMR) business model has become a chief indicator of long-term profitability and increased business valuation for installing security contractors. Access Control as a Service (ACaaS), with its steadily increasing market penetration the past few years, is enjoying rising prominence under the RMR opportunity spotlight.
Various market research reports generally have the sector growing at a compound annual growth (CAGR) of around 15 percent, and an estimated global market size that is expected to easily surpass $2 billion by 2028.
ACaaS, similar to other managed security solutions, allow dealers and integrators to provide end customers with a service-based setup that relieves them of cloud and data management duties, among other benefits. Brach Bengtzen, director of marketing, ProdataKey (PDK), Draper, Utah, a provider of cloud-based access control products and services, says the top way its integrator partners generate RMR from ACaaS is by tying it to maintenance agreements.
“A typical service contract might have the integrator going onsite every six months to check batteries, ensure all the cabling is in good shape, and troubleshoot any customer issues,” he explains. “The goal is to make sure the customer gets top value and maximum satisfaction from their solution by keeping everything up and running all the time.”
The maintenance agreements can also tie in other services, such as taking care of cameras and alarm systems. By offering a large, turnkey maintenance agreement, Bengtzen says, the integrator provides a holistic approach to keeping all systems running and working together.
Connecting multiple sites via ACaaS solutions allow for central monitoring and management from anywhere, even on thin client technology like mobile apps and web portals. // .SHOCK/ISTOCK / GETTY IMAGES PLUS VIA GETTY IMAGES
“Customers really see the value in these types of contracts,” he continues. “Sometimes we see integrators offering leasing to generate RMR. The customer pays zero upfront hardware costs, and then the equipment price is wrapped into their monthly fees, including support and maintenance. Leasing isn’t as common as pure maintenance agreements but is growing in popularity.”
Many organizations forego changing legacy systems because of budget constraints. Having an ACaaS model introduces a subscription option that really changes the game as upfront costs can be minimized, explains Kris Houle, product line manager - access control, Genetec, Montreal.
“With a subscription-based service, they can pay on a monthly or yearly basis versus paying large capital up front,” he says. “This can change the narrative between the integrator and the end user and allows them to provide their customers with more options and create a more consistent revenue/service model.”
Houle adds integrators then also have the ability to attach their own services and maintenance to the whole solution. “It creates a long-term opportunity that maintains customer contact beyond the initial sale,” he says. “There is also an advantage of the solution being quicker and easier to deploy so technicians are able to work on more jobs.”
Greg Tomasko, applications engineering leader, Honeywell Building Technologies, Atlanta, describes a trifecta of RMR opportunities that are readily available for security integrators to tap into. For starters, consider device attach rate. More online devices means more recurring revenue. The second is credentials. If ACaaS providers can support providing customers with cards or mobile credentials, they can forecast additional revenue.
“Third, ACaaS providers can become the de facto security department for their customers,” Tomasko says. “Providing reports, enrollments, even support to companies as a part of monthly or annual contracts.”
Ron Luchene, senior vice president of Buford, Ga.-based security integrator Tech Systems Inc. (TSI), underscores a conundrum that has traditionally dogged a good many of his industry brethren. “Many integrators have struggled to gain footing in the RMR space. For most, less than 10 percent of the top line revenue is tied to RMR services.”
The transition from a more traditional sell and install model to that of recurring revenue entails developing new procedures for sales and support teams. Challenges for integrators arise when they are not already equipped to invoice on a recurring, scheduled basis.
ACaaS arrives as an opportunity to take the manufacturers’ lead in this space and then bolt on other services, including break/fix and preventive maintenance inspections, which will help drive growth in this area, Luchene says. “Over time, integrators who embrace ACaaS will find themselves less dependent on the bid market and more focused on long-term opportunities tied to RMR as the margins can be significantly higher and top line revenue growth becomes less of a business driver.
