Access Control as a Service (ACaaS) - Security Made Smarter
FingerTec News | 05/10/2018
People and assets require constant protection from danger and theft since the beginning of time. One important part of security is access control, the need to limit access towards sensitive areas through verified authorization. By definition, access control is a type of selective restriction into a place or other resources. Therefore, permission to access a resource is called authorization. For example, a student is authorized to access the university facility by using an access card issued to him/her, a person using a key to enter his/her house and staffs are provided with access cards to enter an office.

Access Control system has evolved significantly over the years and this is made possible by various kinds of technologies. Traditionally, locks and keys were popular but as society progressed and became modernized, the need for better security and access control systems surfaced. The table below shows the progression of access control system through time.

Keypad Access
Using unique PIN to enter into a premise or to access assets.
  • Pros: Easily remembered.
  • Cons: Easily shared.
Proximity Card Access
Magnetic strip attached to plastic card.
  • Pros: Harder to share.
  • Cons: Clone-able, shareable and hard to manage for companies with many staffs.
Networked Reader Access
System management from a single location/server.
  • Pros: Supports large facilities with multiple employees.
  • Cons: Installation and commissioning is expensive due to cost in hardware, cabling, server and etc.
IP Door Reader
Uses corporate LAN to connect readers to servers.
  • Pros: Implementation cost is manageable.
  • Cons: Not suited for multi-location requirements.
Access as a Service (ACaaS)
Connects readers to a cloud server for real-time data.
  • Pros: No server installation. Scalable. Uses existing infrastructure. Monitor from anywhere.Integrate with other cloud solutions.
Even though the conventional access control system is still very much available in the market despite its glaring disadvantages, the raising concern on security has thus made the more advanced Access Control solution more appealing and sought-after by the consumers, and the latest of them all is Access Control as a Service, acronym ACaaS.
Why is Access Control as a Service an Option?
The world has started to embrace a “sharing economy” in which people can access products and services without having to accept the burden of ownership. The previous generations such as the Baby Boomers and the Gen X are taking pride in owning big ticket items such as cars, houses as well as having their company’s own servers and large hardware. On the contrary, the new working generation is gunning for effectiveness rather than anything else in their life and work. Many of them prefer the affordability and flexibility of on-demand access, whereby they can upgrade to the latest and greatest products without having to deal with bloated up-front investments. Therefore, instead of buying cars for example, they would rather go for vehicle subscription, a business model which has been explored by many luxury car brands including Mercedes, BMW, Audi, Cadillac and many more. BMW for example, is letting their customers to choose from models like the X5 SUV, 4 Series, and 5 Series Sedans, including all plug-in hybrid versions, for only USD2,000 a month, and for the higher-tiers at USD3,700 a month, customers can choose from M4, M5, or M6 convertibles, as well as X5M and X6M SUVs. The fee offered is inclusive of insurance, maintenance, and roadside assistance. The advantages of this subscription plan are that the consumers get to experience the machine without having to care about the baggage that comes with it. Nowadays, apart from the vehicle subscription, younger generation prefers co-working space concept for their businesses, and cloud-based solutions as tools to assist in their businesses. Hence, it will be no surprise if Access Control as a Service concept will dominate the security industry as we leap forward.
With ACaaS, the core of it all is still Access Control but ACaaS applies the principles of Software as a Service (SaaS), which means that customers are subscribing to the access control software on cloud rather than installing the solution at their office’s servers on site. Hence, the whole access control experience will be different and elevated for the consumers, without having the headache of maintaining and supporting their own a comprehensive security system.

For a start, deployment of ACaaS does not require server installation on location and this alone has been able to reduce the upfront cost significantly for the consumers. With an affordable monthly subscription fee, the access control solution can be accessible via any Web Browsers and a dedicated Mobile App from anywhere at anytime. On top of that, using ACaaS frees the consumers from maintenance and support matters, which will then be taken care of by the vendor remotely. What’s more, the solution usually can be customized as it’s scalable and flexible to the consumer’s requirements. By having ACaaS as a preferred access control solution, not only can a company experience real-time reporting, but all control and management of the solution can also be done via Web Browsers, making monitoring of security smarter, easier and efficient.

The global trend projected that ACaaS will reach USD1.6bn by 2022 is being driven by 2 major factors. The first is the trend of BYOD (bring your own device) and the second is vulnerabilities in logical access security. Access control is one of the most critical physical security arrangements for commercial, infrastructure and residential properties. However, in fulfilling the requirements for access control as well, companies are finding ways to cut expenditure on the deployment that involves expensive server infrastructure for storage, maintenance & management. As an alternative, they are looking to benefit from the widespread use of advanced virtualization & cloud computing platform as well as the large-scale adoption of Internet of Things (IoT). In addition, the proliferation of corporate employee owned mobile devices and the growing employees’ demand for freedom of accessing corporate data on their own mobile device makes Access Control as a Service looks even more appealing. The time has also come for the management to put more focus on the business core rather than using the time to manage the access control’s day-to-day issues.

