Media Coverage

Press Releases

Media Assets

In the News

Get the latest Brivo news and updates

More Articles

SDM Magazine

Hosted System Helps Healthcare Organization Expand & Centralize

Optimus Health Care is a tax-exempt organization operating in southwestern Connecticut. Its mission is to serve as the patient-centered medical home for the surrounding communities to achieve and maintain a positive state of wellness, particularly for the uninsured and underinsured. As the largest primary care provider in the area, Optimus operates Bridgeport’s largest Ryan White HIV/AIDS program; the Women, Infant and Children (WIC) program; and provides primary care for families in Bridgeport, Stamford, Stratford, Milford and the surrounding communities.

The organization had been relying on a security provider that had an in-house server. The combination of a lack of storage capacity, non-user-friendly system, and the inability to centralize their information led Optimus to see what other solutions were available in the market. At the time, Optimus was planning to grow its presence throughout the state and had a desire to have information/technical operations centralized.

Ultimately they decided they needed to upgrade their security and started looking for better options. “Optimus has always put the security of our health center sites first,” said Tom Hill, chief operations officer. “Our goal is to maintain a safe environment to serve our patients. To that end, we were seeking a strategic partner that would support our goal and our mission.”

Optimus was committed to looking for a local business to become a true partner in security. Beacon Protection had a local office and provided detailed information on the high- tech equipment available.

“We found Beacon pricing to be competitive and having shown high levels of responsiveness to our needs, Beacon was an easy choice,” Hill said. “Beacon [is] not merely a vendor. Beacon is committed to delivering service and supporting our efforts to raise funds to offset costs associated with caring for the underserved populations within the southwestern Connecticut communities.”

Another contributing factor that lead Optimus to ultimately choose Beacon Protection as its new provider was their ability to offer mass evacuation and lockdown services. A growing concern — not only for Optimus, but for many other health providers — is the ability to combat a threat that could harm both workers and patients inside the facilities. A terrorist attack, gang-related event, or hazardous contamination situation are just a few examples in which the facilities would need to implement a lockdown or evacuation plan.

To decide which solution would be best for Optimus Health’s operational obstacles, Beacon met with the management team at Optimus Health to evaluate their objectives. One of the biggest challenges a multi-locational organization has is centralizing information, as well as the ease of access to that information.

“When we met with Optimus Health, we immediately saw an opportunity to introduce Brivo’s [hosted] product and recognized the positive effects it would have on their overall business operations,” said Adam Wilder, managing partner, Beacon Protection, Totowa, N.J. “Brivo is able to provide a system that functions properly across all premises while having a centralized hub where all functions can be controlled.”

With the data from the access control system, Optimus Health can improve operations with targeted training and feedback. All of their facilities contain highly valuable equipment and reports that are properly secured via Brivo Access control. Additionally, the cloud-based system allows management to select which employees can gain access into various restricted areas. Brivo’s user-friendly system and customer-facing platform, allowed for an easy recommendation for Optimus Health.

One major challenge Optimus had with the previous system was usability. For the new Brivo system, Beacon Protection conducted extensive on-site training to all administrative staff and technical personnel as well as providing 24/7 professional support. Additionally, the Brivo solution provided Optimus with unlimited storage capacity linked. As Optimus has grown and expanded into new locations, this has been vital to the development of their services throughout the state.

Optimus Health is currently providing services in 13 facilities covering nearly a 60-mile radius. Beacon Protection was responsible for installing 45 doors readers, and controlling all of the points of access in all of these locations. In addition, Beacon Protection was responsible for the distribution of approximately 1,000 access cards, all of which needed to be properly programmed into the newly installed Brivo system. Brivo’s advanced technology allowed for a seamless integration as well as creating a centralized hub of information for Optimus’s chief security team, Wilder said.

“One of the major challenges we needed to address when installing the system was making sure our installation team did not cause any disturbances to their daily medical operations,” Wilder added. “Areas we were accessing had sensitive information and we had to be sure to adhere to medical privacy laws.”

The resulting system and change in providers has had the desired effect, Hill added. “We needed a change in vendor services and realized the equipment we had needed a technology upgrade. Beacon has made tech improvements that are affordable and innovative for the security of the Optimus Health Center sites.”

Open Standards Coming to Access Control Products

For facility managers, open, interoperable systems can deliver many benefits, from lower life cycle costs to the ability not to be locked in to a single vendor. Over the past 20 years, BACnet, LonWorks and other standard protocols have brought openness to building automation and HVAC systems, transforming the way those systems communicate. Now, the same process is underway in the security industry, where open communication standards are beginning to take hold, says Steve Van Till, president and CEO of Brivo, a SaaS company offering physical access control, video surveillance, and mobile credentials for commercial buildings.

In the past few years, three organizations have introduced open communication standard for access control products, says Van Till, who also chairs the standards committee for the Security Industry Association (SIA).

One of those recent open communications standards came from SIA. That standard governs the relationship between access control card readers and door controllers. The SIA standard is being very widely adopted, says Van Till.

Another standard was developed by ONVIF, an organization best known for standards that are widely used by video surveillance product manufacturers. ONVIF aims to develop standardized interfaces for interoperability of IP-based physical security products. One of those interfaces is for communication between controllers and management software for access control systems.

Another industry group, The Physical Security Interoperability Association (PSIA), has also developed a standardized approach to the relationship between controllers and access control system management software. PSIA says that its “specification” aims to “standardize the communication into access control and intrusion products, making them interoperable with the overall security system.”

Neither of those communication interfaces has been widely adopted by access control product manufacturers. “We’re really very early in that process in security,” says Van Till.

The existence of competing standards is reminiscent of the early days of BACnet and LonWorks, when facility managers had to choose between two different approaches to interoperability. “I think it’s going to follow a similar course [in security],” says Van Till. “It will be interesting to see which one wins.”

There’s also what Van Till calls a “de facto” open standard for access control products. Mercury Security hardware is widely used in the access control industry. That hardware is based on the company’s Authentic Mercury open architecture model, which has been adopted by about 25 access control software providers, Van Till says. The Authentic Mercury platform amounts to an industry standard because the platform’s API (application programming interface) has been so widely adopted by software companies. End users that purchase Mercury hardware can choose among the software providers that have adopted the Mercury API. “If for some reason [end users] fall out of love with the software provider, they can switch to another head end software,” Van Till says.

Brivo recently became an Authentic Mercury partner, implementing the Mercury API as an option on the Brivo OnAir cloud-based system. And Mercury has implemented the PSIA specification as an option, marking another step on the industry’s path to open systems.

SDM Magazine

State of the Market: Access Control 2017

This year’s story on access control is one of disruptors, drivers and deciders.

It was a good year — for many even a great one. But more and more, when it comes to access control it is a tale of two markets: the small business and small-medium enterprise SMB/SME market and the large Enterprise. Many exciting changes, trends and opportunities are presenting themselves at all levels for access control (and integrated systems) customers, but the challenge is getting them to move off the dime.

“2016 was pretty good; we saw pickup,” says Bill Bozeman, CPP, president and CEO, PSA Security Network, Denver, Colo. “It wasn’t incredible growth, but good, solid, steady, predictable growth. We are a good barometer for the integration channel…. Basically on the access control side, we saw the traditional 6 percent to 8 percent growth. We had some that had double-digit growth — I know one that had 25 percent growth.”

This is right in line with IHS Markit research, which predicts a 6.8 percent growth rate for 2017, representing a $4.2 billion market. SDM’s own Forecast Study, conducted in November 2016, found that 81 percent of respondents reported their access control control sales were good or excellent in 2016, with “good” and “very good/excellent” nearly evenly split at 41/40 percent respectively.

Still, access control may have a bit of an image problem. For years it has been a stable and stalwart technology that opens and closes doors electronically — not exactly the kind of thing that gets buyers excited for change. Many disruptive technologies have tried, and often failed, to move the market along at a faster pace — how long did we talk about smart cards before they became a real market force?

This can produce some frustration. “For this industry things may be moving more quickly than normal,” says Mitchell Kane, president, Vanderbilt, Parsippany, N.J. “But generally speaking it is abysmal the pace it moves.”

However, with compelling market changes occurring in sister security technologies such as alarms and video surveillance, and integration becoming much more common at all market levels, how far behind can the access control market really be? Unlike video and security alarms, which have had significant outside pressure to change, from the IP revolution to consumer electronic trends, access control has been largely insulated, particularly in the entrenched enterprise. The industry has moved at its own pace, yet now finds itself with a wide range of options and possibilities of where to go from here. More excitingly, end users are finally showing more signs of being ready to accept — and pay for — them.

“The access control industry performed very well in 2016,” says Denis Hebert, president, Feenics, Ottawa, Ontario. “[But] the growth amongst various manufacturers was not evenly spread, as interest and benefits associated with alternative approaches to access control varied. Companies focused on the traditional client/server model of physical access control were outperformed by those offering cloud-based ACaaS models,” Hebert believes. Feenics’ subscription base grew more than 400 percent in 2016, Hebert reports.

But looking at the market as a whole can be misleading, Bozeman cautions. “Just saying ‘access control grew at X rate’ isn’t accurate. We do a lot of enterprise work and that growth rate is lower, but the dollar amount is much higher because the systems are so much larger. From a percentage perspective, managed services is higher because it is new growth.”

This is in part a reflection of a market that is more polarized than ever, says Brandon Arcement, director, product marketing, physical access control, HID Global, Austin,Texas. “From the enterprise perspective they do act differently than SMB customers. In years past they had similar needs and now they are further apart. SMB is looking for an outcome but doesn’t care how the sausage is made. The enterprise wants their hand in the technologies.”

Compliance, unification and open platforms are more strongly driving the trends at the top end, while newer entrants and technologies are lowering the barrier to entry at the SMB level.

Some security integrators get the best of both worlds. “2016 was phenomenal compared to 2015 and 2017 is looking to be a great year,” says Wally Carriero, manager of the Buffalo office, Casco Security Systems, Rochester, N.Y. (featured on this month’s cover). “We offer the hosted, managed and conventional access control systems. We have positioned ourselves to be a one-stop shop for those looking to do access control.”

Envision Technology Group, Lenexa, Kan., is another integrator that reported strong growth, according to Security Division Manager Chuck Engelmann. Founded in 2000 as an IP-centric structured cabling provider, the company entered the physical security space just three years ago and has grown by almost 60 percent, he says. “For 2017 we already have business scheduled through the first half of the year that will put us equal to 2016. We are expecting a greater amount of growth.”

$4.2 BILLION The global access control market in 2017 – Source:IHS Markit

Security integrators focused more at the top end of the market note that change is slower, but more apparent than even a few years ago, driven by a more standardized, open and unified approach to doing things.

“2016 was a really good year,” says Robert Hile, general manager, Florida, for Dallas-based Securadyne Systems (SDM’s 2016 Systems Integrator of the Year). “We had growth across all the segments but I think when you look at the enterprise the needle is hard to move. [Even] if it is flat, we are still maintaining those systems. I think our biggest growth there was from unified systems, integrated access and video.”

Mark Schweitzer, engineering manager at G4S Secure Integration, Omaha, Neb., says a rebounding economy was a boon at the top of the market. “It was a banner year for us. We are seeing a large number of new construction projects, which pretty much guarantees access control.”


The distance between the top and bottom of the market may be getting larger, but some trends transcend the gap. One of the most notable of those is the desire of all security integrators to increase their recurring monthly revenue. While managed services may be most prolific at the SMB end, larger integrators are also looking for and finding new ways of bumping up their service revenue.

“Cloud RMR is the future of every business,” says Kurt Takahashi, president, AMAG Technologies, Torrance, Calif. “What market isn’t trying to grow its recurring revenue at this point? The reason is mostly economics. It allows you to provide services in an operational model rather than a capital expenditure. It’s a natural move.”

In addition to several companies that have entered the market to specialize in cloud access solutions, including Brivo, Feenics and BluBØX, many other access control manufacturers have recently joined in (or plan to in the very near future). Vanderbilt, Genetec, and AMAG are all planning on releasing cloud or hosted/managed options in 2017, for example.

“I think cloud will definitely be the new way of doing things, not just because of access control but it is how we see the market overall,” says Francois Brouillet, product manager for Montreal-based Genetec. “If you look at how the enterprise is consuming technology, they are more and more using subscription solutions.” Genetec describes its solution, which is aimed at the enterprise market, as a hybrid cloud solution.