Again, the emphasis is on long-term commitment to a client relationship. While most clients can be trained on the application and taught to manage the system on their own, Luchene says, there is an opportunity to relieve them of that responsibility and to become their trusted partner in the management of that system.
“You create stickiness as dependence on the integrator increases, and the client will begin looking for other ways to outsource their operational needs,” he adds. “This creates opportunities for the integrator to sell additional goods and services, typically at higher margins than traditional business. If the current business strategy is to sell, install and move on to the next project, the integrator will always be chasing top line revenue and will fail to mitigate risk tied to economic and other outside influences on their business.”
Stay Abreast of Potential Pitfalls & How to Avoid Them
While ACaaS offers many advantages for security integrators, there are also a litany of pitfalls and challenges to be aware of and avoid. For starters, Lee Guill of Schneider Electric cites poor network infrastructure.
“One of the key requirements for an ACaaS solution is a reliable and robust network infrastructure. Integrators need to ensure that the customer’s network is capable of handling the bandwidth requirements of the ACaaS solution,” he says. “If the network is not up to par, the ACaaS solution may not perform as expected, leading to customer dissatisfaction and potential liability issues.”
ACaaS follows a subscription-based model, meaning it’s not an install-and-move-on type of customer engagement. Supporting ACaaS requires an adapted business model to support this type of continuous engagement. A company that hasn’t made this move could struggle to meet customer expectations, explains Kris Houle of Genetec.
“Another pitfall is not being educated in the current cloud security and products. One of the major advantages of cloud is the ability to rapidly respond to changing technologies,” he continues. “Customers will expect to be guided into the latest and greatest. Same goes for cybersecurity. You need employees that are up to date with the current technology and IT information.”
Luca Ingala of Watchmen Security Services also stresses the importance for his fellow integrators to fully embrace the business model that ACaaS requires and prepare your organization accordingly. “If you are used to doing one thing one way, you are going to have to switch to this other way thinking. The billing is different. The service is different. The way you go to market is different; the sales process is different,” he cautions. “It’s just a whole different operation of how you conduct business every day. It’s not a bad thing. But you can’t just flip a switch and make all this stuff happen.”
Also key is selecting the right ACaaS technology partner, Ingala says. Do your homework. Does the vendor’s offering have the right integrations and do they have a good track record in the marketplace? High-quality tech and sales support is also paramount.
“How do they go to market? How do they use their channels? What is their RMA [return material authorization] process? These are all aspects — the customer support — that you’re going to need, as the integrator, that will makes things a lot easier,” Ingala adds.
One of the biggest challenges integrators face is convincing customers to embrace cloud-based solutions rather than on-premise access control. Many security industry practitioners remain wary of “exposing” their security systems to the “outside world” by connecting them to the cloud, says Greg Tomasko of Honeywell Building Technologies.
“To help alleviate this concern, it’s important to educate customers on the benefits of ACaaS and explain the operational savings it can achieve, as well as making sure they understand the cybersecurity impacts and requirements,” he says. “They need to understand what they are getting from this investment, the future ROI it can bring them and how it can be done in a cyber-secure way.”
The time and knowledge it takes to migrate an end user from a traditional access control platform to the cloud are essential, explains Cynthia Gieseke of Identiv. Not only is it imperative to provide the correct hardware, software and service to ensure the client’s security needs are met, but integrators will also need to ensure that technicians and project managers are fully trained in utilizing the ACaaS and how to program the system and train the end user security staff.
“Communication is key! Be sure to show the customer how the service will be billed, whether it be monthly, quarterly, or annually,” she says. “A lot of assumptions are made at the partner level that the end users may not fully be aware of.”
Tim Norris of Brivo advises to beware that some vendors create a walled garden with their proprietary IoT devices that lock in integrators. It is therefore essential to look for a vendor with an open platform that provides flexibility and cost savings so you won’t have to rip out what you have to make it compatible with what they are selling.
