State of the Market: Access Control 2016

The access control market has been historically slow to change. Complicated systems, proprietary products, and large card populations have been a tempering force on an otherwise dynamic industry. Remember how for years smart cards were going to be the “next big thing”? Likewise with biometrics. But the days of top-down technology that doesn’t catch on quickly may be coming to an end.

For a hint of what may happen in the next few years, one only has to look to the security alarm market, which was stable and relatively stagnant for nearly 30 years before experiencing a revolutionary shake-up with interactive services and connected-home products, many driven by the meteoric rise of the smartphone. Could a similar shift be in store for access control? There are certainly some early signs pointing to that possibility. Technology is poised to impact all markets more and faster than ever before. And the economy is in a good — if not yet great — place to facilitate that.

Those who operate on the world stage report that the U.S. market was extra strong last year. “2015 for us was a bit better than 2014 [globally],” says Jason Ouellette, product line director for access control, Tyco Security Products, Westford, Mass. “Overall we had single-digit growth, but we had double-digit growth in North America.”

This is borne out by research firm IHS, which reported that the U.S. access control market spiked in 2015, finally reaching the $1 billion mark, up from $961 million in 2014. (See chart, page 66.) “It is looking to grow quite substantially over the forecast period,” says Alexander Derricott, market analyst, IHS Inc., Denver. “The market is dominated by new technologies.”

The Freedonia Group, Cleveland, Ohio, estimates even higher growth based on its research. It predicts the U.S. market for electronic access control will reach $4.5 billion by 2019. (See chart, page 74.) Either way you look at it, “The U.S. market is by far the biggest access control market in the world,” Derricott says.

SDM’s own research also supports a healthy outlook. The 2016 Industry Forecast Study, conducted in November 2015, asked readers to report on several aspects of the security market in 2015 and their expectations in 2016. Share-of-revenue from access control rose from 11 percent in 2014 to 17 percent in 2015, overtaking video surveillance for the first time and coming in second to burglar alarms, which have been experiencing a renaissance of their own. Integrated systems, which very often include access control as one of their pillars, also rose from 7 percent to 13 percent, nearly doubling. And a whopping 80 percent of respondents reported the access control market was “good” or “excellent” in 2015, compared with 69 percent last year and outpacing the 71 percent that was predicted last year. Even more (85 percent) expect it will be good or excellent in 2016. (See charts, pages 55 and 54.) 

“2015 was a great year for us and our forecast is the same in 2016,” says George Ballman, president, Kastle Systems, Falls Church, Va. (SDM’s 2015 Systems Integrator of the Year). “On a percentage basis we experienced 20 percent growth.

“If you look at the GDP over the long run it is normally about 3 percent average. It has been running at about 2 percent for over seven years now, but it is one of the longest-running positive GDP growths since WWII — not really great but long running. The consumer price index is down, unemployment is the lowest it has been in 10 years. There are a lot of good macroeconomics going on. We see a lot of customers wanting to stay current and trying to use technology as a competitive advantage, particularly in commercial real estate,” Ballman says.

Jim Coleman, president, Operational Security Systems Inc. (OSS), Atlanta (featured on this month’s cover), agrees 2015 was a better year than 2014. “Revenues were up between 10 percent and 15 percent, and profits were up similarly.” He reports that new installations were also more prevalent in 2015 and continue to be.

As immediate past president of SecurityNet Coleman hears similar reports from his fellow integrators. “Across the country all members are busy, and busier in 2015 than in 2014…. In general, we are seeing folks starting to have capital expenditures again. The economy picked up and other areas did, too. Regions with strong technology businesses were the first to recover from the Great Recession. Finally in 2015 we saw all our members both busy and enjoying growing backlogs.”

Manufacturers also report healthy gains in 2015. “We did better,” says Paul Ahern, president/CEO, Cypress Integration Solutions, Lapeer, Mich. “I haven’t spoken to anyone in my inner circle who did not do better in 2015. I think there has been pent-up demand over the last few years and there is still a lot of it that hasn’t been relieved yet.”

This bodes well for 2016. In fact, Ahern reports a significant change from January 2016 over January 2015. “I was expecting 2016 to be flat, but we had our best January ever.”

Integrator David English, vice president of sales and marketing, SSP (Southeastern Security Professionals), Norcross, Ga., notes a similar pattern. “We have done a lot of upgrades for access control this year and probably more than I can recollect. It was a good year for an access control upgrade…. It is still early in the year but we are significantly up from this year versus last year. We are anticipating around a 23 percent growth overall and we are in excess of that already — up over 50 percent so far versus [this time] last year. These are traditionally the lighter months of the year. But we have had a lot of people with released budgets and large projects that have started off at the beginning of the year.”

He isn’t the only integrator noticing a sudden uptick in access control. Canadian integrator Marcomm Systems Group, Nepean, Ontario, has seen a major increase in access control requests and requirements, particularly compared with 2012 when every project was video, reports Marc-Andre Bergeron, vice president of operations. “I can’t put a number on it, but there has been a massive increase. Right now, of the projects we are seeing, 90 percent have an access control component.”

SDMForecast respondents were on top of this trend back in November. Sixty-six percent predicted that spending on access control equipment would increase in 2016, with 25 percent predicting it would increase by more than 10 percent. Last year just over 50 percent predicted a similar increase for 2015. From among nearly 20 product categories included, only video surveillance and IP-based video had a healthier spending outlook in this year’s Industry Forecast Study. (See chart, page 60.)

In terms of vertical markets, education, healthcare and multi-family did very well in 2015, as did any industry that is regulated, many sources report. 