“We expect in 2017 to see even higher growth than in 2016 for several reasons,” says Steve Van Till, president and CEO, Brivo, Bethesda, Md. “First there is a secular shift to cloud computing that provides us with a tailwind for everything we do…. It’s all about shifting market share from traditional security to cloud-based. Since we have been preparing for that for years, our dealers are growing at a tremendous rate.”

$2.3 BILLION The total installed base of access control readers, panels, credentials and electronic locks in 2016 – Source: IHS Markit

Hebert adds, “2017 will see an even greater acceleration of the ACaaS trend, as adoption of this service approach to physical access control becomes more mainstream. The overall industry will continue to grow, which adds buoyancy to the need, but our prediction is that access control as a service will experience the greatest growth, and we are seeing this already as the new year begins.”

According to a recent report from Markets and Markets, the ACaaS market, the global market is expected to reach $1.7 billion by 2022 at a CAGR of 26.82 percent. The report found that hosted services led the segment in 2015, and that the ACaaS market in North America is expected to represent the largest market share between 2016 and 2022.

A separate report from IHS Markit, released last April, found that managed security services overall will grow at a 10.9 percent CAGR from $16 billion in 2015 to $26.9 billion in 2020. “Software-defined network deployments in cloud and hosting environments will help providers build more scalable, flexible and profitable hosted and cloud security services,” the company stated in a press release.

Other manufacturers report an upswing in security integrators putting their traditional systems on the cloud and offering it as a service to the end customer. “One of the biggest things in access control is using software as a service, which is really growing in popularity,” says David Barnard, director of dealer development for RS2 Technologies, Munster, Ind. “Three or four years ago we had two or three dealers providing that. Now we are up to almost 10 using our software in the cloud but managing it for their clients.”

While many integrators report that cloud and hosted services are currently a small percentage of their sales, almost all of those interviewed for this article reported a similar goal: to get to 20 percent to 25 percent RMR within one to five years.

“As cloud services become more and more prevalent our hosted and managed services have increased tremendously,” Carriero says. “We would like to increase our RMR on our access control systems by 20 percent this year. I think that is very doable.”

81% SDM respondents who said 2016 was a good to excellent year in access control – Source: SDM 2017 Industry Forecast Study

Engelmann says his company just launched a managed access service six months ago. “We are really just getting started. It is at less than 1 percent right now, but I think it will be substantial for us. We would like it to be 25 percent of our overall business within three to five years.”

While many larger integrators are adding RMR-based services to go after the SMB/SME market, some like Securadyne are also aiming it at the enterprise. “When you think about enterprise access control it is all capital; they have to pay to rip and replace,” Hile says. “If you go to the RMR model it is operational. Think about how IT guys buy. A lot of them have outsourced that. Hosted/managed follows that path and is being more and more accepted in the enterprise world.

“Technology has caught up now with lots of hosted and managed offerings that are secure, robust and ready for prime time.”

At the large integrator level, services also extend to much more than cloud and hosted options, says G4S’s Schweitzer. “We can act as an outside SOC. Our service center is set up to proactively manage services and we are doing preventative maintenance as well as providing a high level of response to customers.” G4S currently sits at about 25 percent RMR, he says, with a goal to get it to around 40 percent.

Another common thread is the increasing move to integration at all levels. The SDMForecast demonstrates this, with a 7 percentage point jump in non-residential integrated systems from last year’s study. (See chart, above.)

“The majority of even small eight-door systems are almost always integrated with video or intercom,” Bozeman says. “It is just logical. I took my car in this morning to have the tires redone and they had a card reader, a camera and an intercom. There is very little standalone.”

Barnard has seen a shift within the last three years or so. “We didn’t really see any but our larger clients doing integrations to the HR systems, but now even on what I would call mid-sized systems, maybe a company with one large location or a couple of physical locations, we are seeing much more interest and people actually doing integration with other outside systems.”

Integration is here to stay, says Bruce Czerwinski, U.S. general sales manager, Aiphone Corp., Redmond, Wash. “Standalone systems no longer fit today’s security model. Within the access control segment, components now work together — as they should. Industrywide, access control, video and intrusion complement one another to create higher levels of protection. This makes integrators’ jobs easier as they can provide products and systems end users want and need.”

While access control as a technology offering has been luckier than many in the security space in that it has yet to be commoditized, integrators of all sizes nevertheless feel the pressure to differentiate themselves, whether by service offerings or the level or types of choices they can offer.

For many security integrators this means carrying more lines than before, even if that is just two (one for the enterprise and a cloud offering for SMB).

“I did an informal survey last year and the average integrator was supporting over five access control products,” says Matt Barnette, president, Mercury Security, Long Beach, Calif. “The market has moved from one or two 10 years ago.”

This means different skillsets, says Peter Boriskin, vice president of commercial product management, ASSA ABLOY, New Haven, Conn. “There is a big shift in understanding and troubleshooting data-related issues versus hardware and serial data. Technicians need to have much better skillsets than in the past. For many systems integrators there has not been a lot of difference between installers and service technicians. Now there is. You just can’t troubleshoot with a screwdriver and a meter anymore.”

63% SDM respondents who said their non-residential integration spending will increase in 2017– Source: SDM 2017 Industry Forecast Study

Enrique Olivares, vice president of finance, APL Access & Security, Gilbert, Ariz., says as more and more systems involve the IT network he has tried to hire staff with IT backgrounds and teach the security portion. “It is easier to teach an IT person security than the other way around,” he says.

In fact, while SDM 2017 Industry Forecast Study respondents were not limited to systems integrators or even commercial security, when asked about their biggest challenges for 2017, “finding and retaining employees” jumped a whopping 10 percentage points from 8 to 18 percent, and from 7th to 2nd on the list, behind increasing sales.

In addition to macro trends of cloud and integration, there are a number of technologies, both emerging and existing, that also have the potential to impact all ends of the access control space. From wireless integrated locksets, to mobile credentials and a sudden renaissance in the biometric space, opportunities to excite the customer abound, Boriskin adds.

“Wireless at the door, tying back to systems that are cloud-based and being able to manage those as an operating expense instead of a large capital expense eases the discussion. Now we have credentials where you have the same one to get in the door, onto the network, for vending/dining, etc. And if you can do that, maybe you can share budget with IT or the one card office or parking management agency. All of a sudden everything that was harder to do is just a little bit easier in every facet and is helping to accelerate us an industry.”

But an influx of technologies can also complicate things, adds Richard Goldsobel, vice president for Continental Access at Napco Security Technologies Inc., Amityville, N.Y. “Wireless locking solutions are now broadening among manufacturers. There is so much cross connectivity it is almost getting exponentially more difficult when you go to quote a solution. Offerings have become so numerous that compatibility issues get even wider in terms of existing cards and credentials or phone apps. The background knowledge basis is becoming extraordinary.”

Unlike ACaaS, which is starting out much stronger in the SMB space (see below), these technologies could apply at all levels and it’s anyone’s guess whether they will have a greater impact at the top or bottom, or will penetrate the whole market simultaneously.


Hosted and managed access control so far has its best adoption at the smaller end of the market, where it is easier to deploy. But there are challenges that have hindered its acceptance by integrators that may take a little more time to get past.

“There is a huge market for hosted and managed in the smaller systems, of which there are many,” Bozeman says. “An enterprise-level system is not scary to an HP or Coca-Cola, but it would be for a guy with 20 grocery stores, or someone that just needs 10 doors and 10 cameras. That is ideal for the managed services model and good for the integrator to develop the RMR they need to survive these days.”

However, Bozeman points to a catch in the system that his organization and others are actively trying to address: financing. “I do believe there is more opportunity to create this RMR business model that the alarm company has enjoyed for 30 years now…. But why is it that now that they have all these [opportunities], they won’t do it? They can’t cash flow the business model…. The managed services model is different. You don’t get the money up front. How do the burglar alarm guys do it? It is the cost of the equipment. Systems integration is not cheap.”

Financial lending institutions traditionally lend on RMR potential, which is trickier for the traditional systems integrator to show, Bozeman says.

“The way we structure 90 percent of our loans is based off a multiple of RMR,” explains John Robuck, managing director, security financing group, Capital One, McClean, Va. “That RMR has to have a secondary market to it that enables it to have a collateral feature.”

While not all lending facilities “get” the managed security model, that is starting to change, he says. “Managed services definitely has a secondary market. As that continues to develop there will be more standardization around contract terms and the solutions that are being provided…. If you are focused on RMR you don’t have to give away the system, but if you can get enough up front, if you can show more ongoing value proposition versus just installing a system there is long-term value and a perception of worth.”

Increasingly, it seems that integrators of all sizes are getting the message.

“Cloud is becoming a bigger part of my sales model because it is an easy sell,” says Steven Pharis, CEO, Tutela, Brunswick, Ga. “Whether it is real estate with a multi-tenant building or a small mom and pop business that wants the resources of a large corporation but can’t afford it, this gives them the ability to do that through a portal as opposed to having to put in a server and maintain it. We manage both video and access control remotely. It is a huge RMR model for us.”

Gareth O’Hara, chief sales officer, Paxton Access Inc., Greenville, S.C., adds, “Cloud-based solutions offer smaller sites the same features and security an access control system can provide without the burden of local staff to support complex networks, servers and software.”

Brent Blankinship, vice president and general manager, United Fire Suppression, Cabot, Ark., says his company has started to use its RS2 system as an RMR model. “We have a server here and are collecting the revenues.”

Cloud is a very disruptive force, Van Till says. “If you look at the traditional technology adoption curve of innovators, early adopters, early majority and late majority cloud is not to early majority but it is definitely in the early adopter phase.

“The interest is there on the part of a lot of banks that finance the alarm industry. They are working to figure out how to make that happen and it will be a huge driver.”

As more financial institutions, integrators and manufacturers get on board in some way, it could lead to some major changes. For example, at press time Brivo was set to announce support for a major legacy access control panel manufacturer used in a significant number of installations that will significantly ease the transition path, Van Till says.

Read more.

Security Magazine

How to Evaluate Your Security System's Cyber Risk

Between security systems manufacturers, integrators and end users, is anyone fully prepared to mitigate cybersecurity risk?

Whether it’s an HVAC system, a point-of-sale terminal or a video surveillance camera, malicious attackers are looking for any way into your network and closer to your valuable data, systems and intellectual property. While enterprises are working to shore up the weak links of their cybersecurity systems, it’s necessary to take a close look at the cyber risks your own physical security system may bring to the enterprise.

A physical security system could let in cyber attackers or viruses in a number of ways, including weak password management, incorrect installation, a network conflict, or a lack of encryption. The greater interconnectivity of devices, while proving to be infinitely valuable for enterprises’ metrics, audits and security, also opens up new avenues of attack, as one weak access control panel could endanger the entire security system, if not the entire network.


State of the Industry

So how is the security industry doing, in terms of cybersecurity investment and preparedness? Not too well.

“Cybersecurity concerns seem to be addressed primarily as an afterthought by both the end users and the physical security hardware/software manufacturers,” says Joe Fairchild, CISSP, Security Technology Program Manager at Microsoft. “Many companies transfer the responsibility to the integrators to secure their systems, often with inconsistent results. … Some of the challenges arise as a result of IT security not being an area of expertise for many security integrators. Other challenges result from not being well versed in an organization’s cyber policies. Finally, the project scope of security integrators is often limited to installation, configuration and maintenance.”

In addition, he says, manufacturers may not have a secure, accredited supply chain for equipment sourcing, and they may not maintain rigorous security testing programs to minimize the risks associated with software and firmware updates, and to discover new vulnerabilities.

According to Andrew Lanning, Co-Founder of Integrated Security Technologies and chairman of the PSA Cybersecurity Advisory Committee, “Most manufacturers have been able to turn a profit for many years selling ‘ease of use’ and ‘ease of integration’ to their vendor partners. The default enablement of services like Universal Plug and Play simplified the discovery and implementation process for non-network-savvy installers, but it also contributes to the ready identification and exploitation of networked devices. Until the manufacturers of this equipment feel pain on the profit and loss statements, they don’t appear in a rush to improve their chipsets and firmware to enable truly ‘hardened’ configurations.”

One major risk is negligence related to due diligence, he adds: “The customers often presume that the integrator knows what they’re doing, and they have no clue about the vulnerabilities that may be getting added to their network by their security provider.”