“It’s also paramount to prioritize cybersecurity,” he says. “Validate all the vendors you are considering and ensure they have the proper certifications, audits and infrastructure. If you don’t, you could end up in the news and scrambling to pick up the pieces after an attack, all because you chose to partner with a startup with poor cyber practices.”
Some high-security environments, like those supporting critical infrastructure, prohibit the use of cloud solutions. Therefore, prior to recommending ACaaS, integrators must know whether onsite hosting is a requirement, Brach Bengtzen of ProdataKey (PDK) explains.
“Also, make sure that the manufacturer you’re choosing has a track record and will likely be around for the long haul. Customers find themselves with a completely useless system when a hosted solution goes out of business,” he adds. “Integrators don’t want to be responsible for putting them in that situation.”
A Good Fit for Wide Range of Vertical Markets
Fueled in part by the COVID-19 pandemic and supply chain upheaval that followed in its wake, end users of all types and sizes have raised the demand for ACaaS as they move to digital platforms to save on both capital expenditures and operating expenses.
Managed solutions, such as ACaaS, offer end users the ability to implement a robust security solution without having to invest heavily in IT infrastructure, explains Cynthia Gieseke, regional sales manager, Central U.S., Identiv, Santa Ana, Calif.
“Our partners manage the support of the service through a hosted platform in the cloud, simplifying operations,” she says. “The end user can still reap the benefits of the cloud, such as accessing data and doors at any time from any location, without the high cost of upgrading their hardware, servers and IT infrastructure frequently.”
Any vertical market that has a lower annual budget for IT infrastructure could benefit from ACaaS. By example, Gieseke says, education is one of the top market niches for these solutions. The reason is that security in general is growing quickly, and more K-12 and university campuses are looking to add or upgrade access control technologies in the coming years.
“In these facilities, access control is all about protecting students and staff members from unauthorized individuals — especially as the threat of active shooters has grown in the past few decades,” she adds. “What the education market does not have is an unlimited IT budget to invest in the latest hardware annually to keep their systems up to date and functioning at a high level.”
Eva Mach, president and CEO of security integrator Pro-Tec Design, Minnetonka, Minn., also points to IT department budget constraints as a market driver for ACaaS systems and services. When Pro-Tec first dipped its toes into the ACaaS waters in 2017, Mach expected smaller organizations with multiple sites would be the company’s main target clientele for its hybrid model. Not so. Instead, she has unexpectedly found municipalities throughout Pro-Tec’s service region to be highly receptive to ACaaS.
“There is a lot of demand on IT staffs. They are no different really than anybody else currently. The labor market is tight. Demand on labor resources is large and everybody’s looking for a way to do more with less,” Mach says. “[Municipalities] tend to have small IT staffs, and they have a lot of demand on their time. ACaaS provides them a way to do more with less. Instead of hiring additional IT staff, they rely on us to provide the services so they can focus on other areas for the cities.”
Lee Guill, director security solutions, digital energy division, Schneider Electric, Andover, Mass., explains government agencies require strict access control measures to ensure the safety of employees and the public, as well as to protect sensitive information. “ACaaS can provide a flexible and scalable solution for government agencies to manage access control across multiple locations,” Guill says.
End users with IT departments that are strapped by budget constraints and labor shortages find ACaaS especially attractive as it helps reduce demands on in-house personnel. // AKODISINGHE/ISTOCK / GETTY IMAGES PLUS VIA GETTY IMAGES
Regarding the size of the organization, Guill adds, ACaaS solutions can be suitable for small, medium and large enterprises. “However, larger enterprises may have more complex access control requirements that may require a more customized solution. In such cases, integrators may need to work closely with the enterprise to design and implement a solution that meets their specific needs.”