“In general, there was some disparity in the performance among major industry verticals,” says Jeff Holland, regional vice president, Securadyne Systems, Dallas. “We continue to see strength and momentum within the highly regulated industries such as healthcare, electric utilities, etc.”

Another factor that may have bumped up business last year was world events such as the Paris and San Bernardino attacks and continued trends in violence in schools.

Integrator Jay Slaughterbeck, managing partner, Strategic Security Solutions, Raleigh, N.C., reports a very good year, in part as a result of these trends. “2015 was our biggest year ever. We went from about $2.4 million to about $4.8 million. We landed some large accounts in 2014, so we had that recurring business and we did a very large project, which was a kick starter. But some of it may have been fear of ISIS and the way of the world. I have seen an increase in people wanting duress or lockdown systems. They want a push button that can put their facility into a state of lockdown. In the past six months we have had an influx of those types of calls.”
 

Overall Market Trends

Up until recently, the access control market wasn’t prone to the same sorts of trends and pressures that video surveillance or even alarm monitoring has seen. But that may slowly be changing.

“The reality is you don’t have a lot of [foreign] manufacturers playing in the access control market,” says Rick Caruthers, executive vice president, Galaxy Control Systems, Walkersville, Md. “Video has become a race to the bottom. If you are ONVIF compliant you can walk in with a cheaper camera and a dealer will say ‘absolutely, I’ll take it.’ We don’t have that kind of competition in access control because it is not plug-and-play. You can’t just take something off the wall and walk away. It takes a lot of effort to change from one manufacturer to another, so the consumer is not as quick to switch out access. We frequently run into systems that have been installed for 10, 15, even 20 years and they just grow and continue to use it.”

Along with that stability has come steady pricing, Caruthers adds. “We haven’t modified our standard pricing in seven or eight years. We haven’t had to decrease pricing, whereas video is taking a dive.”

Kurt Takahashi, senior vice president of sales, AMAG Technology, a G4S Company, Torrance, Calif., agrees. “In general it is more of a retrofit market today than ever. In my mind, the future — at least in the next two to three years — is still more of a retrofit market than green field.”

But retrofits today almost always include “openness” as table stakes. While not as far along in working on open standards as video (see “What’s New With Standards?” online at www.SDMmag.com/Whats-new-with-standards), access control manufacturers are increasingly working together to provide integrations, APIs, SDKs or sharing common hardware like the Mercury panel — all things integrators and customers alike want much more of.

“We feel we are in a very good place with that trend and the tendency to go toward the open architecture and common hardware platform,” says Frank Gasztonyi, chief technology officer, Mercury Security, Long Beach, Calif. “The tendency is for specifiers and integrators to stay with sources that are supported by multiple manufacturers.”

Other manufacturers are coming at the market from an entirely new point of view. “In access control today 70 percent to 80 percent of the revenue comes from selling what is essentially 20-year-old technology,” says Scott Sieracki, CEO, Viscount Systems Inc., Vancouver, British Columbia, a newer entrant to the access control market that is focusing on IP-centric solutions. “The problem is security doesn’t dictate the evolution of IT; companies like Cisco and HP and IBM dictate a natural and everyday evolution in all things related to it. But we are there [in access control] now. It will happen just like it happened in video and telephony. There is no stopping this.”

According to a representative of HID Global, Austin, Texas, this is a great time to be in the access control market because of how technologies are enabling such powerful capabilities. “After two decades of advances from simple visual ID badges to smart cards, standards-based access control systems and mobile ID solutions, the industry will now enter its next chapter: identities that are used on a variety of devices for a growing range of existing and new applications in a connected environment.”

Coleman has seen a slow start to this, but is more positive on a shift in 2016 and beyond. “As technology changes our clients tend to say, ‘What is it that is new and do I really need that?’ A lot of times [customers] say ‘I’ll pass.’ A good example is card technologies. A lot of our installed base uses 125 kHz proximity cards. The question is how long they will stay with a compromised card technology before they decide to change? Companies like HID have invested heavily to enhance secure credentials and ID management and the traction has been slower than anybody would have predicted.  In 2015 our revenue growth came mostly from compliance issues. But many of the opportunities for 2016 will be driven by a pent-up demand from clients that have delayed technology refreshes of older systems.  We are replacing analog [video] with IP systems and, in more than a few cases, we are also looking at what technology makes sense for access control head ends.  Some of the browser-based offerings are attracting customers, particularly higher ed. They don’t want to fool around with client-server workstations.”

Ahern thinks this presents a real opportunity for integrators. “I would be calling on every customer I have that has an old, antiquated system and trying to convince them to move from managing credentials to managing identities. That would keep most integrators busy.”

Manufacturers at all levels are looking at access control in a whole new way today. Whether a large enterprise manufacturer looking to partner with systems that complement their offering, or offering a unified platform, or a cloud-based approach that uses no software, the ultimate goal is similar: to increase the value proposition and offer more than just opening and closing a door — or other opening.

“The definition of what an opening is, is changing a little bit, says Mark Duato, vice president of integration solutions and OEM partnerships, ASSA ABLOY Door Security Solutions, New Haven, Conn. “Innovation is enabling us to add access control technology to non-conventional openings like medical cabinets, server racks and more. This allows us to go much deeper into the end user’s enterprise and find more applications…. It is not just about a building envelope anymore, but about the many ways you can capture information internally in a very cost-effective way.”
 

‘Top’ Influencers

At the top of the market, enterprise-level systems have become more deeply integrated — even unified — and are heavily interested in what to do next with all their data. “Big data,” the Internet of Things (IoT) and business intelligence are the key words here.

