Getting Ahead in the Cloud

cloud concept

Leaving Behind On-Premises Access Control Is a Step Toward the Future

Mike Maxsenti headshot
Mike Maxsenti is director of key accounts for Genea.

The shift has begun. Or, more accurately, is gaining momentum. Since 2020 and the pandemic-induced hybrid workplace, IT and security teams have faced mounting pressure to reevaluate their physical access control. Many teams have found that their on-premises systems simply will not cut it anymore.

As a result, enterprises are leading the migration from rigid on-premises systems to more flexible cloud-based options. And the change makes sense. Enterprise teams face the daily challenge of managing multiple facilities (sometimes spanning the globe) and overseeing thousands of users. Cloud technology eases these processes.

But ditching the on-prem dinosaurs raises another question: Which cloud-based system is the right one? IT and security teams have a variety of options, and choosing the right one can be difficult. Teams must not only address current problems but also be cognizant of potential future challenges. The unpredictable climate of security means personnel must ensure their operations remain flexible for the future, something that on-premises access control cannot do.

On-Prem on the Way Out

The problems with on-premises access control systems can be categorized into three buckets. First, they operate using outdated hardware architecture. In the case of an enterprise customer who wants to install access control in more than 1,000 locations worldwide, for example, an on-premises system would require each site to house its own server. Cloud-based access control, however, eliminates the burden of equipment costs associated with all those servers, including the space needs and maintenance requirements.

The second problem plaguing on-premises access control is the antiquated user interface that lacks the simplicity and functionality seen in many cloud-based systems.

Finally, on-premises systems do not natively integrate with other technology solutions. Making the systems work together requires costly custom integrations at each location.

Security, Redundancy and Encryption

For much of the 2010s, there was a debate about the security of data in the cloud, with questions being raised about potential cybersecurity vulnerabilities. Today, though, the cloud is safer than its on-premises counterparts for various reasons. Chiefly, the cloud creates redundancy, reducing the possibility of losing important access data. Storing access data onsite runs the risk of it being damaged, lost or stolen. When an on-premises server fails or a hacker gains access to vital information, companies can lose months of information. Cloud networks, in contrast, keep data in multiple locations. In an enterprise solution, having redundancy that is accessible from anywhere should be a requirement.

Cloud encryption was another early concern. Encryption has improved tremendously over the past decade, and, when looking into upgrading to the cloud, enterprise security teams should make sure that all of their data and servers will be encrypted using 256-bit encrypted HTTPS protocol. This protocol prevents anyone or anything, including a supercomputer, from gaining access. It would take years for hackers to decrypt this type of information.

Cloud Hesitancy

Despite the progress cloud access control has made, some IT and security professionals remain reticent. The Apache Log4j2 vulnerability may have contributed to this. In December 2021, a vulnerability in open source code was exposed. The remote code execution vulnerability theoretically enabled hackers to take full control of devices, including cloud servers. Among those at risk were some of the biggest cloud providers. Hot patches were deployed, however, and companies took immediate action to secure their servers. It all ended without a catastrophe.

In the end, Log4j2 served as a sobering reminder to all in the tech industry. But there was also a silver lining when considering the response time, one that emphasized the agile and flexible nature of cloud computing and showed that solutions could be quickly deployed and threats excised. Contrast this to the actions needed for on-premises servers affected by the Log4j2 vulnerability. In an enterprise environment with access control running across multiple servers, deploying hot patches would take exponentially more time. Having to coordinate and implement changes across multiple systems could leave enterprises exposed for an extended period.

Unifying Security Through Integration

Like a streaming service’s ability to quickly add new titles to its library, cloud access control providers can rapidly deploy new solutions, including application programming interfaces (APIs) that connect software and hardware to access control platforms, allowing them to communicate with each other. In short, these integrations offer a way to streamline security by uniting multiple systems.

While on-prem providers can also use APIs, they cannot incorporate them into the system as quickly as cloud providers. Why is this a problem? Because software companies come and go, and consolidation of property technology will continue. IT and security teams need the capability to pivot.