Whose Job Is It Anyway?

So who is responsible for security systems cybersecurity? Honestly – everyone.

“Some end users have no idea how vulnerable a lot of the physical security systems installed on their networks are,” says Lanning. “And there are rarely any assurances run against physical security systems or scanning for evolving risks. … End users will have to start asking manufacturers for cyber protections, and regulated industries [such as those with high compliance requirements from the DoD] will likely be the first to switch.”

There are some security technology manufacturers and service providers that are making a concerted effort to improve cybersecurity and users’ and integrators’ awareness of vulnerabilities. IP camera manufacturer Axis Communications releases camera hardening guides for integrators; Tyco Security Products offers a subscription to end users so they can get alerts about cyber vulnerabilities;  Bosch, Genetec and SecureXperts collaborated to design and develop an IP video solution that’s resilient against cyber attacks, using encryption for secure identification and authentication through smart cards; some access control providers announced the availability of TLS 1.2 encryption all the way from the reader to the server. These are just a few of the commitments the industry has seen toward cybersecurity, but there’s still a long way to go, with many more manufacturers and integrators on the market that aren’t progressing toward cyber-savvy practices and development. Conversely, there are just as many end users who aren’t demanding it.

“There’s really a shared responsibility for cybersecurity,” says Larry Movessian, Strategic Product & Solutions Manager for American Alarm, a Brivo Blue Dealer. “The integrator should have a trusted advisor position, and through a needs analysis with the customer, the integrator can make suggestions and bring up where there are cybersecurity pitfalls and steer them in the right direction. We can also look to manufacturers to get input. Cybersecurity needs to be part of the dialogue – it needs to be as important as all the other aspect of the security system.”

He adds: “The more awareness we as an industry bring to cybersecurity, the more manufacturers will add it to their product sets and offerings.”

To continue reading.

Security Today

Mobile-first Experiences

Partnership leads residents into meaningful connection 

By Jennifer Reidy

Lifestyle Communities | LC is a niche, residential real estate development and asset management company focused on serving the specific needs of its residents through the thoughtful integration of living, entertainment and socially-focused ventures. With a portfolio of brands to serve the needs of its residents, neighbors, and communities in the Columbus, Ohio, Lexington and Louisville, Ky., and Nashville, Tenn., markets, LC is focused on delivering exceptional resident experience by inspiring meaningful connections, and providing smart living experiences. LC has partnered with Brivo Mobile Pass to deliver a mobile-first solution to support residents’ desire for mobile access to its communities.

Ability to Manage

Prior to installing Brivo OnAir, LC primarily offered physical access cards to residents with limited ability to manage, issue and revoke access control as needed. With a growing portfolio of communities across the country, it was imperative for LC to have a secure access control solution to support residents’ desire for mobile access to their communities.

Brivo was able to support the residence experience at LC by providing a soughtafter mobile application with a cloud-based security platform.

Innovative Residence

As an innovative, resident-focused company, LC sought out a mobile access control solution to meet the growing needs of its resident population. As with any residential community, people who lived in this high-rise luxury residence mainly relied on a smartphone for many innovative advantages, including access control.

“LC designs and manages its communities with a commitment to deliver a distinctive customer experience. We recognized mobile as a preferred solution for our residents, who increasingly use their smartphones for daily interactions,” chief marketing officer at LC, Chad Thompson said.

“This recognition of resident preferences informed LC’s decision to offer the new mobile feature, which creates a fast and easy way for residents to access community amenities via a certified smartphones. All Secured Security introduced the mobile pass to LC in April 2016.

“We purchased 1,600 passes (or credentials), and had issued 1,400 passes within the first three months,” IT support specialist at LC, Tyler Woodburn said. “Our residents appreciate the mobile-first solution, and our employees find that the self-service solution allows them to spend more time focusing on delivering great resident experiences.”

“The mobile pass is interchangeable with residents’ access cards—in that it can access all LC’s secured community locations, including its fitness studios, resort-style pools and other on-site amenities. However, there are many associated benefits. For example, Mike Corley, a resident of the LC Idlewild community in Louisville, would carry his smartphone and resident card to enter the pool and fitness studio, but now with the mobile pass he just carries his phone to access both locations.

“In the past, I constantly lost my resident card because it was an extra card to carry around or misplace, but now with the mobile pass, I rarely run into a situation where I don’t have my phone with me—as long as I have my phone I can get where I want to go,” Corley said.

With minimum promotion, LC has seen steady adoption of the access control solution across its resident population since it was launched in early April—after three months nearly 20 percent of the total residents across all locations use Brivo Mobile Pass on a daily basis.

“We’re excited to see the steady adoption of Brivo Mobile Pass across LC’s resident population, and we look forward to enhancing the mobile-first experience as we work together to service both new and existing residents,” said Steve Van Till, president and CEO of Brivo.

“All new residents are now issued one physical access card and two mobile credentials per unit.

“LC currently issues mobile credentials to all employees and new residents, and allows existing residents to request the pass at its primary leasing office.

“LC has been able to reduce its cost of issuing resident cards by nearly 60 percent. The solution is a complementary feature to access control cards for LC’s residents and employees, as it can be used to access secured entry points. Among the key benefits of the mobile pass, Lifestyle Communities pays a nominal fee to distribute mobile credentials to residents, but saves more than 60 percent per year from distributing roughly 2,500 fewer physical access cards.

“The solution also offers remote monitoring and management of resident access to specific entry points at each location from anywhere with an Internet connection, and it has improved resident experience and satisfaction by offering preferred, mobile- first access to LC’s facilities.

Security Today

Reaching to the Clouds

New Jersey-based real estate agency increases safety, security and saves money by installing an integrated cloud-based security solution

Century 21 Action Plus Realty is one of New Jersey’s premiere real estate agencies, employing more than 250 sales professionals. The company has seven locations covering Monmouth, Ocean, Middlesex and Mercer Counties. The agency has built its success on serving their clients through integrity, professionalism and commitment to quality service. It also recognizes that buying or selling a home or property can represent one of life’s biggest decisions and that perspective clients are looking for a real estate agent that they can trust, is well versed with the community and keeps their best interest top of mind.

For Tom Hogan, president and owner of Century 21 Action Plus Realty, attracting and retaining the best and the brightest agents in the business is key to his agency’s future. He goes to great lengths to support his team of independent sales professionals with the best resources and on-going training programs.


These programs are designed to enhance his agents’ knowledge of the latest real estate, industry and financial services available. Hogan also operates a customer service center where operators handle incoming calls and quickly and efficiently distribute inquiries to the real estate agents for prompt follow-up. Most importantly, providing a safe and secure working environment for his agents and clientele is one of his top priorities.

Century 21 Action Plus Realty’s locations were secured by an outdated access control system that had limited capabilities and was hard to administer, time consuming and costly. Changes to open and close schedules had to be made from a single, dedicated computer located in one of the offices. This required an individual with administrative rights to travel to the site to re-program the system or lock or unlock doors to accommodate changing business requirements.

As with many real estate agencies, Hogan experiences high turnover of associates and contractors, making it difficult to retrieve issued access cards, disable them or replace those that were misplaced or lost. Agents also shared cards, which made securing the premises even more difficult. Finally, the system did not provide any auditing, reporting or integration with video capabilities and updates to the existing software were unavailable, leaving the system exposed to potential hackers.

“The system was not very nimble,” Hogan said. “If we needed to remotely lock the door during the business week, it was a big process and could only be done through one stationary computer.”

The current security system could no longer meet the needs of this growing and prosperous real estate agency.

Looking for a better solution, Hogan engaged Protection 1 to explore alternate means of securing his operations. He was looking for the latest in cloud-based access control systems that could be integrated with advanced IP-video technologies.

Protection 1, working closely with its technology partners Brivo and Eagle Eye Networks, designed a new comprehensive system that could deliver the capabilities that Hogan was looking for in a cost effective solution.

The access control system was built on the Brivo OnAir platform. This platform is cloud-based, eliminating the need for local servers and software. This approach also eliminates the need for fixed capital expenses and maintenance costs to maintain an on-site, server-based system. Brivo OnAir is a Software as a Service (SaaS) solution. With SaaS models, software updates and patches are automatically delivered ensuring the site is secure from the latest threats.

To address Hogan’s concern as it related to administering the old access control system, Brivo OnAir gives him the ability to remotely manage and control his physical security at all sites from a secure connection to any desktop, tablet or smartphone – from anywhere. The system also provides for real-time alerts of critical events via email or text and ensures compliance through customized security reports. These reports are automatically delivered via email on a predetermined schedule.

As part of his new security solution, Hogan has also installed approximately seven new IP-video cameras at each of his location that are fully integrated with the access control system. With this new capability, he is able to monitor live video streams or review clips linked to important events. More importantly, the integration of the access control and video is a completely cloud based solution, allowing for total flexibility right down to a specific camera in terms of storing video in the cloud or on premise. Cameras are placed both inside the offices to monitor areas like stairwells and outside for a view of the entrance and parking lots.

To view the full article.

How Integrators Fit Into The Changing Model for Managed Access

Experts advise integrators on why, how and when to consider offering a cloud-based managed approach to access control.

It’s an access control service with many names: hosted, managed, cloud, shared. Whatever you call it, the idea is for security integrators to take on more of the responsibility of the hardware, software, processes and maintenance — and, more to the point, enjoy the recurring monthly revenue it brings in.

Historically, few security integrators have been willing to take this on. Unlike security dealers, who have access to 24/7 central stations and are based on the RMR model, the integration channel is unused to the concept and has often found the idea overwhelming. In fact, when Gene Samburg of Kastle Systems, Falls Church, Va., first conceived the idea of managed access control in the early 1970s, implementation was cumbersome and it was tricky to hit on a winning formula (see “Managed Access Has Come a Long Way,” page 69). But in recent years this has changed dramatically due to advancing technologies such as IT-based systems and the cloud.

“There have been tremendous advances in cloud-based access control recently, as cloud computing has opened a world of possibilities for the systems integrator,” says Lukas Le, director of cloud services, Galaxy Control Systems, Walkersville, Md. “The trend we are seeing is for integrators to take on more services that they can offer to their end users to become a ‘total resource’ for the customer. This trend is supported by open platform technology that enables seamless integration between door hardware, access readers, software and other system components to allow dealers and integrators to utilize best-in-breed solutions.”

Cloud solutions make things easier for the security integrator, adds Brian Matthews, director of sales for Feenics Inc., Ottawa, Ontario, Canada. “They don’t have to be as sophisticated. As margins get tighter, integrators who want to stay profitable need to move to something. Services are profitable.”

Patrick Barry, CEO of BluBØX Security, Andover, Mass., says this is part of a larger big shift in the security industry in general and access control in particular. “The entire security industry is moving in the direction of providing security services. This is due to globalization and the commoditization of the industry. Systems integrator margins are eroding and they are looking for new ways to supplement the margin with things like managed access. It is becoming a necessity and the migration is mostly because of economic factors. At the same time, customers have become more sophisticated and more demanding of product and service. Systems integrators face a tough problem: ‘How do I compete while making enough money on the initial sale to keep my doors open and get paid for the ongoing service that customers demand post-installation?’ Physical Security as a Service (PSaaS) and recurring revenue solutions are a win-win for everyone,” he says.

This is the conclusion that some integrators are just starting to come to, adds Steven Turney, security program manager for North America and Canada, Schneider Electric, Carrollton, Texas. Turney recalls a conversation he recently had in which an integrator partner was lamenting that customers kept calling him for things such as changing time schedules because they had forgotten how, until he finally realized it was an opportunity to take over that task for the customer, for a fee.

“It was a really interesting conversation,” Turney says. “I am seeing this epiphany just within the last two to three months where they are starting to realize they are missing an opportunity.”


For security integrators grappling with the question of whether they should start down this path, Turney advises first stepping into the hosted model, which is an increasingly common architecture. It can be hosted by the manufacturer or the integrator, depending on how it is set up from that particular manufacturer, and it provides the integrator RMR for simply hosting the platform. From there — as more of Turney’s integrator partners are finding — certain end users have an appetite for more services.

“Most of our partners are doing the hosted deployment,” he says. “The customer is still managing their system from day to day, but they can get rid of the burden of having servers…. The only real difference from what we used to do versus today with the cloud is where that server is sitting, who is paying for it and how it is supported.”