In fact, a recent Memoori report, “The Physical Security Business 2015 to 2020; Access Control, Intruder Alarms & Video Surveillance,” states, “Towards the end of the decade we expect the Internet of Things in Buildings (BIoT) to kick in providing further growth. Integration across all three sectors of the industry has proved to be a cost effective proposition but not the ideal solution. BIoT should make convergence with the business enterprise and integration with other building automation services a practical proposition.”

Matthew Kushner, CEO, 3xLOGIC, Westminster, Colo., adds, “The piece that is new and interesting and growing rapidly is the information that comes from around that door. The access control product collects untold information on activity that happens at that door. We collect all that information and pour that into a business intelligence engine and provide analysis of what is happening and what behavior they should be looking at.

“In my mind there are two types of users for this information. There is the user that is expecting to extract more business value out of their data from a wide variety of business solutions because they want to leverage that. And there are those that will want that. You are either doing it today or you will be doing it tomorrow. People understand there is money in that data and they are looking for integrators and solution providers that can mine that data to have an impact their business.”

What’s more, they want to do all this on a global scale, with centralized management, says James Rothstein, senior vice president global security marketing for distributor Tri-Ed, An Anixter Company, Woodbury, N.Y.  “At the enterprise level the ability to manage things globally has become more prevalent. We see one of the strong needs is to really have a global solution where they can implement the same standards throughout the [enterprise] and manage it centrally.”

Chris Wilson, product manager, Paxton Inc., Greenville, S.C. adds, “They want a system that will provide more return on investment than just what a single system will provide. The unified system will become the norm and provide ease, simplicity and maximum value for the user…. As systems continue to embrace the unified platform, the security industry will need to migrate to inter-connectivity with industry standard protocols such as BACnet to provide the total IoT and intelligent building solution that customers want and are demanding.”

The integration of a facility’s security into building management is the next logical step because there is tangible ROI in terms of energy savings, says Chris Sincock, vice president security business, DAQ Electronics LLC, Piscataway, N.J. “We continue to get traction in opportunities where the end user either on their own or under advisement of a consultant is looking to provide integration between building automation and access control and a security management solution.” DAQ provides an access controller that speaks native BACnet to accommodate these requests, he adds.

The “what” enterprise users want is clear. The “how” is where things start to get a little muddy.

“How do you integrate when everything is IP-based and what platform do you integrate on?” Coleman asks. “We are seeing manufacturers building PSIM-like features into their products to get some reporting or track some ancillary kind of things like whether the guy driving the forklift is trained and if not we turn off the card. It is an interesting topic. Our industry is maturing.”

“There are not a lot of tools that provide widespread solutions for all the myriad questions that come up,” says Richard Goldsobel, vice president of Continental Access Control, a division of Napco Security Technologies, Amityville, N.Y. “IoT, cloud hosting, active directory integration is there. But after that it is a wide open canvas and everybody wants to say, ‘I have XYZ brand in HVAC. Can you tie those together, integrate it and grab data from that to make my building smarter?’ The access control system can create data at a large pace, but I feel like the IT guys are struggling to keep up with just Active Directory. As the world gets more tied together and data starts to get shared, as things move more centrally up to the cloud, that becomes a huge job. Everyone years back was talking about the connected home. Now that’s here. But imagine that on a corporate level. On a large-scale data level that is a huge integration with a lot of points of failure.”

Rather than tie disparate systems together, several major manufacturers have started offering “unified” platforms that take a video system and an access control system (at the very least) and natively integrate them so that all of the features of both systems are available on a unified interface.

“Unified systems are going to lead the way over the coming years,” Takahashi predicts. “The ability to maintain third-party integrations is still necessary, but when you are able to leverage a single technology it is easier to maintain them and more cost effective.”

Jimmy Palatsoukas, senior manager of product marketing, Genetec Inc., Montreal, says interest in that company’s unified systems is definitely increasing. “When a customer puts in an access control system initially they are looking at a basic need, which is to secure a door. Over time, it becomes more about how they can become more efficient and activate additional automation, which means operators running fewer reports, freeing them up to do other things. Once you bring in a unified approach then you can talk about enhancing situational awareness.

“It is hard to say whether 2016 will be the year it all happens, but it is a side of security that will be unfolding over the next couple of years,” he believes.

Tyco’s Ouellette also sees a growing demand for unification. “We have certainly seen growth and traction with our unified offering. But this is the deep end of the pool. It is not an easy barrier to entry for companies to get into. It is complex and requires a lot of internal communication and maneuvering to provide a product with the feeling of one experience for a customer.”

While they may be much more complex, those integrators who do play in the larger spaces are grateful for the increased options.

In the government sector, for example, the increased capabilities of access control and integrated systems at the top are helping meet needs even before the government realizes it can be done, says Michael S. Rogers, CEO, Securityhunter, Baltimore. “I would say the opportunity for us is taking innovative software solutions and applying those to fill the need the federal government has that they haven’t even created a program for,” he says. “Typically we as security integrators wait for the government to offer a program and say ‘we can do that.’ But now we can identify a solution the government hasn’t yet identified as possible and say, ‘You probably didn’t know we can do this.’”

Increased options for expansion and retrofit will help large clients move on from their older systems more quickly, Coleman adds. “The biggest opportunity we see is with existing clients refreshing technology and tools that allow us to take older systems and turn them into state-of-the-art systems.”
 

Technology Drives Small- & Mid-Market Shifts

It used to be that the security market, and many access control trends in particular, were driven from the top, either from government initiatives, space technology or expensive systems that eventually worked their way down in price to be affordable for the small and medium-sized markets. Today’s top trends across the access control space, however, are coming from the commercial space, or “bottom up.” Cloud, wireless locks, and mobile credentials are all the talk right now — and none of them are initiating in the large enterprise space.