While ACaaS broke ground in the small-to-medium business (SMB) sector as being a way to remove the heavy burden of supporting IT infrastructure in organizations that didn’t have any, it has evolved into a similar business case for enterprise organizations, Houle says. “Compliance and the cost of downtime put pressure on organizations to maintain suitable security and infrastructure. Cloud service providers are able to provide the uptime guarantee and continuous cybersecurity maintenance that they are looking for,” he adds. “Ultimately, ACaaS can be an option for anyone.”
Tim Norris, senior director of product marketing, Brivo, Bethesda, Md., also emphasizes there are benefits that cloud solutions provide to all types of users. Large enterprises can and are benefiting as well.
ACaaS Deep Dive
For an even deeper dive into the multifaceted realm of taking an ACaaS solution to market, including the intricacies of cloud-based and managed offerings, don’t miss SDM’s previous reporting on this burgeoning technology segment:
“As they rapidly undergo digital transformations, more companies are shifting core business functions like HR, finance and more to the cloud. This includes physical security,” he says. “We see adoption across vertical markets such as healthcare and pharma, retail, financial services, education, logistics and tech. Brivo currently provides cloud-based access control to some of the largest global enterprises in these sectors. Customers trust us not only because of our pedigree and history but also because of our elite cybersecurity and compliance posture.”
Both SMBs and larger enterprise customers can benefit from AcaaS, but oftentimes in different ways, Tomasko says. For example, ACaaS for SMBs can provide smaller organizations with secure access control through a third-party provider, saving them both time and money, as they often don’t have the dedicated security team to manage and maintain the security system.
“On the enterprise side, ACaaS allows businesses to offload their infrastructure [such as data centers and computers] and reduce their total cost of ownership,” he adds. “With its centralized management, scalability and remote access capabilities, ACaaS is a highly efficient and effective solution for businesses of all sizes.”
Bengtzen also illustrates the differing benefits that ACaaS brings to a client based on the size of the organization. First and foremost, for the enterprise user it’s easy for them to manage multiple locations without having someone assigned to the task at each site. One person can handle the job across the entire enterprise, receiving instant notifications whenever something happens that they need to be aware of.
“The system manager can be in Dallas and know that a door has been left propped open at a building in Chicago,” he says. “They can assign user credentials for more than one location so that employees who move around between facilities don’t have to carry multiple cards. Also, companies with enterprise systems receive significant tax benefits from ACaaS. The entire system can be written off as an annual operating expense instead of a one-time capital expense. The larger the system, the more significant the tax benefits.”
Still, do not overlook the hand-in-glove fit that ACaaS brings to the SMB space. “These companies don’t have large budgets for overhead; they often can’t afford a full-time IT person or someone who can manage the system from onsite,” Bengtzen says. “ACaaS is a perfect way to work within those limitations. ACaaS comes with a much lower upfront cost, and the system can be managed from anywhere. We’re seeing a lot of interest in our solutions from 24/7 businesses like gyms, studios, woodworking shops and co-working spaces. Members, or ‘users,’ can let themselves in and out, while the business owners manage security from their phones and don’t have to hire people to work at a front desk.”
NAPCO Security Technologies designed its AirAccess hosted access control solution specifically for the SMB market, explains Rob Etmans, business development manager, NAPCO Access, Amityville, N.Y. The cellular- and cloud-based offering is powered by StarLink cellular communications, so it makes the connections for dealers and integrators automatically, without the customers’ IT department or network.
“AirAccess fits that 80 to 90 percent of the market for access control; about 80 percent of the market is one to 16 doors,” Etmans says. “The verticals that we concentrate on where this has done very well are one to eight doors, [such as] strip malls where you’ll have four doors for different tenants. You have one network communicator. That allows our dealers to go in there and provide one system that a customer can individually control for that tenant.”
Use cases for ACaaS are myriad. Etmans describes a dealer partner of NAPCO’s who has found success deploying the AirAccess system to construction site trailers. A general contractor was seeking an answer for tracking who was going in and out of project site storage containers, which are typically used for contractor trailers on jobsites.