While integrators are starting to get into hosted access control, often they stop there, says Scott May, regional sales manager for RS2 Technologies LLC, Munster, Ind. The reasons range from cost of software, server and what type of customers they want to service, to the manpower required for managing the system, he says. “Do they want to sell managed services or just hosted and allow customers to log in and manage their own?”

More and more manufacturers are introducing platforms that make hosting an easy proposition today. “In the access space a number of integrators have created managed platforms, but that required them to invest heavily in hardware and software and cobble together a solution to make that work,” says Robert Lydic, global vice president of sales, ISONAS, Boulder, Colo. “We wanted to develop a platform that is in the integrator’s best interest.” The ISONAS model allows the integrator to buy licenses that allow them to have multiple end users underneath their individual log-ins. “It is an off-the-shelf managed platform that requires no hardware or software to get the platform.” It can be either hosted or managed.

Systems like this and others from the likes of Brivo, BluBØX, Feenics and others are a far cry from what Feenics founder and CEO Sam Shalaby found in his 34 years as an integrator. “We have been doing managed services since 1989. The frustration of our experience was technology. It just wasn’t there.” That was why he decided to found a company that could help others.

“Our platform allows the integrator to get into the model of managed services without a major investment on their part.” Still, Shalaby admits, there is a need to educate the channel about opportunities like this. “There is a little bit of reluctance from the average integrator because they are not used to that recurring revenue model. They don’t know how to step into it.”

There is also a misconception that managed services requires a full monitoring or operations center set-up, which isn’t always the case anymore, depending on how “managed” you want to be. (See “The Hosted-Managed Continuum,” page 72.) “ You don’t have to have a monitoring station to be in managed services,” Shalaby says.

“The VAR can gauge what business model he wants to get in. They can ease into it. They can start by providing daytime services and exceptional service at night. They can do it from their home if they want to [on a mobile device].”

As the means to do it gets easier, some security integrators are increasingly deciding to go for it. “Some of the more savvy integrators are starting to invest in these types of solutions, particularly as end user acceptance grows, says Stuart Tucker, senior director of enterprise solutions, AMAG Technology, a G4S company, Torrance, Calif.

“This represents a continuous revenue stream for them and a lower upfront cost for the end user. It’s easier for the projects to get funding support, and allows for capability, which is difficult for many large companies.”

There is also a common perception that managed access control is only applicable to a select set of customers — property managers and small- to medium-sized businesses that don’t have an in-house security department. While this is still mostly true, technology advances, changing buying structures and a shift in attitudes about outsourcing are slowly changing that dynamic.

“The things you can do are so much greater today and it is the expectation today,” Barry says. “If you broaden the definition of managed to include providing security and redundancy for the system, having the ability for the customer or integrator to manipulate the system from anywhere, have integrated visitor management and really understand the broader implications, it is [potentially] for every single customer.”

The trend is at least getting security to the cloud, Turney says. “IT departments are used to this notion of support agreements and outsourcing … and now are actually recommending security departments push [things] to the cloud.”

Once it is in the cloud, then it is about individual use cases, Tucker adds. “If you understand the value propositions and why a company would want to have security provided as a service, then you will understand what you must be able to deliver in that respect. Start-up costs may seem high, but recurring revenue is the gift that keeps on giving as long as you can meet the customer’s expectations.”

Managed access just makes sense in certain cases, says Charles Anthony, vice president of sales and marketing, SecuraKey, Chatsworth, Calif. “For the right application, managed access control realizes the true value of access control by keeping a system running efficiently, effectively and economically.” And the security integrator is in the best position to do this as the expert in the system he or she designed and installed.

Matthews recommends doing a “root cause” analysis to determine if this model is right for you. “Look at your customer base and see what problems they have had. Were some of those problems self-inflicted? That is a perfect case for managed services. From a hosting perspective, have they ever had a server crash? What about updates? Would they like this headache to go away? If done right managed services provide the customer better service and lower total cost of ownership.”


While it is true that implementing managed access is easier than ever before, there are still some considerations and challenges integrators will face when starting out.

“It is a bit of a mindshift,” Shalaby says. “You have to change your culture a little bit, but you are rewarded for it because you are paid monthly.”

This mindshift includes making sure technicians are IT savvy and understanding how to provide service remotely. Integrators need to be well versed in the “jargon” of cybersecurity, Turney says. “Concepts, specifically around encryption and how the data is handled are conversations that always come up with the IT department.”

Beyond that, make sure you are prepared to follow through, Tucker cautions. “To do this correctly integrators need the right IT resources (people and equipment)…. There are maintenance responsibilities that accompany taking on a hosting operation and a provider must be aware of and able to manage these requirements or be at risk for failure.”

On the sales side, there is the leap from straight commission sales to selling RMR.

“Change your commission plan to account for the RMR aspect of what they are selling,” Barry recommends. “They are still selling 95 percent of the same things, but put in a plan that not only addresses what they are selling one time, but has a kicker in there for RMR building up over time, like an annuity. You can pool all the RMR and give them a piece of it, or take three years’ worth of RMR and treat it as a one-time sale and commission them at the time of sale.”

Mitchell Kane, president of Vanderbilt Industries, Parsippany, N.J., says commissioning is one of the most important elements. “The biggest requirement is for the integrator to set up a compensation plan for the sales department that drives the behavior and keeps them motivated. Unlike the conventional central station alarm business, 100 percent of access control revenue is typically achieved at the time of sale. With this model, revenue is more of an annuity; the installed base has to be built up over time before meaningful profit is realized.” Vanderbilt just released a hosted solution in late 2016, he adds.

At the top level, reasonable expectations are key, Le adds. “Management must be committed to its success, be willing to invest what is necessary, and allow enough time to show proper sales results. If the management team is looking for quick profits, then failure will surely follow.”

Another important consideration is the security of the server. There are two types of cloud — public and private — and integrators first must decide which they are using. Private requires more work, but may offer greater security. Many manufacturers offering cloud solutions do so using reputable and highly secure public clouds, such as Amazon, Microsoft Azure and others. This allows them to offer an easier path for the integrator, while still maintaining the security customers demand.

For those that are hosting their own server, choose wisely, says Shawn Sharp, president of Kingdom Security LLC, Houston, an RS2 integrator. “Make sure to spec out a server that will grow with the system. The software is a large cost, but … we were able to allow the software to grow as we won projects. Most of our cost was setting up the production server then configuring a backup and making sure it all worked without having the customers to cover the cost. We chose to do it right the first time as a long-term play for our company.”

Finding the right vendor partner is critical; whether you work within your existing manufacturer structure (especially as more of the main players get on board with hosted and managed options) or choose one of the newer cloud-only solutions, look for one that is willing to help you with the process.

“The integrator needs to talk to vendors and see which one can help him the most, not just in getting the product or technology, but does this vendor have the technology that is evolving? Will they help me grow or can they teach me? Integrators want to get into it, but there is still this hesitance,” Shalaby says. “We do a lot of hand-holding because we have to. This is new.”

BluBØX also does its share of hand-holding, Barry adds. “If our integrator partners are not equipped or staffed to provide these services then we can provide them for them, for a fee, and they can still make money offering the service. We also teach our system integrator partners the PSaaS RMR model and what they can expect to earn for various size systems.” On average, this number is 40 cents of RMR for every dollar of equipment installed, he says.

Some integrators and other non-manufacturing partners are even willing to help out their fellow integration companies with hosting or managing systems. “Kingdom Security offers a reseller program for all RS2 dealers,” Sharp says. “This allows integrators to get into the hosting services without the upfront cost. Once the dealer or integrator gets enough customers to justify setting up a server it’s an easy cut-over process.”

Once you have your provider, your staff on board and are all set to begin, then it is time to get down to details, Turney adds. “From a people perspective they first have to figure out what are their support operating hours going to be? Will they stay with the traditional 8 to 4 or 9 to 5 scenario, or go 24/7? If they do that, then they have to figure out how to handle staffing.”

Steve Van Till, president and CEO of Brivo, Bethesda, Md., says he receives many questions about how to price services. “There are higher rates of hosting adoption now, so that has put more integrators in the position to think about doing a managed service on top of that. But there are a lot of questions about how much others are charging for this or that.” He recommends checking the GSA schedule, which has listed prices for the government. “It is a starting point because it gives a menu.”

Finally, it is time to get the customers on board with the plan.

“Look at your customers from a service point of view,” Turney advises. “Where are those calls coming from? Any specific customers? Types of calls? Maybe those are the customers you approach first. Use your in-house analytics and say, ‘Mr. customer, you called us 15 times in the last few months. We are always happy to support you, but we think there is another option that will help you save money. Are you interested?’ That opens up the door to the conversation about managed access.”


If an integrator is considering offering managed access (or even just getting into hosted cloud access), most experts agree: the time is now.

“The advice I would give them is to jump in with both feet,” Lydic says. “Managed access control is an exploding market with the advent of IP products and cloud services. It allows them to increase customer retention and profitability and satisfaction; and due to the technological data associated with access control being so small, it really scales in a manner the likes of IP video struggles with.”

Turney adds: “Don’t be afraid of it. Just because it is different doesn’t mean it is hard. Do your research and homework, especially on IT and the protection of data, because you are going to get asked about it. Then sit back and evaluate what your needs are as an organization. What is going to help you? What else are you going to have to learn? Then just do it. It is not a major hurdle to overcome in comparison to what you were traditionally doing in access control.”

In fact, the general trajectory of access control systems over the last several years is making things easier, if anything. Open systems not only make it simpler to integrate and migrate systems, but can ease the transition to cloud hosted or managed for the customer, as well.

“If I have a legacy system, how do I move? One of the reasons we started with Mercury is they have so much equipment installed out there,” Barry says. “Anyone that has a Mercury controller can easily move from a legacy system to the next generation without replacing any of their hardware. The nice thing about cloud-based is you don’t have to touch their system until the moment you are ready to switch it over.”

In fact, Mercury is trying to make it even easier to do this, says Steve Lucas, vice president of sales and marketing, Mercury Security, Long Beach, Calif. “The other side of the managed services piece is we recognize that within our products there is a lot of data around maintenance and run-time operation around our controllers and things connected to it. We continually try to improve and expose that data so third-party systems can connect and get data such as the health of the network and uptime and other things important from a maintenance standpoint to help out the integration channel.”

Not only can this make remote services easier to do, but it also provides more data to offer the customer as a service, he adds. Managed access control may be just the tip of the iceberg, in fact. Many see it as the entry to much more service-oriented offerings, some of which are just beginning to be understood by the channel.

“You need to look beyond traditional access control that is out there today,” says Steve Spatig, general manager of electronic access solutions at Southco Inc., Concordville, Pa. Southco provides cloud-based access control solutions for non-traditional openings such as equipment, data racks and cabinets. “Integrators should be looking at the latest technologies and not get too bogged down by the way it has always been done. The whole nature of these systems is that they are remotely managed, without having to put in the level of effort required for older, wired solutions that required rolling a truck to perform service.”

Barry sees a need for a complete overhaul of definitions around services. “First, the industry needs to update its definition of ‘managed access’ because it is very old fashioned, along with the services associated with it. The world has moved on and left the security industry behind and it’s time for us to play catch-up.” Barry suggests a new term should be PSaaS.

“It encompasses so much more. Would you include system support? I would. Would you include automatic equipment replacement or upgrade? I would, because you can’t just let it sit there and die. What services can you bill your customer for? What things can you do to generate RMR?

“I think people are missing the big picture of what they should be transitioning to — supplies as a service, issuing cards and visitor badges, digital credentials and annual increases. Make sure you are increasing by 3 to 4 percent every year.”

But, Barry cautions, the window of opportunity for doing this may be short. “I would say start as soon as you can because PSaaS is a ‘land grab.’ Once a customer starts with PSaaS, they tend to stay with it and the company that is providing it because it is a win-win for both end users and systems integrators. The sooner you start, the faster you will move ahead of your competition and the more customers you will get and keep.”

Managed Access & the Cloud

It is hard to overstate the impact the cloud has had and will continue to have on managed and hosted access control, and integrators’ abilities to offer it.

“The cloud is allowing them to scale and not have a substantial capital investment,” says Robert Lydic of ISONAS. “They don’t have to purchase servers and software and hardware in order to talk to customers.”