“The residential market is where the big volume is,” Kushner says. “With volume comes innovation. What is happening with IoT and how massive technology and capability is being packaged into something that can slip on your wrist, that stuff is coming north. It is coming to small business, then medium, and ultimately enterprise. Mobile credentials, wireless locks, [cloud], these are things that are commercial today and are creeping into our industry.”

Sieracki chalks it up to the excitement factor. “Home automation systems are way sexier than the stuff our industry sells to the enterprise customer. The consumer will deal with anything that attaches to their phone. The technology and sex appeal is coming out of the consumer space, which is light years ahead in user appeal.”

Mobile will drive the future, says Bruce Stewart, manager, business development solutions, Axis Communications Inc., Chelmsford, Mass. “Phones are the livelihood of everybody and everyone wants to use the phone to pay. Now they are asking, ‘Why can’t I open doors, too?’”

Coleman's company has done some pilot projects and he expects the trend to grow. Proximity cards have vulnerabilities, and we can say, ‘You have a weakness and if you don’t spend some money to update you may be in trouble.’ That vulnerability is the stick. But mobile credentials are the carrot and people are more attracted to carrots than they are to sticks. I think mobile credentials will gain wider adoption in 2016.”

Customers are looking for more connection across the board, Paxton’s Wilson adds. “In today’s age, we are all connected daily. We use our smartphones to check on our smart homes. Customers now want to have the same level of connectivity with their business and facility. But while they want this, they don’t want the management of their building to be time consuming. They want a connected system to assist them in making them informed while taking control using ‘intelligence.’”

This is something that Kastle Systems is banking on with its Kastle Presence offering introduced in late 2015 (which uses mobile credentials as the base for an IoT solution aimed at their multi-tenant office building market). “I think we are going to start seeing more of that as the IoT starts to impact much more,” Ballman says. “As we move to BLE-enabled devices or offerings where you are…contributing to the awareness of the building for space optimization and energy conservation, that will create a much more compelling event and ROI for them. At the end of the day they are not buying a reader on a door; they are buying the service that it offers.”

Will 2016 be the year of mobile credentials? Maybe not. But 2017 or 2018 certainly could be, which is a vast improvement in speed over the smart card’s slow crawl into the access control market years ago.

“Mobile credentials have been starting off slowly, but lately it is finally starting to pick up a lot more interest,” says Mitchell Kane, president, Vanderbilt Industries, Parsippany, N.J. Once it catches it is going to be a big opportunity, he adds.

“It may be a couple of years before it becomes cult-like in demand,” Sieracki says. “I would think a lot of these barriers are just going to generationally erode. The old guard in our industry has hung on for a long time. But the new guard, if you can’t do it on your phone and if you have to interact with things like keys and cards, what is the point?”

Wireless locks are another tech trend that has really taken off in the past year or so and exerting a bigger influence on the access control market today. In fact, an Ingram Micro Advisor report, Top Access Control Technologies to Pay Attention to in 2016, notes that “wireless locks are becoming ever more popular. By leveraging Wi-Fi or extended access control infrastructure, wireless locks can easily be added to a new or existing access control system without having to modify the door or run cable. While sales of wireless locks have been on the rise in recent years, they’re expected to grow even more in 2016.”

Coleman says architects like the simpler presentation. “If you can mount one device rather than three or four, isn’t that a better thing? If you can do it without having to run as many wires and spend less money, the overall cost to have access control is lower per door and you get market elasticity. More people want to put it on ‘this other door,’ too.”

In fact, Holland attributes much of his company’s growth in the middle market to wireless technology. “Most notably the proliferation of wireless and Wi-Fi locksets has meant exponential growth opportunities. Directly attributable to less infrastructure, the price point per door has been driven down. Lower price points equal more volume potential. Major manufacturers made significant investments in these product sets, increasing visibility and even expanding market opportunities that before were not available. For example, within the higher education vertical, on-campus student housing before was not part of an integrator’s job scope. Today it is often the driving force behind such.”

The wireless revolution is touching most, if not all, manufacturers, Goldsobel adds. “There are so many locking manufacturers coming out with wireless locks, remote access locks, and cloud services for remote administration of those devices. It is becoming a huge thing. From last year and for the next couple of years this is one huge area of integration that is continuing to develop.”

IHS numbers reflect this, with the current breakout of wireless online locks in the Americas at 68.7 percent, versus 31.3 percent offline.

ASSA ABLOY is one company betting on wireless in a big way. “The momentum is there and it is only going to build. The noise level is loud and will continue to be,” Duato says. “We are extremely bullish on where the market is going.”

Another big driver in the access control space is cloud and/or hosted/managed access control (which is often, but not always, the same thing). In the SDM 2016 Forecast study, 57 percent expected cloud-based services of all types to grow, up substantially from 39 percent last year. And managed access control is now tied with remote video monitoring at 55 percent of companies now offering those services. (See chart, page 64.)

IHS numbers also support these findings. The U.S. market for access control as a service is expected to grow at a compound annual growth rate of 17.8 percent through 2018, doubling in revenue between 2014 and 2018 to reach more than $344 million. (See chart, page 70.)

Slaughterbeck says his company has significantly increased its hosted access control offerings. “We have probably quadrupled that in 2015. Taking it to the cloud is easier because of open architecture. Our recurring or hosted access business has increased with great significance over the past year or two.” He adds that his company has gained experience with demonstrating the total cost of ownership and can now sell it better.

It also helps that customers now understand what cloud is, and what it isn’t.

“We have been working with hosted systems for six or seven years now,” English says. “It is increasing every year. It is absolutely well over double-digit growth and becoming more popular. People are beginning to get the value.”

