Cloud access control is not a new concept. Some companies have been offering it for decades. If this sounds surprising it is because cloud access is nothing more than hosted or managed access control, renamed.

 “Cloud access is just terminology — the new buzzword,” says Matthew Ladd, president and COO, The Protection Bureau, Exton, Pa., which started offering managed access control in the late ‘90s. “What has allowed the cloud to become much more valuable — and the concept of having your database and/or programs running elsewhere more acceptable — is browser-based systems.”

In the past few years, not only has the name changed, but more and more manufacturers and software providers have started offering Web- or browser-based solutions with easy mobile interfaces. As a result, cloud access control has become both more viable and more attractive, particularly to a certain portion of the end user market. Most integrators agree that the two- to 10-door market (particularly multi-tenant property managers) is the optimal target for cloud access today.

“Life is different today,” says James Bienenfeld, vice president, York Security Solutions, LLC, Miami Beach, Fla. “No one is sitting in one place, and being able to do multiple things from multiple sources is a big deal.”

While a name change alone doesn’t change anything, it is actually helping sales. For integrators, squeezing margins on devices and materials makes the move to commodity pricing more attractive than ever. Add that to the end user desire for more mobile applications and increasing familiarity with cloud applications (such as banking and shopping), and cloud access control becomes an attractive option for both the integrator and end user.

Sales and Contracts

Selling cloud access control requires a whole new conversation with the end user versus the more traditional approach. What many integrators are finding today is that this conversation is easier than ever now that the “cloud” has become such a popular term in the U.S. lexicon.

“It is a change in the terminology,” says Chris Peckham, Ph.D., senior vice president, CTO and special projects, Kratos Public Safety and Security Solutions, San Diego. “The functionality that is there, the fact that everyone is connected to the ‘net’ now makes it a lot easier, and the media is constantly talking about ‘cloud.’ People understand the concept now more than in the past. Almost any service out there these days has a cloud component to it.”

Ladd describes the impact the word “cloud” can have. “A lot of our sales process now involves IT departments of all different sizes and capabilities and we have found that when you use that buzzword of ‘cloud’ it is more readily accepted. I had a sales call with a director of IT who had been asked to talk to me by his boss. He was initially less than enthused, but as soon as I said the word ‘cloud’ his temperament changed and he became very interested in what I had to say. I am not sure he would have had the same reaction if I had used the word ‘hosted.’ He was a younger guy brought up in an Internet world and a trust of the cloud. For him, the word got him.”

Even in cases where the customers are not actively asking about it, a quick explanation of the benefits can be all it takes to spark an interest.

“I don’t think any of my customers would conjure up the question to ask,” says Dennis Smith, director of integrated services, SFI Electronics, LLC, Charlotte, N.C. “But if I ask them if they would like a system where they don’t have to maintain a server or worry about data backup, and they can access it with a mobile app, they are definitely interested in that. All of our customers struggle with maintaining server machines and patches and upgrades. If I go to them with an economical solution that solves that problem and can show a cost savings, that will certainly sway them.”

Cost, not surprisingly, remains a major selling point. “They are not buying the overall access control system but instead leveraging what is out there from an integrator or service provider,” Peckham says. “It can be an operational instead of a capital expenditure.”

Daniel Cogan, president, Access Security Corp., Warminster, Pa., stresses the need to emphasize the cost savings. “Some more traditional salespeople have a difficult time explaining it in the proper way; they need to be able to show that over the course of five years the end user will actually save money versus an in-house system. Once that is explained to them, most people start to come around.”

Selling a cloud-based system also requires a different mindset from the integrator, as well as a different set of contracts, agreements and internal organization. For integrators who already have a central station, the process is a logical extension and feels familiar. But more traditional integrators need to keep some things in mind.

“Cloud is more closely aligned to recurring monthly revenue (RMR) models,” Peckham says. “It is more analogous to service contracts than the traditional sale. Pricing is different because you are spreading out the cost and leveraging what you are doing on the server side across multiple customers. There is a different understanding of how the services are priced, what the overall return is, and the margins. It is not your traditional model.”

The pricing structure needs to be set up for an RMR model, Cogan adds. “How are you going to price it? Are you going to attach service, both managed as well as physical service on site for any issues with the physical hardware?  What about programming? How will you set it up?”

Proper contract terminology and billing are two of the bigger issues Smith sees. He also stresses the need to be aware of the potential issues and risks associated with the cloud. “When a system is in the owner’s possession that is one thing, but when we are hosting or using someone else’s services and something gets messed up, who is liable? We are taking on more responsibility and along with it more risk. Ask yourselves, ‘Did we have the proper verbiage on our contracts? Are we insured? Are we protected?’ Educate your customers on what you are doing and the risks associated with it. Have good practices and procedures in place.”

Integrators not already operating a central station also need to take into account the different nature of cloud or managed services. “Make sure you understand the amount of resources you will need to support this system because it is not just one. It is hopefully hundreds,” Ladd says. “Many traditional integrators close their doors at night and go home. At a company like ours, the lights are always on.”