The cloud lets manufacturers like Feenics offer scalability and capability that just weren’t possible before, says Sam Shalaby. “The mobility that cloud provides did not exist before. If you had a system with 100 readers, to introduce redundancy was very, very expensive. Now the cloud does it much cheaper.”

If there is a “downside” to the cloud when it comes to managed services it may be that it makes things too easy, says Brivo’s Steve Van Till. “Philosophically, when we created our system, our orientation was much like any other online website, which was ‘Let’s make it simple enough that someone with little to no training can figure out how to use it and enjoy all the benefits of a self-service model.’ In our thinking we have created more of the Amazon experience than the hardware store experience.”

To continue to the full article.

Stop Lingering

Software updates hold the key to cyber security


Security threats are on the rise and as IT security teams increase their scrutiny of all network-connected devices, it’s time for some new thinking about the design and maintenance of building security systems. Building security systems are inherently part of the Internet of Things (IoT), however they tend to be woefully neglected network devices. This point was underscored in a recent Distributed Denial of Service (DDOS) attack, which enlisted IoT and security devices into a robot army directed at the Internet services provider DYN. Many of these devices had fundamental design flaws or default passwords that made them easy targets.

Fixing the Flaws

Today, many building security systems contain embarrassing rudimentary cyber-security flaws. Many remain on the same software and firmware versions for years at a time—even when critical patches are available. Too frequently, companies adopt the practice of deferring software maintenance until the system breaks or a new feature is needed. Quite often, building security systems are running obsolete operating systems along with outdated application software and device firmware with known exploits. For example, some of the devices used in the DYN attack were running firmware that was years old with known vulnerabilities that had long ago been patched by the manufacturers.

Security systems installers are complicit in sustaining these conditions by failing to offer pro-active maintenance plans or properly advising customers of the need for regular system patching.

Security system manufacturers often compound the problem by making updates expensive or time consuming to obtain and apply.

And yet, our building security systems are becoming more connected via the network and Internet. While things on the Internet are changing by the second, building security systems may be stuck in the past. These factors make building security systems prime targets for miscreants astonished at the luck of finding a highly interesting plaything with such obvious flaws.

But in many cases this is not a technical problem; it’s mostly a focus and financial issue. It’s the same dynamic that causes governments to require annual vehicle inspections or health plans to require periodic physicals or Apple to give you so many annoying prompts to upgrade your iPhone.

Most people just don’t have the time, money or inclination to pay attention to maintenance. Unless we are compelled to do it, there is always a reason to avoid doing it. So there is the answer— we must be compelled to do it.

This position is validated by information published in Cisco’s Mid-Year Security Report 2016. This report details the major differences between the strong auto-update policies of the Google Chrome web browser and the weaker update policies associated with Microsoft Office. The strong Chrome “opt-out” update policy drives around an 80 percent compliance with updates. Meanwhile Cisco’s statistics show that most users of Microsoft Office stay for very a long time on their installed version, even when updates are available.

“Many large vendors are holding up their end of the security bargain by releasing notifications, fixes, and distributions of vulnerability patches in a timely manner. But this attention to patching is not reflected in end users—and, as a result, they are compromising the safety of themselves and their businesses.”—Cisco Mid-Year Security Report 2016

These facts point to the reality that security is strengthened through a process of evolution and also that many of us need a stimulus to evolve. To support this end we need an updated approach to building security system maintenance.

The Value of Convenience

As consumers, we value convenience, cost and functionality perhaps at the peril of cyber security, at least until there is an incident involving one of our services or devices. At that point, we will turn to the provider or installer of the device and accuse them of malfeasance in the provision and support of “their” system.

The provider can certainly be blamed for failing to implement good security hygiene in the design of the device. The installer is accountable for leaving default passwords and open ports configured. But who is accountable for failing to provide continuous monitoring, vulnerability assessments and maintaining patch levels for building security systems?

As Shakespeare wrote, “the fault my dear Brutus lies not within the stars, but within ourselves.”

How can the manufacturer be responsible for vulnerabilities discovered in underlying components long after the device is purchased? How can the installer be accountable for keeping systems patched and up to date when the customer chooses not to pay for routine maintenance? How can the customer be blamed for not wanting to upgrade with a working system and risk some type of failure or outage? How can anyone be blamed when there is an explosion of devices and software that need constant attention?

To stop the blame game from continuing within the security industry the path forward requires three essential changes to the typical approach to design, installation and maintenance of building security systems:

All parties need to increase their “cyber IQ.” Everyone from manufacturers to installers to customers needs to understand and appreciate how their choices and actions impact network security. Ultimately security is a set of choices inside a race of imagination. If we don’t work to understand the threat, we are choosing to fail before the race has even started.

We need to adopt business models that contemplate a living system versus a one-time sale. There is 100 percent certainty that a system remaining unpatched for months or years will eventually contain a known vulnerability. Everyone in the value chain needs to be prepared for this reality. Manufacturers must include security patches in subscription services, installers must insist on contracted maintenance and provide routine upgrades, customers will need to accept and pay for updates that are not driven by features.

A technical model that minimizes transition risk and makes upgrades almost invisible to the customer. This is primarily a challenge for the manufacturers. We have to learn from the Google Chrome model and find ways to update software and firmware with minimal cost and interruption. We must implement strong auto-update capabilities that are readily available and seamlessly installed. We must take responsibility to monitor our own devices to ensure that they are secure and not recruited to form a bot-net army.

Fortunately much of what we need to respond to these conditions is available to us today. Cyber security education is widely available to us. We can follow secure development practices as we create our products. We can perform continuous monitoring and vulnerability testing of systems while in production. We can deploy patches uniformly and quickly across numerous devices in a cost effective way without inconveniencing customers. We can have the discipline to avoid insecure products and practices when delivering our solutions.

Many industries have proven that all of these things are possible. Now is the time for the security industry to step up to this challenge, as we are compelled to do it.

Security Sales and Integration Magazine



Establishing closer ties to manufacturers and monitoring providers can give security professionals seeking to boost business the upper hand. Learn how partner program participation can stack the deck in your favor for generating more sales, support and profits.

DEALER PROGRAMS ARE NOT NEW to the industry, but many emerging programs are, as increasingly more manufacturers are unveiling them to attract dealers. Sifting through the myriad options can be daunting for dealers looking to grow their businesses via program partnerships. How do security professionals know when to play and when to pass, so to speak, on particular opportunities?

To make the best decision possible for their individual businesses, dealers and integrators should closely examine their individual business model and expansion objectives. Most programs offered by manufacturers provide product discounts and training to enable dealers to effectively sell their brand. Aligning with a manufacturer specific to the types of installations they design and sell (i.e., IP/video surveillance, access control, etc.) makes good sense for dealers seeking to really become an expert in a brand and leverage free training, technical support and other program perks.

Ahead we see what’s in the cards for three industry dealer programs and gain perspective from participating dealers on how those partnerships are reshaping their businesses. A sidebar box provides a sampling of company URLs that will lead you to information on many more partner programs to peruse.

Strauss Security Says Bravo to Brivo

A family-owned business in operation for some 85 years, Strauss Security Solutions of Des Moines, Iowa, is a full-service residential and commercial security company. Its scope of services spans burglar alarms, video surveillance, fire detection and access systems. Strauss met with Brivo, a leader in cloud-based physical access control and mobile credentials, six years ago at ISC West and embarked on their partnership very soon after.

“We partnered with Brivo mainly because of the strong support they provide us,” says Karen Goldsworth, sales manager, Strauss Security Solutions. “We especially like being able to enhance our recurring revenue with their cloud-based card access and CCTV promotion that we’ve used through the dealer program.”

Other key support services Strauss enjoys with Brivo come through its lead generation, advertising, promotional and training programs, according to Goldsworth.

“We’ve been able to do more regional and print and radio promotion, which we wouldn’t have been able to do otherwise,” Goldsworth says. Although she notes that the results of radio advertising can be hard to measure, she says Strauss manages to track very solid results from their print ads. Much of that comes from marketing to business leaders through a local publication, The Business Record.

Training is another key attraction to the program for Strauss, who points out Brivo’s user-friendliness and online educational video library as a couple of partnership benefits that have helped the dealer grow its business. “In addition to Brivo University, Brivo provides resources and tools on their website for our techs. Their help screen is one of the easiest to use, so when end users have questions, I go to their site and download the PDFs and send them to the end user,” Goldsworth explains. “Their support brings validity to our company not only through promotion opportunities but also through their Dealer Council, which allows us to provide end-user feedback back to the manufacturer.”

To that last point, Goldsworth says she’s impressed that the feedback actually impacts the solutions Brivo and Strauss can offer customers. She relays how one end user’s business was open every other Saturday, rather than every Saturday, which made setting and changing the access schedules somewhat time consuming. Brivo addressed the issue with a tweak that resolved the hassle. “So I always tell customers when we’re installing a solution if there’s anything they see that they’d like to tweak, this manufacturer is so willing to make enhancements. We’re extremely impressed with the support,” she says.

For those considering a dealer program, Goldsworth emphasizes they take advantage of the growth opportunities and have employees trained on the products. “When your staff knows it, they’re able to share it with their end users and this makes installations go smoother,” she says. “Partnering with Brivo has allowed us to open into markets that we otherwise wouldn’t have.”

To view the full article.

The Future of Mobile Credential Standards

It’s time for the security industry to realize the benefits of mobile credentials.

By, Steve Van Till, President & CEO of Brivo

Over lunch recently, a former Secretary of the Department of Homeland Security asked me, “How long do you think it will be until mobile credentials fully replace plastic badges and cards?” My reply was that “I would like to see it happen within the next five years. I usually give that number in public, and it always stirs up discussion. However, the reality is probably somewhere between 10 years and never.” He paused for a moment and said, “You’re way off. I think it’s going to be within three years.”

The former Secretary clearly works with a different constituency than I do on a day-to-day basis. Not a huge surprise. But his view is intriguing because somewhere, there’s a group of corporate and government leaders who are pushing this technology much harder and much faster than what we see in the commercial security channel, where old habits die hard. They must see the benefits for trust, convenience and cost that are primary motivators for people concerned with ROI and effective defense at the highest level.

Taking it further, though, we agreed that the various timeframes we bandied about for adoption of mobile credentials depended a great deal on standards. But standards cut both ways. On the one hand, they can be an accelerant, removing technical and financial uncertainty so that manufacturers and buyers alike can feel confident that they are placing their bets on a technology that will last. On the other hand, the process of creating and adopting standards can be very protracted. This can delay implementation decisions for many years while everyone sits around waiting to see which standard will win.

In the midst of this standards conundrum, what seems to have triumphed often in recent years is the promotion of a de facto standard. Such standards begin their lives as proprietary implementations belonging to a single company or perhaps a consortium. Then, through a combination of market dominance and open sourcing the underlying technology, they become widely adopted as the path of least resistance. By the time the standards are actually published in their final form, there can be many nearly compatible products on the market or nearly ready to be released.

And then there are the cases where no one agrees with each other and an entire genre of products remain incompatible with each other for many generations. Users suffer. Profits suffer. Technology suffers.

In the case of mobile credentials, Bluetooth is the odds-on favorite for radio transmission of credentials between smartphones and readers. Everyone has it on their smartphones already, and it’s free of the implementation headaches of NFC and its dependence on device manufacturers’ APIs, SDKs and “secure elements.”

But Bluetooth alone is not the end of the story. It’s not a “full stack” protocol. It doesn’t specify the application layer – the part that distinguishes one use case from another. It says nothing about what kind of data is transmitted, its format, or what it means to the transmitting and receiving parties.

For mobile credentials exchanged between smartphone apps and readers, saying that they all use Bluetooth does not mean that they will work with each other. Every mobile credential app in the market today is manufacturer-specific, and only works with that manufacturer’s hardware. If users need to access buildings that happen to be equipped with components from different sources, they will need to have multiple apps and multiple credentialing processes for each.

This is extremely inconvenient, to say the least. It is also error-prone because there are more credentials and systems that need to be managed, and in many cases be consistent with one another.  That makes it ultimately less secure than what could be accomplished with unified management and a common credential format.

This problem is being attacked by a number of organizations, both inside and outside of the security industry.

The Security Industry Association’s Standards Committee is one organization working on creating common standards for mobile credentials. Specifically, the Cloud, Mobility and IoT Subcommittee has formed a working group to study the possible scope and levels of standardization that might be practical to pursue for access control systems and smartphone apps. The working group has received several proposals, and remains open to additional technical approaches.