Goldsobel agrees. “They are starting to understand what the real solutions mean. It is not just ‘cloud is great; everybody switch.’ They get it and start to see where it is beneficial and where it is not, and they know to ask about it more. It has moved from hype to reality.”  

The value proposition for integrators is, of course, the RMR it can bring to the table. “We increased RMR about 70 percent last year,” English says. “We think the trend will continue. One of the changes we have made is for clients we wouldn’t consider enterprise we position them more into a cloud or hosted environment to lower the cost on the front end but provide recurring revenue.”
 

A Growth Market

For the security integrator all these trends present both incredible opportunity and potential challenges in the coming years, Duato says. “Their greatest threat is their own rigidness in sticking with the way they have always done things, because that is not how end users want to buy today. The integrator has to decide how to expand at the right pace. In a growth market, the same old thing isn’t always what is going to work.

“There is no doubt that the market is changing because we have a lot of very unique views all the way down to the device of what is happening in the building. If you are not paying attention to those things then somebody can come in and pull your business away. Think about what Uber did to transportation. The integrator should be thinking the same way.”

Ballman agrees. “I think when technology starts moving very, very fast in an industry, the threat is that something comes in that you hadn’t anticipated. That is why we are so focused on the customer experience operationally. But the other big tenet for us is innovation. That is why we spend so much time on the IoT and what that will mean. We don’t want others to come in with some technology that we hadn’t anticipated.”

Independent integrators are differentiating themselves with services, Palatsoukas says. “This allows them to stay independent. Whether by offering managed services or centralized monitoring of access control our dealers and channel partners are coming up with some interesting ideas on how to differentiate themselves.”

With all these newer options, many experts feel the time is now to not only revisit the legacy systems and perhaps suggest replacing or upgrading, but also to approach new customers. “There are opportunities today to sell to customers that had not previously considered access control but given the current state of world affairs may be considering it now,” says Dennis Geiszler, business development, Keri Systems, San Jose, Calif. “As networks and cloud become more part of the mainstream, people might be looking at that more. I see that as a growing trend.”

The access control market may be more dynamic this year than it has been in many years, and it is something to keep an eye on. As HID’s spokesperson says, “A changing market environment presents both challenges and opportunities for integrators this year and beyond, as the industry moves to centralized identity management systems that support access control for securing access, not just to the door but also to data and to cloud applications, while providing a seamless user experience using both ID cards and mobile devices. Integrators can play a role in delivering the overall solution, and also provisioning and managing a broader range of credentials across many applications.”

---

HID Global is watching five key developing trends in the new year, highlighted by growing market demand for a mobile-centric and more satisfying user experience that the company believes will be the primary driver for security technology innovation in 2016. Customers will increasingly aspire to a comprehensive secure identity experience for their users, which can provide the foundation for more flexible, adaptable solutions in a new era of interconnected digital identities and the Internet of Things (IoT).

• Trend 1: “Mobilizing” security will make it more pervasive and personalized.
• Trend 2:Security will move to a much greater focus on the user experience.
• Trend 3: A new era of secure connected identities will not only make us safer but fuel innovation in how we work, shop and play.
• Trend 4: There will be closer attention to privacy issues in an increasingly connected and mobile-first world.
• Trend 5: Security policies and deployment best practices will be as important as technology advancements.

Contributed by HID Global. To read the full whitepaper visit www.SDMmag.com/HID-top-secure-ID-trends.

---

Biometrics have had a recent upswing in popularity that, although they haven’t pulled out of the “niche” category quite yet, is definitely something to watch.

“Biometrics are still considered an emerging sector, but we are experiencing rapid market adoption and increased velocity of market deployments,” says Anthony Antolino, chief marketing and business development officer, EyeLock, New York, N.Y. “When combined with strong market research from the CIO community, the long-term outlook is impressive by any measure.”

Particularly as more and more people start to focus on the gaps in cybersecurity and identity fraud, they are starting to look at biometrics with fresh interest, says Mohammed Murad, vice president of global business development and sales, Iris ID Systems Inc., Cranbury, N.J. “We started out providing technology for … back office IT protection. Now we have moved to the front office as customers have realized the technology works well and is non-contact.

“Integration points have also become easier, which is always key to getting mainstream applications to adopt. We are plug and play. We are building a product that can replace a card reader, work with a card reader or have a card reader built into it.”

In fact many mainstream access control manufacturers have started offering OEM relationships or partnerships with a host of biometric solutions.

“We are working with all of them,” Murad says. “Our technology has been integrated with almost every single access provider available today.”

Keri’s Dennis Geiszler says his company will soon be introducing its own private labelled biometric reader. “Biometrics is breaking into the mainstream a little more and it is an opportunity for us.”

Another reason biometrics may be surging of late is a renaissance in the technology itself.

“Every year for the last 25 years biometrics was going to take over access control,” recalls Gary Staley, national sales director/founding partner, RS2 Technology, Munster, Ind. “It is finally doing well because the product got better, and a lot faster. I have been around for 30 years and I just saw the first [biometric] technology that truly impressed me. It has finally gotten to the point where processing speeds and times are fast enough to do it with face only or finger only as opposed to card first.”

Over the last year there has been a dramatic shift toward contactless and frictionless options like the Morpho Wave fingerprint reader or Stone Lock facial recognition, says Tyco’s Jason Ouellette. “The market really likes frictionless. It likes the notion of having confirmation of who you are without having to think about it as you approach the door. Usability and convenience really sells.”