Last but not least, don’t forget old-fashioned communication with the customer. “If your business model is on-site resources, that will have to shift,” says Guy Morgante, vice president of global professional services, Northland Controls Inc., Freemont, Calif. His company is starting to look into the cloud, but doesn’t offer any solutions for their customers yet. “You have to understand what the touch points are for those customers and set up your model accordingly. You need to have processes in place to make sure they are getting everything they need. In an enterprise or traditional system we are there and work with them all the time. In cloud, the touch point will be more in the back office and how will you communicate?”

Common Objections and Pitfalls

Not all customers will jump for joy when an integrator utters the magic word “cloud.” There are still plenty of fears and objections that may or may not be surmountable.

“It depends on the customer,” Bienenfeld says. “Some don’t like the idea of the cloud. Sometimes there is an emotional boundary. Some customers don’t like it not being stored in-house on a local computer. In 2012, I still find customers with no Internet access and no interest in paying for that.”

Cogan finds that companies with an existing in-house access control system are often more open to the idea than those that haven’t had that experience, because they know the pain points of aging equipment and management issues. “People unfamiliar with access control sometimes hesitate to go into cloud-based systems. Walls have continued to come down, but we still have customers that want something hosted locally. Most want browser-based solutions but they are not sold on having their appliances someplace other than their location.”

However, mid-range and smaller customers may not be able to afford a browser-based, mobile app-enabled system without going to the cloud-based services.

Another common objection — one that can often be overcome by education — is the security of the cloud.

 “An educated consumer makes good decisions,” says Philip Mosley, program manager, security, automation and controls solutions, McKenney’s Inc., Atlanta. “I am of the opinion that there are probably more risks with a server on site that can be touched and manipulated, than in having access control based within a very well-insulated cloud environment.”

SOLID RELATIONSHIPS

Integrators who have been doing this for a while also know to make sure the relationships and partnerships with the service provider and manufacturers are solid and workable before offering anything to the end user. The integrator also needs to fully understand all the technology and how the hardware communicates with the software.

“We have certainly learned along the way that just because someone says they have a solution doesn’t mean they do,” Bienenfeld says. “We have gone through different iterations of how we will approach this and learned a lot about the difference between being put out to market and ready for market. Initially when we looked at it we thought it would be great until we figured out what the limitations were. At this point the few customers we have online have a very stable system and we are very proud of it.”

Ladd adds that a successful solution entails more than just repurposing an enterprise solution and turning it into a managed service product. “Enterprise solutions are not the best for this. When you turn it into dispatched managed service there is a lot of information and features taken for granted in central station software that access control doesn’t inherently have.”

For example, often in an access control system you have to type up instructions for each card reader for a specific action, whereas in the alarm world it is done by type of alarm, not door. This can get cumbersome if you are trying to apply an action to multiple doors or over multiple clients. “The way we ultimately did it was to merge our knowledge of databases in central stations with access control and found two manufacturers willing to work together to develop it,” Ladd says.

Ultimately, it comes down to trust in your supplier — whether of the access control system or third-party hosted services — so that you can then pass that trust down to your end user, Smith says. “Check references and be aware of who you are dealing with and what safeguards and protections they have in place that will protect you, should something go wrong.”

This article was previously published as "Selling the Cloud" in the print magazine.


 

Moving Beyond the  Small- to Mid-Range Market

Almost everyone agrees that today’s cloud-based access control solutions are not currently workable for the larger and enterprise clients. There are some indications that this may change in the future, however.

“Something would have to drive that need and what drives it now is bringing down that up-front cost,” says James Bienenfeld, York Security Solutions LLC. “That argument loses relevance when you get beyond 16 doors. At that point there is a certain flexibility to having a server on site. It makes sense to have everything in one place.”

Daniel Cogan, Access Security Corp., adds that beyond a certain number of doors, customers start to want more features and integration (particularly with video) that are not as easily done in the cloud. “I do think as bandwidth continues to explode, video will become easier to do in the cloud,” he adds. “Those obstacles will fade away and you will be able to have as robust a software package as on a dedicated network.”

It is not there yet, though, says Guy Morgante, vice president of global professional services, Northland Controls Inc., an integrator that focuses on enterprise-level clients. “The cloud still has to solve the video bandwidth issue. While there are programs and applications popping up for small 10-15 camera sites, no one is putting 200-500 cameras in the cloud.”

Morgante says a hybrid solution of a cloud-based access system with the video done in-house may be the path forward. He also sees a potential use for the cloud in enterprise solutions that expand into international markets or smaller towns where they are not the same level of services and infrastructure available.

Philip Mosley, McKenney’s Inc. echoes the sentiment that video is the holdup to a larger enterprise cloud solution right now, adding that while access will move to the cloud relatively quickly, due to bandwidth issues, video will be “dragged kicking and screaming” to the cloud.

There is, however, no risk in having cloud-based access and still having on-premises CCTV, he adds. “The end user and integrator alike can still glean the benefits of a cloud approach while maintaining enterprise level video system.”