“So they put wireless locks and a Starlink communicator on the shipping container so that they know who was coming and going. And they can control who can get into it in the morning, and who can get into it after hours,” Etmans says. “And they know exactly when somebody is coming in, and if the door is left open. They got all the features of access control without having to have a network.”
Among top challenges integrators face is convincing customers to embrace cloud-based solutions rather than on-premise access control. Educating customers on the benefits of ACaaS and explaining the operational savings it can achieve is crucial. // NOSYSTEM IMAGES/E+ VIA GETTY IMAGES
Centralized Tool for Monitoring Multiple Offices
By deploying ACaaS, not only can security integrators deliver enhanced security and minimize upfront costs associated with the purchase of servers necessary for physical access control, but they also simplify end user operations and save time on monitoring activity of multiple offices.
Clients are actively looking for ways to eliminate siloed systems within their organization, explains Tech Systems’ Luchene.
“While some were slow to embrace cloud solutions, nearly all manage some if not all of their business using cloud applications today," he says. “ACaaS is just an extension of this and allows managers to leverage feature sets to meet specific needs for each office all from one application.”
Think of ACaaS as a simplified and centralized tool for monitoring multiple offices, Identiv’s Gieseke says. Information received from all the facilities at each individual location is stored in one single place, and 24-hour access to this information is provided to the administrators that have the rights to access.
“By implementing ACaaS, users enhance the security of their system and minimize upfront costs associated with the purchase of IT infrastructure,” she continues. “This service also simplifies business operations and saves time in monitoring the activity of multiple offices. This in turn will reduce your labor hours by eliminating the need for one administrator at each location.”
Norris of Brivo underscores the advantages of centralized ACaaS are plentiful, and at the top of the list is doing more with less staff. Secondly, users benefit from a single view of all security operations in one place. “This means no servers or disconnected systems to maintain in each location,” he says. “A single solution, viewable on one screen, makes operations easier for access managers, no matter where they are based or how many facilities they manage.”
Lucas Ingala, owner of Watchmen Security Services, Kansas City, Mo., further explains the benefit that a single sign on affords the end customer: “If I have 10 properties or 20 properties or 30 properties, I can see them all at a global level and I can drill down on each individual property, and I can pull data out of that property — all from one pane of glass.”
Importantly, users can at once be alerted to anomaly events. “Why is Sara using this particular door at 4 p.m. when she hasn’t for the past 30 days? Anomaly detection is something we can set up for the customer,” Ingala says. “In common areas or in office space, how many times is this door being used today? With remote work and flexible work, how many of my parking passes are getting used in the parking garage? I can see how often my doors are getting propped open, I can see a snapshot with facial recognition along with the door credential, I can see pass-back events.”
Users also have the capability to revoke credentials or add users from a web application on smartphones. Critical events can be monitored remotely, such as the status of the panel, and muster reports can be processed instantaneously.
“I can do everything from literally a couple of clicks,” Ingala says. “It’s just super easy for someone to use because of the cloud platform that’s built on it is set up that way and it’s easy to bolt on. It scales easily for these companies.”
Connecting multiple sites via ACaaS enables central monitoring and management from anywhere, even on thin clients like mobile app and web portal, explains Houle of Genetec. No local servers need to be installed and maintained.
“The Synergis Cloud Link device is the cloud gateway, providing a secure connection of edge devices to the cloud. This means fewer connections to manage,” Houle says. “An ACaaS deployment simplifies the needed infrastructure and minimizes the effort required for maintenance, while providing increased visibility of all sites under a single system.”
In addition to the advantages of a centralized monitoring solution, ACaaS provides a scalable solution, which means it can adapt to the changing needs of the customer, Tomasko says. “Whether they need to add or remove users, doors or locations, ACaaS can quickly accommodate these changes,” he continues. “This makes ACaaS a smart decision if an organization wants to supplement their staff with a platform and a provider that contributes knowledge and reliability to their security operation.”