OSS’s Jim Coleman says convenience is definitely making a difference in client interest. “In the past every so often we would have projects where the demand for higher security required biometrics. But what we are seeing now is clients that are interested in using biometrics not just for security but for convenience. The cost is still high and until it comes down more I don’t think it will become too widespread. But more people like that convenience and are willing to pay a premium for it. And it is way cool.”

Research firm IHS backs up the empirical evidence that biometrics are on the rise. The company predicts global biometric revenues will rise from $278 million in 2015 to more than $400 million in 2019. (See chart, this page.) SDM’s own research shows that more than one-third of respondents plan on increasing their spending on biometric products in 2016, including 14 percent who predict increasing spending by more than 10 percent.

“What is interesting here is that as biometrics has started to become more accurate, with faster throughput and the price has started to go down it is starting to meet end users’ expectations,” says IHS’s Alexander Derricott. “It is starting to come into its own…. We are looking at an overall biometric market that is expected to grow about 10 percent over the next few years globally.”

Murad also credits the smartphone industry with making biometrics more mainstream in the past couple of years. “Since fingerprints have been included in mobile devices people are now starting to think, ‘How can I make this work in my workplace?’ It opens up a whole new conversation.”

Antolino agrees. “The proliferation of biometrics on smartphones, largely led by Apple, has helped take biometrics out of the shadows and into the mainstream consumer technology. As a result, value chain stakeholders realize they need to assess all biometrics to determine which is relevant to their case and meets their usability, security and cost guidelines.”

Canadian integrator Marc-Andre Bergeron of Marcomm Systems Group says biometrics has become a trend. “Whereas four or five years ago they were not part of an overall strategy, we are now seeing them being integrated by the powers that be right into the software so you can actually deploy a proper solution. It’s trendy. You see it on CSI.”

Overall the picture for biometrics in the near term looks rosy. “People lost a bit of trust in biometrics for a little while but products now are far better,” Derricott says. “The price premium is going down, they are accurate and a good proposition, especially if you are looking for a system that doesn’t require you to get something out of your pocket. Yes, there are issues to be solved, but everyone I have spoken to has a fairly positive outlook on how this will develop. People are talking about it.”
 

---

While it may be a great time to be in the access control market, it is also a challenging one. Competition is changing and consolidation on both the manufacturer and the integrator side seems to be increasing at a rapid pace.

“Market channel convergence is an important area of consideration,” says David Price, marketing manager, Camden Door Controls, Toronto. “The borders between distinct low-voltage markets, including security, locksmith, door hardware, automatic door, IT and electrical contractor channels seem to become less distinct by the day.” Price adds 2015 was marked by “consolidation on a massive scale — large conglomerates buying other large conglomerates.”

Galaxy’s Rick Caruthers sees this as a potentially disruptive force, on both sides. “We are seeing big video manufacturers buying access companies, where that wasn’t the case before. That is something we are watching. It could have a similar impact to 10 years ago when a lot of the big companies were pulling a lot of things into conglomerations. It does disrupt the channel a little.”

A recent merger demonstrates this disruption, says Richard Goldsobel of Continental Access Control. “Johnson Controls and Tyco are now together and it is another ripple in the integration market. To me the issue is when you have the big companies that have their own access products and their own integration channel and then they merge, who is going to win [on the integrator side]: the Johnson Controls or the Tyco integrator? As the market continues to mature in that way, on the integrator side will there will be new regionals that merge and become national? That will be interesting.”

Jay Slaughterbeck of Strategic Security Solutions acknowledges there is more competition today. “A lot of the national organizations have come to our market. A new class of national integrators are coming and trying to ramp things up…. Competition and build-outs of new business make things a little tougher.”

IT integrators that are trying to push into the security space may find access control a tougher business than they expect, says Jim Coleman of OSS. “We see some competition from folks in the IT industry that traditionally put in switches and servers and think, ‘Why not cameras?’ But we don’t see as much IT competition on the access side, because it is a little trickier. When they try their hand in the world of electrified door hardware and life safety codes, sometimes they get their fingers burned.”

SSD’s David English sees this happening with new entrants, wherever they come from, if they don't have the right experience. We just see more and more companies coming in and saying ‘me, too’ on security. We have lost quite a few projects like that, only to find that they don’t understand and have heavily underpriced and underbid it. They can’t manage an installation for access control from a camera system. We lose jobs on the front end, then get called in after the fact. That is a challenge, but we are getting better about talking about it up front and helping the client understand that you don’t just grab somebody because they say they have access.”

Particularly for the independent integrator, there is a shift starting in the need to differentiate what they do. “The challenge to the integrator today is competing with multi-regional and national companies that keep expanding and growing,” Caruthers says. “For the small, independent companies, they will still have plenty of opportunities to be more personal in a market space than the big ones might.”

RMR is a great differentiator, 3xLOGIC’s Matthew Kushner says. If the cost per door comes down to a relatively low price, these master RMR dealers or integrators could start subsidizing the lock. Here is my Nostradamus prediction: Hardware will continue to come down and the cost to secure a door will continue to come down. Innovation at the threshold will take advantage of all the volume of activity taking place in wireless and cloud and when it hits a price point where someone could subsidize a door price with an RMR model, that could be a risk to some integrators.”

AMAG’s Kurt Takahashi sums up market competition this way: “From the local regionals…it is about driving RMR and differentiating themselves from the big guys. The super regionals will try to grow to compete with the nationals, and the nationals will succeed or fail based on how they integrate with each other.”
 

---

With all the excitement over new technologies and integration trends, including cloud, IoT, mobile devices and more, there is one thing that could put a damper on all this progress: cybersecurity.