In short, committing to Access Control as a Service provides a company with all the requirements of access control that it requires such as low upfront investment, real-time data, remote/mobile monitoring, surveillance integration, instant reports & records, and much more.

Real-time data
Low upfront investment
Remote/mobile monitoring
Instant reports & records
Surveillance integration
TimeTec Access - ACaaS by TimeTec
Introducing TimeTec Access, the latest cloud-based solution offered by TimeTec Cloud for the access control industry. This solution is managed through cloud servers, and the smartphone is used as the major credential, replacing cards and fingerprints. TimeTec Access supports multi-tenancy, and the software can be scaled based on the load and performance needs, thereby reducing the overall operational cost of the entire infrastructure. One application serves all clients and each client's data sets are partitioned on the server and kept secure. The application itself serves as the entire ecosystem. The distinct advantage of TimeTec Access is the security updates which happens continuously – e.g. protecting the operating system that manages the underlying system. Most operating systems such as Linux or Windows needs manual maintenance, unlike cloud that provides maintenance free with no OS patches required.

TimeTec Access also offers servers that are flexible in catering to the customer’s demand. If a customer needs to add (or subtract) users or doors, then the system must be able to adapt quickly to those needs, i.e. rapid elasticity, and multi-tenancy will auto scale based on load. Since any customers can use any application-tier servers, the utilization is on keeping the overall cost low. Backup servers are in place in case of any occurring errors.

The deployment of TimeTec Access can be scalable based on your organization’s requirements at any particular time and extended to be more comprehensive as you go along. It can also be integrated with other solutions such as the surveillance system and IoTs, i.e. smart lock, smart elevator, smart alarm and etc

Smartphone As Access Credentials in TimeTec Access
"Access Credentials" or traditionally known as keys for door access has evolved significantly from the tangible objects like keys or cards, to authorization codes that require users to input a string of passwords or numbers before authorization is given, to biometrics identifications such as fingerprint, face or retina that based on your uniqueness to allow access into your office, gymnasium, laboratory, passageway or secure file closet at the threshold level.
Today, with the power of cloud computing and mobile technology; the credential management for physical access control system has been shifted to smartphone for these six obvious reasons. First, smartphones are ubiquitous as they are literally everywhere and as solution providers, it’s absurd to not tap onto the BYOD (Bring Your Own Device) concept to replace the conventional credentials as well as simultaneously cutting down the investment cost. Second, the smartphones are personal and contain various functions. They're relatively expensive and therefore more likely than not will be guarded closely by the owners and less likely to be lost or misplaced like the access cards, because losing a smartphone is a disaster in itself as people store a lot personal information inside it. Third, issuing and cancelling a credential for a smartphone is easier than for a card system. With smartphones, a credential can be created, sent over to users wirelessly and remotely through the Internet and mobile network, and can be cancelled when necessary. Whereas, cards have to be issued and provided to the users physically thus making it more costly and time consuming. Fourth, smartphones are embedded with GPS integration. Hence, the logical doors within the system database can be mapped to the physical coordinates and by using proximity algorithms, the information can be updated directly onto a Smartphone, giving users a list of doors or buildings that can be accessed within a certain range. Fifth, people don't share a smartphone with anybody, not even with your spouse or a very close friend. Using a smartphone as a credential eliminates the sharing of card problem. And lastly, sixth, smartphone authentication on the other hand, with its embedded biometric features, codes, and MAC ID combinations offer a very secure physical access mechanism.
When a smartphone is used as a new credential in the physical access control system, it is not merely a shift of authentication from one medium to another. It sparks a paradigm shift by putting a huge computing power into your credential; giving you the computing power that is even bigger than a controller. With this, it unlocks the untapped value and opens up a whole new world for the access control industry. Imagine the reversal, you carry a controller with all the commanding power, and the readers or controllers are merely passive devices that receive the signals to open or close the doors according to your preset instructions in your smartphone.
ACaaS, Access Control of the Future?
Most probably. When more and more people are warming up to the shared economy concept and aiming for a more effective solution to their issues and problems, ACaaS will fly. The fact that people nowadays are more mobile than ever makes an accessible and flexible system more relevant in the world that we live in. TimeTec Access offers a comprehensive access solution complete with App at an affordable monthly subscription with the possibility of integration with IoT as well as other solutions thus making it an amazing access solution to explore.