Web-Hosted Access Control
In our previous posts, we discussed the concept that all IP access control systems on the market today can be broken down into three categories: embedded, network appliance and Web-hosted. This week, we proceed to examine the Web-hosted option in greater detail.
The Web-hosted architecture for access control follows a powerful new paradigm that has emerged in the IT community over the past 10 or so years -- Software-as-a-Service, or SaaS. As this trend has become more popular in the security industry, it has spawned new variants such as the application-specific Video-as-a-Service or the more general Security-as-a-Service.
What all forms of SaaS have in common is a software delivery method that provides remote access to the software and its functions as a Web-based service. Operationally, SaaS enables organizations to access business functionality at a cost typically less than that for licensed applications, because SaaS pricing is based on a monthly fee which amortizes system costs across a large number of customers. And because the software is hosted remotely, users don't need to invest in additional hardware at their own facilities, thereby avoiding capital expenditures. Further, SaaS removes the need for organizations to handle the installation and set-up, along with and daily upkeep and maintenance, which reduces both staff and contract labor costs.
Let’s take a look at the advantages Web-hosted solutions offer the security systems buyer.
Ease of adoption is often cited as one of the leading reasons organizations choose SaaS. According to Nicholas Carr, author of The Big Switch, the SaaS industry has been growing at over 20 percent per year and now represents an approximate $8-10 billion market per year in the United States alone. Industry analyst Gartner similarly predicts the SaaS market will continue to grow at 22.1 percent per year and that by 2011, 25 percent of all new software systems will be delivered as SaaS applications. Among the reasons usually cited for this steep adoption curve, primary motivators include the ease of implementation and the ability to keep pace with rapidly changing requirements.
A second reason that IT buyers in general, and security buyers in particular, are adopting the Web-hosted model is the favorable Total Cost of Ownership (TCO). Until recently, it was common for buyers to evaluate system cost in terms of one-time, up-front server and software expenses. However, it has become a well-established fact that the largest portion of PC and server ownership costs are in ongoing operational expenses, maintenance and support agreements. This is especially true of computer systems providing infrastructure services such as access control, because they must be held to a higher standard of availability and performance than ordinary office equipment. By many estimates, the up-front costs of purchasing a computer system represent only 15 percent of the TCO, which means that $1,000 server actually ends up costing you more that $6,600 over its lifetime.
Our own studies concluded that the SaaS model for security management platforms is the clear financial winner, due primarily to the economies of scale introduced by hosted application services. In fact, for a six-door access control system, we found that the SaaS solution enjoyed an advantage of nearly $26,000 (or 76 percent) over the server-based solution.
Scalability is another key advantage of SaaS architectures because they are typically built to support millions of users or remote devices in order to fill the requirements of the business model of providing low-cost service to a large community of users. In the case of security applications, this translates to being able to support tens of thousands of readers for an access control application, or thousands of IP video cameras for surveillance -- all over the Web, managed by any browser.
Automatic software updates are another benefit enjoyed across all types of SaaS applications, including security. As a Web service, updates to these applications are made in the same way as the latest update to any Web site -- transparently to the user, and without any intervention.
Now, what about the disadvantages?
We’re hard pressed to find any disadvantages for this architecture from a functional or cost perspective, although in many companies there is still, admittedly, some institutional resistance to the use of outsourced services.
Some companies still insist on keeping all data inside of their own network, but this reluctance has been falling away in one field of software applications after another. One of the most striking examples of this is NetSuite, a SaaS provider of financial and CRM applications. As their success demonstrates, many companies are making the choice to outsource even their most confidential types of data -- finances, customer lists, costing data and inventory.
We see this trend increasing for the security industry as more buyers become comfortable with such arrangements, and the cost advantages provide a highly compelling reason to give this model a serious look.
Summary: With SaaS, the biggest challenge integrators will face is understanding how to switch their revenue models to rely more heavily on the recurring revenue streams associated with SaaS, and less on the high-margin up-front revenue associated with server- and IT-heavy installations. This will involve not only finding new models for sales compensation, but also a willingness to invest in the longer-term benefits of RMR. This switch should be a cinch for the security industry -- let’s face it, we discovered RMR in the alarm business long before the term “SaaS” had even been coined.
Posted by Steve Van Till on Mar 24, 2009