“We continue to see requirements from end users where they don’t allow IP-related products in unsecure parts of the facility,” says Jim Hoffpauir, president, Zenitel USA, Vingtor-Stentofon, Kansas City, Mo. “Today the requirements for that and encryption haven’t hindered the market. It is not a requirement where we are losing business, but we do see it will have to be addressed in the future.”

While many of the hot trends are coming up from the consumer space, the level of cyber security on those products in that space is “a little sketchy,” says Jim Coleman of OSS. “If you are doing serious security, which most integrators are, and you have clients who are serious about protecting their premises and it is the cloud, how is that information protected? You have to be knowledgeable about encrypting the information when it is stored and when it is in motion. If you are using mobile devices and those aren’t secure — whoa. All of a sudden it could be a huge liability. More than most, when it comes to cybersecurity, our industry needs to eat its own dog food. Many successful integrators started some time ago before cybersecurity was a strong concern. Their processes — like how often to change equipment passwords — are probably a little long in the tooth and in need of review.”

Cybersecurity may be one reason the government has not jumped on many of these newer technology trends, speculates Daniel Prochnow, president, Securityhunter, an integrator that almost exclusively operates in the federal space. “The government is much more careful about the protection of its systems and has much more sophisticated cybersecurity. When we install security systems there are all sorts of processes and protocols we have to go through…. The federal government is ahead of most commercial companies on cybersecurity.”

Prochnow thinks that these types of protocols and procedures will make their way down to the commercial space as more and more cyberattacks happen.

“Every time you have an edge reader or panel you have created vulnerability,” says Scott Sieracki of Viscount Systems. “At some point in time the IT department will finally realize that having a separate system should go away and their IT authentication engines should be the decision makers on who can get into the building before they even come close to the network. That changes the game.”

Jason Ouellette of Tyco adds, “Cybersecurity gets to buying trends. Now that products are IP-centric all the way to the edge, that is the cybersecurity world and our products need to comply with standards and the integrators need to understand what parts are being used. Do they need to Swiss cheese the firewall in order to make their integration work? They need to know the vulnerabilities and how manufacturers are performing their own susceptibility tests and providing cybersecure products.”

More and more, manufacturers in the access control space are stepping up to the plate. Genetec, for example, is focusing on the “security of security” in the coming year, Palatsoukas says. “A big part of the message is about educating the market and helping to bring integrators along and learning from those talking to IT about cybersecurity. There are a lot of smart integrators ramping up. It is not going to happen overnight, but it is something we are working very closely with them on to make sure it becomes part of every conversation when it comes to access control.”

At the end of the day, cybersecurity should be the foundation that end users and integrators start with and build off of, says Mark Duato of ASSA ABLOY. “The old saying is the chain is only as strong as its weakest link. Today IT professionals understand security threats start with cybersecurity and they are investing heavily in making sure those are in place. We need to be able to provide the best overall value in supporting that and leveraging what they already have as their standards.

What’s New With Access Control Standards?

While behind the video surveillance industry in developing open standards, the main three organizations working on open standards for access control all have made good progress in the past year and are hopeful that their impact on the industry will be a benefit to integrators.

ONVIF introduced its first access control profile, Profile C, two years ago. This past year, ONVIF released its second access control-related profile, Profile A. “Profile C was a very basic access control profile that makes it possible for VMS manufacturers to integrate with access control systems and receive basic data like door status and site information,” says Per Bjorkdahl, chairman of the ONVIF Steering Committee.

According to Suresh Raman of Siemens Technology and Services, who chairs ONVIF’s Profile A Working Group, “Profile A was created in response to feedback from ONVIF members and the physical security industry at large, asking for a more advanced access control profile. It expands the feature set of Profile C to include the day-to-day operations of configuration of credentials, access rules and schedules, along with Profile S video management systems. Integration with video can be performed on the Profile A conformant client.”

Profile A is currently in Release Candidate status. ONVIF circulates new profiles first as a “Release Candidate” for six months, allowing members and stakeholders a final implementation review. The final profile is expected to be published in June 2016.

The international IEC’s standard for Electronic Access Control is also incorporating ONVIF’s newest access control specification in its IEC60839 standard to be released next year.

Bjorkdahl is optimistic that this, trends like IoT and the overwhelming interest in standards across the industry will push these efforts forward. “Absolutely [access control] standards will be bigger in the coming years, judging from the number of questions we get from non-members,” Bjorkdahl says. “There is genuine interest and reasoning around why this should happen…. The mission of ONVIF is that all security systems will share an interface. We expect and strongly believe that the ability to incorporate the ONVIF specification will open up and accelerate the IoT.”

SIA’s OSDP (Open Supervised Device Protocol) is finally reaching a more mature state, says Mercury Security’s Frank Gasztonyi, chairman of the OSDP working group within SIA’s Access Control and Identity Subcommittee. “This summer we published four separate profiles. The standard itself has a broad range of messages and a profile will call out what messages must be supported as well as the purpose of that type of device. We have not achieved the state where we can actually enforce and sign off on conformance, but created profiles and the understanding that they are valid and we are moving toward supporting them. This will give a purchasing level person the ability to request an OSDP device conforming to one of those profiles and should be able to have interoperability within the standard.”

This will allow integrators to have flexible installations of high-performance reader devices, he says. Biometrics and high-assurance readers having a direct Ethernet link without having to go through multiple layers will make installations more efficient in terms of performance timing as well as very secure data transfer and simple installation. “It gives them the best of both worlds: simpler installation and faster transfer and a very secure data path,” Gasztonyi says.

