In the Clouds
How big is too big; the sky is the limit
- By Jeffery Perri
- Sep 01, 2017
Cloud solutions are changing the way businesses operate
at almost every level. Their ease of implementation,
access from anywhere and cost-effective pricing
are making them the preferred solution for everything
from marketing platforms to payroll administration
to project management. Now, security solutions are joining this popular
trend, including access control “in the cloud.”
Cost-conscious small- to medium-sized companies have been
quick to embrace the many benefits of hosted access control. Larger,
enterprise organizations, however, have been more guarded. With
hundreds, or even thousands, of doors and access points, cloud solutions
have the potential to deliver enormous savings, but concerns
over whether the technology is truly “ready-for-prime-time” may
have kept larger entities from taking the leap.
Until now.
A new generation of cloud-based access control solutions that
offer centralized management, combined with redundant and decentralized
system topology, highly secure communications, an open
API for easy integrations, and complete “manage from anywhere”
flexibility, matches the wish list of any large corporate IT or IS management
team. System integrators have equal reason to take note;
cloud-based access is highly cost-effective, significantly easier to install
and configure, and allows integrators to play a more proactive
role in providing on-going support.
Security That’s Actually Secure
A majority of CIOs and CTOs will tell you that concerns over cybersecurity
threats are what keep them up at night. Combine that
with the fact that between 80 to 90 percent of all cyber-attacks on
small to medium-sized businesses are happening through their security
infrastructure, and it’s no wonder enterprise businesses are
leery of trying new solutions. In reality, it’s the tried-and-true standalone,
network-based physical security software and devices that
have proved to be most vulnerable. Attacks through video surveillance
software, IP cameras and access control software have been
well documented.
New cloud-based access control solutions that have been designed,
from the ground up, with a security-first mindset can deliver
in ways that IP-based solutions, that were designed 10 years ago and
are now being retroactively adapted for cloud applications, cannot.
For example, a 100 percent cloud solution should eliminate the need
for public IP addresses to connect to, and opening ports across the
network. This is a huge contrast to leading stand-alone IP access control
solutions on the market, for which phishing websites can easily
lead hackers right to the log-in screen for their systems.
New hosted solutions can also require hardware-specific authentication
before connection with the cloud. A smart manufacturer will
make sure that each customer’s system connects to the cloud using
a unique key embedded in its hardware, so that even if one server is
compromised, the rest of its customers are not vulnerable.
Cloud solutions, as well as any access control solution, can (and
should) require two factor authentication for all users with administrative
privileges. A system that requires a combination of biometric
data, texting codes or even physical hardware keys is going to go a
long way toward ensuring that the wrong people don’t gain access to
the system.
Reliability, Redundancy
and Responsiveness
Access control solutions must be absolutely fail-safe, which begs the
question, “With a cloud solution, what happens when the internet
goes down?” What might initially seem catastrophic is actually no
big deal when using a well-designed, smart cloud solution with local
redundancy. If system-wide data is always backed up and stored, on
site, by a local node, then loss of internet connectivity only degrades
the ability to log into the system remotely and make changes to settings.
On-site operability remains fully functional. Once internet connectivity
is restored, all controls are restored and the local node will
re-sync with the cloud platform.
What about operating a system, or portions of a system, from
a location that has unreliable internet access? Or none at all? Some
cloud access control manufacturers now offer GSM modules that
connect to the cloud via a cellular connectivity.
As for system reliability and responsiveness, be sure to ask any
cloud solution provider about its hosting platform. What sort of
infrastructure is in place to deliver consistently fast usability time,
to accommodate for spikes in network traffic and possible server attacks?
If proper attention has been paid to these concerns, then cloud
solutions can deliver reliability and responsiveness on par with any
stand-alone system, with the added benefit of universal accessibility,
and true security.
Enterprise Features and Functions
After passing muster for security and reliability, cloud-based access
control must deliver the functionality demanded by sophisticated IT
management teams looking for operational flexibility, integration
options and ease-of-use. This is where hosted solutions really excel.