Unfortunately, this standards activity is occurring at a time when many manufacturers have already invested significant resources in creating their own proprietary credential exchange protocols. These circumstances mean that if and when one or more standards are published, manufacturers will need to decide whether to invest additional resources in conforming to the standard – assuming they see convincing business value in doing so.

An analogous standards battle is taking place in the IoT community. The standards are not about mobile credentials as such, although they do include the broader concepts of trust, authentication and data exchange between smartphones and IoT devices. They also address these same transactions among groups of IoT peers, and with other computing services in general.

What they also have in common is that they are all published and open to debate. Dozens of them.  They are available for public review and commentary right on the Internet. Many are open sourced, and can be evolved by the entire community of interest. Some are promoted by industry consortia with hundreds of members. But they are all aimed at making devices and services more interoperable with one another.

The point is that the IoT industry (if it can be called a single industry) is making an effort (or many efforts) to put standards in place for important classes of interactions between our connected devices. That’s because they know the price of not doing so: frustrated users, lower security, slower growth for the whole industry and higher maintenance expenses for all.

The security industry should take note. The secure exchange of credentials between people and systems is one of the bedrock requirements of physical security.

Let’s get it right. Even better, let’s do it in the next three years.

Review: How well does the Brivo Mobile Pass App work?

Sharing access to a smart lock among 100 people

By, Tom

I work out of a coworking space for my 9-5 gig and there’s a pretty large number of people there. Between companies based out of the coworking space, individuals with dedicated desks and then community members at the shared workspace there’s probably in excess of one hundred people, just at the Hill Street location. Despite coming from working in all kinds of different industries (ranging from designers, developers, photographers, video editors, and even faith-based ministries) we all share one thing in common: we all need to get inside!

Let’s start with the great

The solution we use is called the Brivo Mobile Pass, and it’s an app available on both iOS and Android devices. I use the app on my iPhone 6s+. The app allows users to open locked doors with their smartphone, which is a great system for us because it allows us 24/7 access, even after the staff of the coworking space have left the building. It also provides the owner with a list of who accessed the building in the event of that being necessary.

How does it work?

The app allows a user to select a location, a specific door, and even ‘bookmark’ a preferred entrance when you open the app. You tap a button on the screen when you are close to the door and the app lights up green you hear a slight click and you know the door is unlocked. It’s dead simple. In fact, there’s really just one button:

It usually works

Very rarely, and only very rarely, does the Brivo Mobile Pass application not let me in. For me the app has worked 99 times out of 100. 95 times out of 100 I get into the building just fine. Four times out of a hundred, maybe, I’ll have an issue that seems to arise when there’s a weak wifi connection from the coworking space’s router to my phone. I’ll get an orange ‘failed’ screen and need to use the pass again. Usually when this happens I’ll kill my phone’s wifi connection and tap the button. Only once was I locked out completely — this may have even been from the coworking space owner messing with the door’s settings. I was able to get in after using the app at a different door.


There was one day I walked to work and my phone died en route. I didn’t have access to a charger and luckily I was able to charge my phone from my laptop (which took a few minutes) to power on my phone to open the door. That seemed a little backwards, but I guess it just goes to show how important it is to leave your phone charged.


From a user perspective, there really isn’t much in the way of settings. It’s really as simple as touch the button on the screen when you’re close to the door and walk inside.

Final Thoughts

I’d recommend the Brivo Mobile Pass to anyone looking to allow people to use their phones to enter physically-secured locations.


One-time configuration, easy to use & works for multiple doors and locations


Flaky wifi can make opening a door occasionally difficult


Overall, I recommend this app

Smartphones: A gateway to tokenless physical access control

While biometrics continue on the road to adoption, smartphones are the most likely candidate for a first generation of frictionless physical access control systems.

“Everyone has a phone, and they’re only going to become more and more powerful and capable. So it makes perfect sense to think about how we can use this to help solve problems in everyday life, including security,” Cusack says.

In addition to phones, the wearable market – such as smart watches – are offering opportunities for a place to store the credential, or to work in concert with a mobile device to enable access. Bluetooth Low Energy tends to be the preferred way of communicating with mobile devices because it allows for a definable distance, and it can work in many different applications. A Bluetooth reader could challenge a mobile device to determine whether to grant access. Or a person could walk up to a door and hold up a phone, and then the system would ask the person to enter a PIN on the phone to gain access. A PAC system could also combine both scenarios to create multi-factor authentication.

One example of an existing mobile system is Brivo Mobile Pass, a cloud-based digital credential system that allows users to unlock doors with their smartphones. Instead of using a local reader at the door, Mobile Pass communicates with Brivo’s cloud system through a cellular network, or through Wi-Fi if available, and remotely commands the door to open up with a tap of a button.

Brivo launched Mobile Pass about a year ago and made it available to its existing customer base so that they didn’t have to change out their reader equipment. Later this year, Brivo plans to introduce a Bluetooth capability for the app.

Hardware upgrades necessary

The transition from plastic to virtual has to be planned out and managed, Focke says. That means educating users on how to use virtual credentials. “Most customers can’t just flip a switch and say, ‘OK, next week, we’re doing it all virtual,’ because there’s an installed base of plastic cards that have been issued to all the employees, and you can’t do it all at once,” he says.

Transitioning to frictionless access will involve a greater shift in terms of hardware than software. “The majority of our players are already working with credentials, readers, electronic locks and biometrics,” Mooney says. “So I don’t think it’s going to be a significant leap on the software side.”

Upgrading or changing out readers will be a necessary first step to enabling systems on the front end. “What you want to do is get a reader that still reads the old cards so that people transition – go from card to virtual credential – easily,” Focke says.

Companies would also need to change out their back-office integration systems to upload credential information to the physical access system.

Because of the logistical challenges of installing a new system, companies that are offering cloud-based products should have a much easier time getting these products to customers than companies offering traditional, on-premise systems, says Brivo’s Van Till.

Improved standards could also help enable tokenless systems to make different systems and readers interchangeable. Right now, one vendor’s PAC system can work only with that same vendor’s readers. Focke says a Security Industry Association standards committee is in the works to develop a standard similar to its Open Supervised Device Protocol (OSDP) to cover virtual credentials.

Early adopters of tokenless physical access control systems

Tokenless physical access control systems more than likely will go into use in some types of businesses before they do in others.

Property managers are one group that’s shown a great deal of interest in these kinds of features, as their tenants like the feeling of high-tech amenities. “These kinds of things, like entering a building with your phone, are perceived as very flashy amenities, and they’re very attractive to prospective tenants,” Van Till says.

There’s also a strong uptake in the university market. “Students are really keen on using a virtual credential, as opposed to always having to remember their student ID when they enter and leave the dorms,” he says.

Because using Bluetooth will require a new hardware installation, new buildings are another likely destination for tokenless systems. “A lot of people who already have a system that works with cards just aren’t going to feel that it’s worth spending thousands of dollars to have this feature added to their system,” Van Till says.

Smaller companies are also more likely to go full bore into the virtual credential world simply because of their small scale, whereas larger companies tend to stick with trial runs so they can test out the technology in one part of the building, Focke says.

Looks won’t change

So how different will the physical access control systems of the future look? Probably not that different. From the outside, it’s likely that the systems will look similar to how they do now with just a reader near the door. Or, there might be no visible equipment at all because readers can be hidden behind walls or above ceilings. Alternately, a user might not see a reader, but a symbol or sticker on the wall to indicate that there is a system in place.

Because they will rely on “smart” devices, tokenless systems could come equipped with more features that leverage their intelligence. Those features might include sensors that can collect data, both for the physical access control system and other uses.

“They have power and they have intelligence,” Cusack says of the readers. “And so it’s natural to think about how to take advantage of that for other applications as well.”

Not everyone is ready to go charging into tokenless access just yet. Allegion is trying to promote the benefits of upgrading systems while still trying to make sure that its customers have everything they need to handle their current access control system. “We still have a large portion of the end user community that potentially may not be using electronic access control at all,” Mooney says.

With physical access control systems dominated by cards and readers for the past three decades, biometrics has always tried to make inroads, yet the price has been high and adoption has been slow. “But now it does seem like a very exciting time as we look at different types of credentials and the whole identity management space,” Focke says.

Companies would also need to change out their back-office integration systems to upload credential information to the physical access system.

Because of the logistical challenges of installing a new system, companies that are offering cloud-based products should have a much easier time getting these products to customers than companies offering traditional, on-premise systems, says Brivo’s Van Till.

Improved standards could also help enable tokenless systems to make different systems and readers interchangeable. Right now, one vendor’s PAC system can work only with that same vendor’s readers. Focke says a Security Industry Association standards committee is in the works to develop a standard similar to its Open Supervised Device Protocol (OSDP) to cover virtual credentials.

Looks won’t change

So how different will the physical access control systems of the future look? Probably not that different. From the outside, it’s likely that the systems will look similar to how they do now with just a reader near the door. Or, there might be no visible equipment at all because readers can be hidden behind walls or above ceilings. Alternately, a user might not see a reader, but a symbol or sticker on the wall to indicate that there is a system in place.

Because they will rely on “smart” devices, tokenless systems could come equipped with more features that leverage their intelligence. Those features might include sensors that can collect data, both for the physical access control system and other uses.

“They have power and they have intelligence,” Cusack says of the readers. “And so it’s natural to think about how to take advantage of that for other applications as well.”

Not everyone is ready to go charging into tokenless access just yet. Allegion is trying to promote the benefits of upgrading systems while still trying to make sure that its customers have everything they need to handle their current access control system. “We still have a large portion of the end user community that potentially may not be using electronic access control at all,” Mooney says.

With physical access control systems dominated by cards and readers for the past three decades, biometrics has always tried to make inroads, yet the price has been high and adoption has been slow. “But now it does seem like a very exciting time as we look at different types of credentials and the whole identity management space,” Focke says.

There’s little standing in the way of companies taking a cue from the opening sequence of tv’s “Get Smart” and setting up their doors to open when an authorized employee approaches. Tokenless physical access control is no longer just the realm of television. It is now reality at a growing number of installations.

The technology exists for tokenless, or “frictionless” physical access control, which eliminates the need for an employee to carry around a token such as a badge or remember a PIN in order to gain entry into a building or office. Biometrics and radio frequency, technologies like Bluetooth can make this scenario possible. It’s just a matter of pushing adoption.

Rick Focke, senior product manager for Tyco Security Products, says that he’s seeing customer demand for the concept of a virtual credential. “The industry is starting to go from the proof-of-concept stage to the deployment stage in a few different technologies,” he says.

But just because this kind of system is possible doesn’t mean that everyone is ready to adopt it. The question of whether a company will go the tokenless route has more to do with its security policy than security technology, says Steve Van Till, CEO and founder of security systems provider Brivo. “Can it be done? Absolutely. Should it be done? That’s a separate question,” he says.

It all goes back to the long-standing dilemma of security versus convenience. Some companies value one over the other, depending on what they’re trying to secure.

There are products both in development and on the market that make it possible for a door to open because it knows who is there. For example, some Bluetooth readers and mobile apps enable a door to open when a person is within a prescribed distance.

“The good thing about that is it’s really convenient and really easy,” Van Till says of the Bluetooth systems. “The bad thing is that your phone is now effectively an access card, and anybody could use it to get in the door.”

Being able to provide this level of convenience securely is where things get tricky. Biometrics has been touted as the solution to making tokenless physical access control systems secure. But the challenge the industry faces is how to make biometrics convenient, not to mention more affordable.

“The holy grail of physical access control is to deliver on the promise of very high security and very high convenience simultaneously,” says Skip Cusack, chief technology officer and chief marketing officer of BluB0X Security Inc.

Cusack believes that on the front end, there needs to be the right balance of security and convenience. “Until now, it’s really been all about convenience at the expense of security,” he says. “I think that’s changing now.”

More people will be drawn to these systems because they won’t have to depend on a badge or card credential that they’re more likely to leave at home, says Jonathan Mooney, business leader for electronic access control at security products provider Allegion. A biometric is impossible to leave at home, and people are very reluctant to go anywhere without their phones.