OSDP’s latest initiative is working on network connection security, Gasztonyi says. “The only network connection type we are approving is TLS (Transport Layer Security), which is a secure connection…. This is the technology in use for point-to-point secure connections. It is a fairly broad specification involving public key infrastructure and the use of certificates. To those who know network, TLS means a lot.” SIA plans to introduce OSDP over TLS at ISC West in April.

As for PSIA, in addition to its Physical Logical Access Interoperability initiative (PLAI), which has gained some good adoption in the past year, it is also working on a new standard for wireless and networked electronic locks, says David Bunzel, executive director, PSIA, Santa Clara, Calif.

“PLAI allows integration with Active Directory so when a company onboards a person they get those privileges transmitted to all the different PACS (physical access control systems). It also allows and enables other services relating to identity, which is a very important activity.”

Since PLAI was introduced in mid-2015 Bunzel says the association now has “all the major access control participants supporting it…. I would say if you looked at the companies involved we have a critical mass in the PACS vendor industry.”

But PSAI has another group involved with integrated locking that is just starting to come up with standards for allowing these locks to be integrated and have the same sorts of privileges based on identity. The goal is to get these locks, which don’t necessarily all communicate in the same way, to talk to each other and to dedicated systems so they can work together in an access control system.

“Right now if you have an ASSA ABLOY lock and you tie into a Tyco system, they have the APIs and protocols written to do that,” Bunzel explains. “But what if you decide later you want to add an Allegion lock. You have to rewrite everything because it is not done in a standard way.” PSIA plans to have a draft specification out mid-year, he says.

What do integrators and manufacturers think of the standards so far?

George Ballman of Kastle Systems is a big believer in standards, and the company’s CTO Mohammad Soleimani is the chairman of PSIA and was the chief architect of PLAI. “In my experience it has been great for me and the clients I serve on the enterprise level,” Ballman says. “It has actually been the selling point with some of our clients to know they can get access anywhere but have a single platform they can use across the U.S. or even globally.”

Tyco is a member of PSIA and a participant in its discussions about standards. They are also board members with SIA OSDP and are closely watching the ONVIF developments, says Jason Ouellette. “Open standards like PSIA and their focus on identity credentials that can be shared, [SIA’s] OSDP and ONVIF all continue to gain traction and promote interoperability of edge devices, which was a contributing factor and will continue to be one for growth in 2016. Integrations are really starting to become a real growth driver for anchor-based products like access control…. The challenge I see is where OSDP is really at the edge device back to the controller, ONVIF is a higher level standard that gets to the server and will be much more challenging. Right now if I were placing bets, PSIA and OSDP would see faster adoption.”

RS2 is also a SIA OSDP member and “very much in favor of it,” adds Gary Staley.

“We are deeply vested and invested financially with SIA and OSDP,” adds Cypress’s Paul Ahern. “We are working with a few unnamed manufacturers helping them adopt OSDP.”

Cypress’s Osmium product was a SIA New Product Showcase winner last year for promoting easy adoption to the OSDP standard. “We didn’t expect a whole lot of sales from that first year, but it brought us a number of other credential and reader manufacturers to develop products that are compliant,” Ahern says. “I do see a definite growth curve and opportunities for companies to adopt it. I think it is critical. We have to get away from the archaic Wiegand technology for a lot of reasons, including no encryption or security.”

Not everyone is as optimistic about the future of access control standards, however. “Standards are wonderful if everybody plays by the rules and implements them in the same way; then we have interoperability,” says DAQ’s Chris Sincock. “In any industry, including building automation, that is not necessarily the case. And in access control there is not a lot of incentive to fully embrace standards for companies that manufacture electronics. I don’t think we will see one cohesive standard that the industry adopts.”

While SSP’s David English is in favor of industry standards in theory, in practice he has yet to reap the benefits. “Certainly it helps with integration for sure. But it is important to understand what you actually get with standards. It can be pretty deceiving about what compliance actually provides you and at what levels they are compliant. Just because it does work, what is the value you actually get? To be quite honest we have found ourselves in trouble from time to time where we expected it to perform to a certain level and found out it was surface-level integration. I would say as much as it helps us, it hurts us, too.”

However, English acknowledges that his standards experiences thus far have been limited to the video side, and he has not run into access control standards yet.

Richard Goldsobel of Continental Access Control, a division of Napco, understands this dichotomy on the manufacturer side. “For access control manufacturers there is a push on both sides, internally to try to stay proprietary versus the desire to move to be open to gain more market share and acceptance.”

This won’t be a one-year or even a five-year process, he predicts. “This is definitely a five- to 10-year plus movement. But in my opinion, the access world is more complicated. The reason standards went to video first is the total scope of video functions tend to be less involved. When you get to access control, the variety of enterprise access options are huge. There is anti-passback, mustering, two-man rules, and the feature proliferation goes on and on. They are not necessarily huge features but there are so many of them — hundreds or even thousands. And here is the key: right now every enterprise manufacturer does every single one of those slightly differently. Even if ONVIF was adopted today across the board and every manufacturer agreed, what you are going to get are these incredible nuances and differences on that compliance.”

Though the process may be a long one, it will ultimately be worth it, particularly for the integrator, Goldsobel adds. “All these issues relate to the manufacturing side, but if standards do start to become well adopted on the hardware and software level and more commodity-based, the manufacturers may suffer, but integrators can have a better life. So much of their infrastructure is based on training and knowledge of two and three and four and 20 different platforms. What is good for the manufacturer is not necessarily good for the integrator and vice versa.”

---

More Online

For more on access control trends visit SDM’s website where you’ll find:

“What’s New With Standards?”

“Top Secure Identity Trends to Watch in 2016”

For other recent State of the Market stories visit SDM’s website:

“State of the Market: Alarm Systems”

“State of the Market: Video Surveillance”