But in discussing these capabilities, it is important to differentiate between
100 percent true cloud-based systems versus more traditional
IP systems that offer a mobile module. In the case of the latter, phone
apps or thin-client, browser-based platforms that allow users to manage
stand-alone systems “from anywhere” typically do not provide
full control. There is still the need for an on-site server to deliver the
solution’s highest level features.
In a pure cloud solution that has been engineered, first and foremost,
for the mobile user, the user experience is going to be 100
percent the same whether logging in from phone, tablet, laptop or
desktop. Many of the features and functions discussed here pertain
exclusively to these types of systems.
Let’s begin with flexibility. By definition, cloud systems offer unparalleled
flexibility in how and where they can be accessed. And
this benefit isn’t just limited to system administrators. Accessibility
means that cloud systems can be more easily supported and serviced
by system integrators and manufacturers. For example, cloud systems
designed with health monitoring capabilities can alert the system integrator,
as well as the in-house IT team, when any problems arise.
These might relate to lost connectivity to a controller, power supply
status, or even low battery life. Automated communications like
these allow dealers to provide support that is proactive, rather than
reactive. Plus, if unusual challenges arise that are beyond the normal
capabilities of the dealer, with consent the manufacturer can also provide
remote consulting and support.
System configuration and integrations are also simplified. When
an integrator goes on site to install a system, he can use configuration
tools built into the app to facilitate set up. All the tools are right there in his phone or any web-enabled device. For example, he can discover
all available wireless devices, do a test to make sure a door is within
range, and even click “relay” to see physical action at the door and
monitor dB gain.
Once hardware is in place, a 100 percent cloud solution should require
zero onsite configuration. Again, the app provides all the tools
necessary. The integrator sets up initial users and their administrative
permissions, and once they accept the invitation, they can add,
change and delete access rights, even from a mobile device. It’s truly
plug-and-play. It’s equally easy to upload large employee databases,
create groups, time zones, create partitions, and use the rules engine
to make the system do whatever is desired.
Now, to the topic of integration flexibility. The delineation between
physical security solutions, network security, cybersecurity,
and solutions like building management and life safety systems, continues
to blur as the IoT (Internet of Things) encompasses more and
more devices. Integration is easier, and can deliver more capabilities,
when systems are designed to communicate with each other, and
cloud-based solutions are predisposed for this type of functionality.
Hosted access control solutions can more easily integrate with a wide
range of platforms, and can even seamlessly integrate with standalone
solutions.
For an IT manager looking to streamline operations and consolidate
solutions, cloud-based platforms make that task infinitely easier.
Look for cloud-based access control to integrate with lock systems,
video surveillance, HR and payroll systems, visitor management, billing
systems and much more.
Paths to Migration
For large companies looking to upgrade their physical security infrastructure,
the sunk costs of hardware already installed might make
the proposition of “going cloud” seem prohibitive. Cloud solutions
often offer compatibility with all your existing hardware, and do not
require an all-or-nothing investment. Initially, only controllers need
to be swapped out, and these can be connected via existing cabling.
These then get connected to a “cloud node” facilitating the physical
connection to the hosted platform.
Once this has occurred, the customer can run the new controllers
indefinitely. As all software is automatically updated, the hardware
never becomes obsolete and the system never goes out of date. If, at
some point in the future, there is a desire to further upgrade the system’s
hardware, or to add additional doors using wireless connectivity,
both legacy and new components can operate through centralized
management, with seamless interoperability.
The Bottom Line
As mentioned at the beginning of this article, the financial benefits of
cloud solutions are well known; it’s one of the primary reasons that
the industry-leading business solutions are now hosted.
Access control is no different. Compared to stand-alone solutions,
it is significantly less expensive to install, operate and maintain.
However, for the enterprise customer, price is not enough. When it
comes to access control, decision makers must feel fully confident
that any quest to save dollars on a cloud solution doesn’t compromise
their corporate security, diminish their functionality or limit their future
options for expansion and integrations.
The new generation of cloud-based access control should go far
beyond putting these concerns to rest. In fact,
look to cloud-based access control to redefine the
category, establishing a higher level of expected
features and performance, as required by even the
most demanding, enterprise customers.
This article originally appeared in the September 2017 issue of Security Today.