Security Systems News is a monthly business newspaper that reaches 25,100 security installers, product distributors, central stations, engineers & architects, and security consultants. Our editorial coverage focuses on breaking news in all major se
Issue link: https://ssn.epubxp.com/i/888468
6 OCTOBER 2017 www.securitysystemsnews.com 2017 Access Control Source Book Continued from page 3 CLOUD CLOUD see page 10 Denis Hebert Ralph Shillington Denis Hebert, president, Feenics, pointed out that although there are many arguments that can be made in favor of the cloud, convincing integrators on the merits of selling cloud as a service is at times like "pushing a rope," he said. "They get intellectually what it means but they don't have sales commission models that are attributable to a recurring kind of service. For the typical integrator today, it is all about the big kahuna—the big sale and big commission check, etc." Hebert said that it takes a different sales approach to sell cloud-based services. "Our challenge today is that they [systems integrators] haven't incorporated a busi- ness model to be able to sell this kind of service, rather than just selling equipment, which is what they are used to doing. Cameras, readers and servers—their whole business model from a commission standpoint is built around that. So that is the 'pushing the rope' concept. Intellectually, and from a business perspective, an integrator is going to say, 'It would be great if I had more recurring revenue,' but they've got to get over that hump and figure out how they are going to compensate their sales people within this new managed services model." All agreed that they are working hard to educate integrators on cloud's potential and provide them with the resources and support to sell cloud-based managed services. "We will continue to develop features in the cloud that make it easier from an end user perspective, but also empower our integrators to have the tools they need from a central manage- ment perspective, from firmware updates to general ability to managing things without having to roll a truck to a site—really allow them to take advantage of that managed services model," said Stenger. The cloud is also changing the way end users look at access control, with many embracing mobile access and credentialing. "Cloud-based mobile access is a growing industry and we see more and more companies sell mobile access as a complimentary solution to their traditional access control offerings, in addition to card credentials," said Arrehed. "In certain verticals, such as education, we see universities moving to 'mobile-only' models as their only access control system. While cards will continue to exist for the foreseeable future, there are trends that point toward the market transitioning to mobile, over time." "The level of customer excitement among end users is tremendous," added Van Till. "They see the credential on the phone and it closes deals." Stenger agrees, noting that from a mobile credentialing per- spective, "we have seen a big jump since we launched that in March," she said. "And the adoption of that is probably one of the key drivers to why people go with our hardware solution, because they want to get rid of the physical card and have everything at their fingertips." While mobile credentialing is becoming more widely accepted, Arrehed noted, "Organizations are still grappling with the issue of visible identification, which is a valuable tool as a secondary method to identify a person. Visual IDs are easily implemented on a physical credential, but not having this visible identification on a mobile device is something organizations highlight as a key reason for maintaining some form of physical ID cards." Another selling point for the cloud is its inherent cybersecurity advantages over on-premise systems. "When you are dealing with a cloud-based product, the physical network that the cloud-based computers are running on are physically secured inside buildings built for that purpose alone, so that the attack vector on your database is reduced to near zero," noted Shillington. "In the traditional on-premises environment, all the data is in the building, where it doesn't belong. Because everyone has their own phone and laptop, those are all connected onto the same database, for example, so it becomes very easy to get malicious code collocated with your database, and now you are nine-tenths of the way there to having data walk out the front door either physically or electronically." That kind of scenario "just doesn't happen in a well-secured cloud-based environment because there is no physical connec- tivity," Shillington continued. "The database and where all the data resides, is locked up tighter than a drum." Hebert noted that if you look at a good number of on-premises systems today—though it may be surprising—security patches and software versions are not up to date. "When you are in a cloud environment you don't worry about that because that becomes our problem, so these patches and updates are hap- pening automatically. I can't tell you how many customers I have seen in the access control world who are three versions behind on their software and they haven't put a patch in three or four years." Stenger said that having providers such as Amazon Web Services run the cloud provides a certain level of trust and comfort for customers. "[AWS] basically built their business out of hosting and they are really great at it and people feel comfortable with it, which shows in that 90-10 split of cloud to on-premises ratio we see with our customers." In terms of the security within the cloud, Van Till pointed out that it really is contingent upon whose cloud we are referring to. "People who are sophisticated with this don't form a general opinion on, 'Is the cloud safe?' or 'Is the cloud not safe?'" Van Till explained. "It is more about, 'Is Steve's cloud safe, and does he run it properly' because it is all about how you take care of it. So to say the cloud is safe or not safe is kind of meaningless because you can run a really crappy website and web application that is as insecure as the day is long or you can run something that is really buttoned down tight." Arrehed agrees, noting that moving to the cloud "requires both significant investment and thorough knowledge of what it takes to build and offer a truly secure cloud-based solution for physical access," he said. "Given our large and global base of enterprise customers, HID has risen to the challenge of meeting various demands and regional requirements, which has in return helped us to gain a broad and solid understanding of our customers' needs when moving to the cloud. This has