“If you get halfway to work and realize you left your badge, you can probably convince yourself to continue on,” Mooney says, adding that with identification there will probably be people at your office or facility who can visually identify you or at least grant you partial access for the day. “But because you have your creature comforts on your phone, you’re more likely to turn around and go get it.”

A backup for biometrics

One tokenless physical access control system in use in a pilot program is the BluB0X Person Reader, a multi-factor, multi-biometric system designed to serve as a replacement for cards and card readers. The cloud-powered system relies primarily on facial recognition through a video sensor, but it can also employ secondary factors and biometrics to determine whether to let an individual through the door.

The Person Reader is designed to enable an individual to walk up to a reader and gain instant access just by looking at it. The reader uses facial recognition video and compares it to other people in the database to see if there’s a match.

The reader analyzes several biometric signals simultaneously based on the person’s appearance. If it’s not sure who the person is, depending on the security setting that is in play at that door, it may ask for a PIN or card.

Cusack believes combining biometrics with other factor tests is what’s going to best enable frictionless access from a security standpoint. “Biometrics is very secure, but not perfect,” he says. “That, therefore, requires something to be brought to bear for those rare occasions when the biometrics need some help.”

Cusack says the cloud is the key to enabling tokenless PACS in an efficient, cost-effective way. Being able to organize these systems in the cloud makes it easy for them to have one common database, making it possible for a company to have a variety of biometric systems and even a variety of traditional PACS. “That’s a big breakthrough for the industry, and I think one of the things that will drive cloud adoption,” he says.

Is Your Refrigerator Safe from a Hacker?

When it comes to the security of security systems, you can’t be too careful. “The security of your network is only as strong as its weakest link connected to it,” warns Christian Morin, chief security officer at Genetec. “Even with a firewall in place, it just takes one of these devices to be compromised to potentially compromise your entire network.” Cybersecurity isn’t limited to laptops, servers, smart phones, tablets and the cloud. Televisions, thermostats, HVAC systems, refrigerators and security cameras are small computers, and their manufacturers may not be thinking about the features that vendors of computers and phones automatically put in place.

Having a plan
To help ensure security systems aren’t vulnerable, follow the manufacturer’s best practices to harden the system while also keeping devices current on software and security updates. “The type of encryption you use is also important, as some older mechanisms have been compromised and pose threats to security,” says Morin. “Making use of claims-based authentication, eliminating default or well-known passwords is also a best practice for all devices.”

The danger is real
Regarding Botnet and DDOS attacks, “These devices have been compromised quite easily, because people failed to follow rudimentary cybersecurity best practices,” adds Morin. “More sophisticated hackers will be able to do much greater damage by finding and exploiting vulnerabilities in the months to come, unless people and businesses become more aware of the threat at hand.” ASIS member Hart Brown of HUB International cautions, “Efforts need to be improved on how to assess security from a business perspective. In addition, each organization needs to better understand how end-users of these systems end up, intentionally or inadvertently, compromising these security measures — and leave an organization more vulnerable to be exploited by an adversary.”

Recognizing risks
“With new vulnerabilities and malware being discovered every day, the management of the systems needs to be able to move at the same pace as the bad guys develop and try new attacks,” Brown explains. “Security, protection of data and ensuring an organization is sufficiently resilient are becoming commodities that can impact revenues.” Brivo CEO Steve Van Till, a member of the Security Industry Association, adds, “Your electronic physical security systems may be among the most neglected and vulnerable devices on your network, because they’re often ‘orphaned’ by both your own IT department and the company who installed them.” Van Till says privacy issues are also a concern, as the recent hack of 140,000 surveillance cameras proves: “Those hackers didn’t choose to collect video images, but they easily could have. The extortion potential is overwhelming.”

Internet Of Things Trends Boosting The Commercial Security Industry

Business and technology analysts are in unanimous agreement that the number of IoT devices will explode into the many 10’s of billions within the next five years. These billions of new computing devices will produce enormous volumes of data about ourselves, our society, and our physical environment. The security industry is at ground zero of this upheaval. In fact, the single largest group of consumer IoT devices being deployed is for home automation and residential security. Gartner estimates that the typical family home could contain more than 500 devices by 2022. Commercial applications are not far behind, and they will dramatically enhance our ability to analyze, predict, and react to conditions in our environment. IoT will change the commercial side of the industry in three fundamental ways: 1. New products from new players 2. Cheaper and better products from everyone 3. Immense device and cyber security management challenges Developing IoT Market The first change is apparent in the rise of new companies that were not previously a part of the industry. New players that had not been on the industry radar have suddenly begun showing up at major trade shows. Customers are asking whether major security platforms integrate with the new connected devices they’ve heard of online. Search results that used to turn up the same familiar insider names are now turning up entirely new manufacturers – who, by the way, are often better at Search Engine Optimization (SEO) than the industry stalwarts. What’s most remarkable about many of the new IoT services is the interaction capability they provide with other cloud services—and other families of IoT devices What we’re seeing from these new players is currently most obvious in the residential sector, where companies like Nest, August and SimpliSafe are offering security products directly to the public. They are probably only the first wave, because security is a must-have feature for any residential IoT solution. Many of the IoT technologies developed for consumers will cross over into commercial security within the next few years. Form factors will change, branding may change, and integrations with larger solutions will be necessary, but the underlying technologies are as relevant and useful in commercial as they are in residential. What’s most remarkable about many of the new IoT services is the interaction capability they provide with other cloud services—and other families of IoT devices. Products that lack these modern integrations, or at least the means to make them happen through an API, will suffer by comparison. Quality Low-Cost Products The second major impact of IoT will be the creation of more capable products at lower cost. This will be the by-product of the mass production of new chip sets designed for IoT devices of all types, from consumer goods to automotive and personal technologies. Security manufacturers will adopt these smaller, faster; lower-power chip sets in their upcoming design cycles. The result will be security products that look and perform more and more like consumer products than industrial products. This change represents the consumerisation of security, like the consumerisation of IT that preceded it. An example of this phenomenon is the incorporation of Bluetooth technology into security products like access control readers and other edge devices. For example, a complete System-On-Chip for Bluetooth can be added to a security product for less than $5—the reduction in costs for various types of sensors is equally dramatic. Amazon’s Dash buttons—arguably the same technology that could be used for panic or REX applications—are now on sale for only $0.99. The lower cost of production for IoT-based security devices will translate into greater device and sensor density in our buildings and public places. With this higher density, we will have many more data points to evaluate threat factors, and the need Big Data solutions to make that data useful. In the residential sector, companies like Nest and August and SimpliSafe are offering security products directly to the public The industry is currently in the throes of sorting out cyber security responsibilities among manufacturers, SaaS providers, integrators and end users Combining Physical And Cyber Security The third big impact that IoT devices will have on physical security is the cyber security of these devices themselves. The massive DDOS attack from a network of 140,000 hacked security cameras on September 9, 2016 demonstrates this risk. Part of the problem is that IoT devices used in physical security applications will often share the same network with numerous other IoT devices deployed for different purposes. This topological proximity is a perfect environment for the spread of malware. The fly in the ointment for the security industry (and any other industrial IoT application) is managing these large quantities of devices and keeping them all up to date with respect to security patches to their firmware. The sheer number of devices that need software updates will become unmanageable – at least with current software update practices. Many of us would say that we’re already at that point. The reality is that it’s difficult to make it through an entire week, if not a day, without an update request from one or more phones, laptops, tablets, televisions, watches, microwaves, refrigerators, thermostats, or other household gadgets. And that’s to say nothing of the mobile apps that control them, all of which seems to be on nearly monthly release cycles that keep us on the update treadmill. The industry is currently in the throes of sorting out cyber security responsibilities among manufacturers, SaaS providers, integrators, and end users. All parties are stakeholders and they all have a role to play. It will be even more critical to have these issues sorted out when the number of connected devices on a network goes up by the predicted tenfold – or more. Steve Van Till

What ISC East 2016 Has to Offer

ISC East Keynote: The FBI View of Cybersecurity: Threats, Trends and Protective Strategies

November 16, 2016, 2 p.m. – 3 p.m.

Place: 1A25

Join FBI Cyber Security Section Chief, Phil Celestini, as he gives an inside look at the FBI’s key priorities and initiatives in computer intrusion and cyber threat response. Current hacking events have thrust cybersecurity into the news on a daily basis. Celestini will share an assessment from the Bureau’s perspective of current and emerging threat trends related to data protection and privacy issues that impact security across the country. He’ll highlight recent cases and takedowns conducted by the FBI and its partners in response to data breaches and major cybercrime, and will cover several of the FBI’s innovative partnerships that help companies and the public combat cyber threats and manage risk.

Celestini is a veteran Special Agent of the FBI, currently assigned to the FBI’s Cyber Division as the Bureau’s senior executive representative to the National Security Agency and U.S. Cyber Command.



November 16, 2016, 11 a.m. – 12 p.m.

SIA Booth #151

For young professionals, SIA will present a coffee and networking break at 11 a.m. on Nov. 16 in a SIA RISE Swarm, where you can meet and network with the next generation of security industry leaders at SIA Booth #151.


Tech Tank @ ISC East

November 16, 2016, 12:50 p.m. – 1:40 p.m.

Place: Theater 2

Tech Tank @ ISC East will allow technology vendors to pitch an innovative product or service at ISC East. Six finalists will be selected to showcase their technology in a live, seven-minute presentation to a room of peers. Then, watch as the audience votes live to select the 2016 Tech Tank @ ISC East Winner!

Tech Tank @ ISC East participants include:

  • Comelit USA presenting the Multi User Gateway Video Door Entry System, a smart video doorbell specifically designed for large scale multi-tenant projects.
  • Make Em Move Manufacturing presenting the S5 Security Surveillance Robot,
    which automatically patrols a perimeter following a prescribed path and transmits a 360-deg. surveillance live video stream to a security guard post.
  • Media Sonar presenting the Social Media & Intelligence Platform. Built with public safety in mind, the platform has proven to be a powerful tool for supporting investigations, stabilizing volatile situations and assessing potential threats.
  • Location Inc. presenting SecurityGauge Professional Crime and Risk Reports. It combines reported crime data from every agency with law enforcement responsibility, not just the single municipal agency.
  • URC (Universal Remote Control Inc.) presenting the HomeSet C100 Home Automation Hub for A/V, Nest and Sonos control along with “traditional” security installation. Control lighting, door locks, and cameras while at home or away via unique app-in-app launcher.



IAPSC Workshop: Basic Successful Security Consulting

November 16, 2016, 1 p.m. – 5 p.m.

Place: 1A08

The International Association for Professional Security Consultants provides opportunity for professional growth as well as a forum to grow practices and better serve clients. IAPSC members are independent, non-product affiliated consultants pledged to meet client needs with professional services. Learn what it takes to become a successful consultant through an educational workshop, brought to you by IAPSC.


1 p.m.: Welcome & Introductions

1 p.m.: Starting Your Business – The Basics for Getting Started

2 p.m.: Attracting Clients – Marketing for your Security Consulting Business

3 p.m.: Best Practices in Security Consulting

4 p.m.:  Q&A with Expert Panel of Speakers



SIA Government Relations Open Briefing: The Implications of Election 2016 on the Security Industry

November 16, 2016, 3:15 p.m. – 4:15 p.m.

Place: 1A25

Join the SIA Government Relations team for an open briefing on the implications of the election for the security industry.


Crack the Tap Cocktail Reception Sponsored by Infinite Play

November 16, 2016, 4 p.m. – 5 p.m.

North Hall Lobby

Network in a no-pressure, casual environment while enjoying a few drinks on us.


2016 Educational Sessions


Use Legacy Cable For All Your CCTV Installs, Save Labor/Material to Boost Profits

November 16, 2016, 10 a.m. – 11 a.m.

Presenter: Bill Pitcher, Vice President Marketing/Sales, Gem Electronics

Place: 1A26

Pitcher will demonstrate all the newest components developed in 2015 to allow the use of legacy cable for HD-TVI, CVI, AHD and IP CCTV systems. Whether coax or UTP cable, these new connectors, baluns, ground loop isolators, hubs (both video and video/power) and PoC converters will eliminate the need to pull new cable.

*CEU accreditation given for states of New Jersey and all states that recognize NTS.


Making Workflow Part of the Video Surveillance Vocabulary

Moderator: Wayne Arvidson, Vice President, Intelligence, Surveillance and Security Solutions, Quantum Corporation

Panelists: Reinier Tuinzing, Milestone Systems; Vince Ricco, Axis Communications

November 16, 2016, 10:30 a.m. – 11:20 a.m.