Security teams can quickly add API integrations to their company’s existing hardware, so that the software addresses new challenges more quickly and cheaply than can be done with on-premises systems.

API integrations come in two types: native and open. Top-tiered access control companies offer native integrations, meaning that, with a single API token, IT and security teams can connect their access control system to other hardware and software tools, including video, visitor and identity management, tenant amenity apps, and more. Everything from elevators to security cameras can be connected with an API token.

Remote Visitor Management

Consider a cloud-based access control system at a U.S.-headquartered company that has a native API integration with a visitor management system. The firm is made aware of an after-hours delivery being made to a satellite office in Belgium.

Without having to make the Belgium team stay late, the American team can issue a temporary QR code to the delivery person. Some access control companies even have custom parameters for their guests, so, for example, they might be permitted to enter the building between the hours of 6 p.m. and 8 p.m. Any time outside of those hours, the credential will be inactive.

Visitor management systems are just one of the many APIs that are easily incorporated into cloud-based access control.

Video Management

As with visitor management, cloud-based access control can be integrated with video management systems. These integrations help IT and security teams improve the speed at which they respond to emergencies by connecting security cameras with access control dashboards. Users have the capability of mapping door alarms to security video feeds. When a door event occurs, such as a door being forced open, video from the security camera can appear within the access control dashboard.

Some cameras even include facial recognition features to identify who is coming and going within a given workspace, enabling video management systems to reduce passback and tailgating problems. If an unauthorized person attempts to gain access by using an employee’s credential, the integration will note the discrepancy and alert the security team.

Scaling, Adding and Removing Credentials

The scaling of an enterprise brings about many new challenges from a security standpoint. One of these is credentials. As veterans of the industry are aware, the landscape of credentialing has changed. Teams that used to rely on physical credentials (e.g., key cards, smartcards, key fobs) have transitioned to biometrics or mobile. While a complete transition to non-physical forms has not yet happened, teams in the market for access control should look for a provider that offers both physical and mobile options.

There is good reason to consider using mobile credentials. When operating within a cloud infrastructure, mobile eliminates certain restraints. From an end user standpoint, physical credentials are more likely to be lost, cloned or stolen. For enterprises, using mobile credentials also means the ability to access multiple offices without having to use multiple badges.

And the advantages extend beyond the user experience. System administrators can remotely assign credentials to any of their team members in any location. For example, if a company’s headquarters is in the United States and a new employee is brought on at a location in England, administrators can add credentials without ever leaving the office.

Hardware Matters: Proprietary Vs. Nonproprietary

Hardware is an aspect that tends to get overshadowed by the sleek user interfaces and sexy mobile experience of the latest generation of access control. For enterprises, though, hardware is especially important. Selecting a platform that has all the bells and whistles on the frontend but is weak on the backend can lead to disaster as enterprises scale.

With hardware, there are, basically, two options: proprietary and non-proprietary. Many proprietary options exist, but IT and security teams run a significant risk with this option. Selecting proprietary hardware ties enterprise security to a single provider. If that provider goes out of business, then all of the hardware will have to be ripped out and replaced.

Obviously, this is a worst-case scenario, but there are also other risks that come with proprietary hardware. Proprietary providers could choose to sharply increase the annual price of software, for example, or they might fail to keep everything updated and secure, either of which would leave customers with few good options.

In contrast, non-proprietary hardware allows enterprises flexibility when choosing software. If prices increase or the provider fails to update the software appropriately, then security teams can simply find another solution.

Futureproof Security

Enterprise teams must try to find futureproof security solutions in an ever-changing environment. As businesses grow and locations and employees are added, it is natural for new security vulnerabilities to arise. The challenge is finding a solution that grows with the business itself. Cloud-based access control provides clear advantages in scalability, flexibility and security compared to on-premises systems. Native API integrations are one part of the equation when it comes to selecting a provider, but aspects like 24/7 customer support and features updates are valuable, as well. As security technology continues to improve processes for enterprises, the power of cloud-based access control could be transformational.