In short, yes. It is now.
Historically the physical access control industry has been defined by its hardware. Sure there has been software involved in physical access control, but the software has more or less been a hardware feature. Software has not been the product. With the introduction of electronic access control in 1973, we began to see the shift where software had the opportunity to take center stage. But still, up to 2020, the physical access control industry cemented itself as a hardware-centric industry. Sure, there was the occasional convergence talk between the IT and Security worlds. And, yes, there are some examples where what I will describe below is already in motion. But for the majority, it is primarily sparks, no fire.
Again, the year is 2020.
2020 is the year many of us believe a sea change happened. That sea change is when the definition of enterprise security morphed to include physical access control.
Unfortunately, it took a pandemic to highlight the additional value propositions modern physical access control systems can bring to an enterprise beyond its hardware or keeping bad people out. In 2020 it became more about its enterprise software and the value it creates beyond locking and unlocking.
In 2020 we started to see physical access control as a utility AND a tool to help with operational efficiencies. Physical access control became a critical dashboard for space utilization, occupancy sensing, and amenities booking. Physical access control also started to be used as a tool that helped let the right people into our buildings while staying true to its core value proposition of keeping bad people out.
And it did it remotely, using mobile devices, digital interfaces, and with management that took more of an enterprise software look and feel. Many of us in the industry summarize it as “we moved out of the security basement and into the IT closet.”
Now it took many innovations along the way to get to the 2020 moment. Examples of these innovations are cloud computing, mobile devices, microprocessors, computing languages, IaaS, and PaaS, to name a few.
But, as I stated above, it took a pandemic for them to get their due. Think about it, many of the listed innovations have been around since the 1980s, 1990s, and early 2000s, but only in 2020 did we start to see the new enterprise software physical access control industry get its opportunity to flex and show its actual digital value as an enterprise software solution. Overnight, security managers were unable to go onsight to manage the changes. They had to do so remotely, and they had to do so on the network. Overnight everyone became a visitor. We had to respond with new software system functionality to handle this new use case. Overnight a lot had to change (side note: this showed the software’s flexibility and hardware’s inflexibility. I know from many conversations with end users, system integrators, and hardware manufacturers that a secondary effect of the pandemic on the physical access control industry is a change in how we build and what we expect from our hardware. But that is a story for another time).
For this change to take hold and become the norm, it will need to be met by the enterprise software stakeholders to change their views and preconceived notions about the physical access control industry and redefine enterprise security. Historically enterprise security has fallen more along the digital side of things. It had yet, for the majority of companies and departments, been about the physical side. Enterprise security was about how organizations protect their data, IT systems, and information assets from theft, data breaches, or cyberattacks.
I am happy to say those days are behind us. The new definition of enterprise security is how organizations protect their people, visitors, buildings, data, IT systems, and information assets from theft, breaches, or cyberattacks.
Please keep in mind that we are still in the early stages. Only some people in the physical access control industry have evolved their business, products, and processes to match this market shift of needing to be software-centric-led versus hardware-led. We are still a predominantly hardware and project-driven industry. But there are more and more companies in the physical access control industry that fall into three categories:
- They have always been software-centric and are now in the spotlight.
- They are a legacy player that is transitioning its business to support this new market.
- Fresh new start-ups.
So what should you do with all this information?
My suggestion is to do the following:
Take a look at your current physical access control partners. Can they help you with today’s and tomorrow’s use cases? Until recently, many judged their partner based on one use case and value proposition. As I explained above, the use cases and needs have changed. So should your partners. What are your expectations? Where do your IT and Physical Security need to overlap? What resources, tools, and software can you use? What hardware do you need to support those needs?
I agree it is a lot, but there is no better time than now to reset your physical access control systems. We have come a long way since 1973.