Place: Theater 1

In this session, explore a range of surveillance application workflows, their different requirements and the need for robust and reliable multi-camera ingest, along with methods for managing and retrieving desired content.


Preventing Insurance Fraud with Iris Recognition

Presenter: Jeff Kohler, Senior Director, Princeton Identity

November 16, 2016, 10:30 a.m. – 11:20 a.m.

Place: Theater 2

While many investigators have adopted big data analytics and other tools to identify irregularities after claim submission, fraud is best prevented at the provider’s office — before it can occur.  Biometric characteristics, such as fingerprints, voice and iris patterns can be a powerful tool to protect patients, providers and payers from fraud.


The Internet of Things (IOT) in the Security Industry

Presented by: New Jersey Electronic Security Association

November 16, 2016, 11 a.m. – 1 p.m.

Place: 1A05

This class will teach you several of the aspects of the Internet of Things and their affects in the security industry.

*NJ State Approved CEU course.


Examining the Link Between Video Surveillance and Cyber Security

Presenter: James Marcella, Director of Technical Services, Axis, Communications

November 16, 2016, 11:30 a.m. – 12:30 p.m.

Place: 1A26

Marcella will discuss hot topics and trends in the video surveillance industry and also provide real-life anecdotes as to why it’s important to have a cyber secure surveillance strategy in place. He also will discuss the challenges and benefits of ecosystem driven solutions and go into a deep dive on Axis’ products for medium and enterprise sized businesses.


A Look Inside: Examining the Use of Multi-sensor and Fisheye Cameras for Enterprise Organizations

Presenter: Kevin Saldanha, Director Product Management, Pelco by Schneider Electric

Panelists: Jumbi Edulbehram, Oncam; Rob Hile, Securadyne

November 16, 2016, 11:40 a.m. – 12:30 p.m.

Place: Theater 1

In this session, dealers, installers, integrators and even end users can learn more about omnidirectional cameras — both multi-sensor and fisheye, as well as the applications these cameras can serve. Take a closer look at how the video data collected can serve businesses to build greater situational awareness, provide valuable business intelligence and allow security teams to better collaborate with key entities to better address potential threats.


Shots Fired: Responding to an Active Threat

Presenter: Paul Parlon, Detective Sergeant, Peace Dog Active Threat Consultants

November 16, 2016, 11:40 a.m. – 12:30 p.m.

Place: Theater 2

From the traditional “run, hide, fight” response, to how to respond to police commands when approached, this session will allow attendees develop a better understanding of active shooter events and how to react appropriately if one should happen in your organization.


End User Total Cost of Ownership: Looking Under the Hood

November 16, 2016, 12:50 p.m. – 1:40 p.m.

Place: Theater 2

This session offers a framework to understand and calculate the Total Cost of Ownership (TCO) for video surveillance. The framework is focused on comparing systems and components common to both solutions, such as cameras, wiring and associated camera installation labor. The framework also assumes video surveillance systems have remote video access capability and end users engage in security best practices, such as purchasing software support (updates) and performing regular OS patching (IT work). Presentation includes 2016 survey statistic on user preference for subscription versus up-front purchase.


Mobile Applications and the Customer Experience

Presenter: Steve Van Till, Founder, President & CEO, Brivo Inc.

November 16, 2016, 12:50 p.m. – 1:40 p.m.

Place: Theater 1

This presentation will explore how mobile technologies in the physical security space are transforming the customer experience much faster and deeper than in any previous era. These concepts will be examined with real life examples, and a roadmap will be provided to show how mobile applications will continue to impact the physical environment as a whole in future years.  Gain insight on how to create standard initiatives for mobile technologies, and discover ways to avoid getting stuck with technological obsolescence which can impact customer experiences.


Introducing TurboHDTM 3.0: The Latest in HD Analog Innovation

Presenter: Andy Johannsen, Sales Director, Hikvision, USA Inc.

November 16, 2016, 1 p.m. – 2 p.m.

Place: 1A26

Register for the session to learn how you can provide your customers with impressive HD video image quality while still utilizing and drastically improving upon their analog systems.


Why Can’t We Be Friends? Healing the Rift Between Integrators and Manufacturers

Moderator: Rebecca Bayne, President & Consultant, Security Integration, BCSI – Bayne Consulting & Search Inc.

Panelists: Christopher Peckham, Kratos Public Safety & Security Solutions Inc.; Tim Palmquist, Milestone Systems; Gannon Switzer, KST Security; and Ted Wilkinson, Axis Communications

November 16, 2016, 2:00 p.m. – 2:50 p.m.

Place: Theater 1

In this session, panelists will bring together key influencers who work on the front lines of our industry in order to discuss concerns, and question the reasons for this unfortunate disharmony.  The balanced panel representing individuals who have worked in both arenas, they will openly present the issues, and provide tools for solid success in this critical relationship. They will seek to air concerns, separate fact from fiction, and aim to find agreement on specific game rules to build cooperation, encourage trusted partnerships and improve efficiency in the endeavor to protect people and property.


Best Practices of School Safety

Moderator: James Marcella, Director of Technical Services, Axis, Communications

Panelists: Paul Timm, RETA Security Inc.; Steve Goodman, Brigham Young University

November 16, 2016, 2:00 p.m. – 2:50 p.m.

Place: Theater 2

This session will explore the importance of technology and communication when it comes to school safety. Attendees will gain insight into the importance of a holistic school security program; review details on how to create a more collaborative approach to school security; and recognize how technology and communication solutions can work together to benefit end-users and suppliers alike.


Security Communication Solutions for 2016 and into the Future, For Free*? Yes, “Free” Really!

Presenter: Paul Hoey, Northeast Regional Sales Manager, Napco

November 16, 2016, 2:30 p.m. – 3:30 p.m.

Place: 1A26

Dealers: Avoid a failure to communicate, liability issues and the potential of losing hard-fought intrusion and/or fire alarm accounts using new easy communication technologies. Learn how to safeguard accounts and your business from the issues associated with old communication networks sunsetting this year, and from vanishing POTS phone lines overall. (This is not a drill.)


H.265: The Next Frontier in Compression Is Here

Presenter: Aaron Saks, Business Development Technical Manager, Samsung Techwin America

November 16, 2016, 3:10 p.m. – 4:15 p.m.

Place: Theater 2

This session will explore the history of data compression and how the new technology can benefit end users. Gain insights into different technologies of compression offered today that can solve end-user storage and bandwidth issues and determine ways to mitigate drawbacks of compression streams like Wisestream and others. In the end, we will provide educational information on each technology and how to measure their bandwidth saving and when the end user can start implementing H.265.


Understanding IP Event Reporting

Presenter: Ted Nesse, Owner, North Latitude Technology LLC

November 16, 2016, 3:10 p.m. – 4:00 p.m.

Place: Theater 1

This interactive presentation outlines the principles of event reporting over the Internet, and will enable dealers, installers and integrators to more confidently discuss and analyze IP-connected products. Targeted to security installers, dealers and other security practitioners, participants will learn a definition of IP reporting, and review details on the types of IP reporting commonly used in current products. The types of IP access commonly encountered at end-user premises will be identified and discussed, including cellular data, Wi-Fi, and Ethernet. A four-way classification of protocols will be outlined as well as security issue concerns for IP reporting.  A summary of key takeaways for continuing discussions of IP reporting will be offered to session participants.

Megatrends. The 2017 Vision for the Security Industry

Locked Out: When Access Control Keypads Can Save the Day

Dave Path, one of my very favorite people at work, helps LockNet out sometimes by cleaning the building on the weekends. He does it at night and he’s always the only one in the building. One Sunday morning I woke up to a text from Dave briefly asking me to call him as soon as I woke up.

I did.

Dave had accidentally gotten himself locked out of the building while he was cleaning in the middle of the night and he needed me to come unlock the door the next morning so he could get his keys out of the building.

What I wasn’t prepared for was the hysterical video we caught when Dave accidentally locked himself out.

Go ahead. Watch it again. (I’ve watched it more times than I can count.)

My point to all of this is that it can be avoided with one piece of equipment: Access control keypads.

What Access Control Keypads Can Do For You

Many access control keypads come with card readers and card readers alone. In fact, that’s what LockNet originally had on the door Dave got locked out of, but after this incident we quickly found a better option. We added access control keypads. With a card reader and an keypad, you have more than one to unlock the door. This way, you aren’t stuck in Dave’s position. Even though his card was inside and he couldn’t badge in, if we’d had access control keypads set up, he simply could have entered in his pin code and voila! He would not have been able to re-enter the building without delay.

Brivo Mobile Pass

Another excellent option Brivo has these days is something called Mobile Pass, which stores your information in a cloud-based credential system and allows you to access via your phone. In a day and time where people are rarely without their phone in hand, this is a really great option.

Of course, as with any option there is a drawback or two. You have to be careful that your phone stays in the correct hands. The phone will essentially be acting as a card or badge so you need to take the same precautions. However, if you did lose your phone, Brivo Mobile Pass has it set up where the administrator can revoke access at any time.

BETHESDA, MD, April 26, 2017

CENTURY 21 Action Plus Realty Increases Security and Convenience with Brivo’s Cloud-Based Access Control Solution

Real estate agency partners with Brivo to deliver a new cost effective and convenient access control solution to its employees.

Brivo, a SaaS company offering physical access control, video surveillance, and mobile credentials for commercial buildings, today announced CENTURY 21 Action Plus Realty, a premier New Jersey-based real estate agency, upgraded its physical security with a unified cloud-based access control system, Brivo OnAir®, to increase the security and safety of its seven locations.

With multiple locations, it was imperative for CENTURY 21 Action Plus Realty to have a standardized access control system to remotely lock and unlock doors while keeping their facilities secure at all times. In addition, CENTURY 21 Action Plus Realty needed an access control system that allowed management to easily disable and replace access rights for employees who were no longer with the company.  

“My new Brivo system does more at less cost per user. The ability to make changes when doors are locked on a bad weather day or to remove a repairman’s access to the building when a job was complete is the flexibility we needed. The system is very easy to use and the support is fantastic,” said Tom Hogan, President and Owner of CENTURY 21 Action Plus Realty.

All locations have adopted Brivo Mobile Pass®, a convenient way for the sales team to open doors with their smartphones, and a cost saver for management as they no longer have to reissue lost cards. They have also installed Eagle Eye Networks’ IP-video cameras allowing CENTURY 21 Action Plus Realty to monitor live video streams or review clips that are associated with entrances to the building. More importantly the integration of video with Brivo OnAir® physical access control has given Hogan total visibility to all events and activities from a single interface.  

To learn move about CENTURY 21 Action Plus Realty’s experience upgrading its access control system, please visit

About Brivo

Brivo is a SaaS company offering physical access control, video surveillance, and mobile credentials for commercial buildings. Currently serving over ten million users, Brivo provides a scalable and centralized security management system to its customers. Brivo is unique in offering both access control and video management in a single cloud-based platform that is available via web browser or mobile applications for anywhere, anytime management and control. Headquartered in Bethesda, MD, Brivo was founded in 1999.  For more information about Brivo, please visit:


BETHESDA, MD, March 22, 2017

Brivo Introduces Freedom of Hardware Choice with New Access Control Panel Options

Brivo adds a selection of new hardware choices to its channel partners and end users.  

Brivo, the global leader in cloud-based physical access control systems and mobile credentials, announced today the availability of two new door access controllers, the ACS6000 and the ACS300, to complement its existing product lines as well as the recently announced introduction of the Authentic Mercury open platform.

“Our channel partners have told us that they appreciate having multiple alternatives, and want to match equipment to the needs of their end users,” said Steve Van Till, President and CEO of Brivo. “Our strategy with these product options acknowledges that we don’t live in a one-size-fits-all world. People want freedom of choice.”

The ACS6000 is a powerful plug-compatible update to Brivo’s popular ACS5000 controller, adding higher credential capacity, OSDP reader support, and optional WiFi connectivity. The ACS6000 works with Brivo’s complete line of Door Boards and IO Boards, and fits inside the same cabinets, including those of Brivo partner LifeSafety Power.

The ACS300 is a modern two-door controller featuring a built-in Bluetooth mobile credential reader, optional WiFi connectivity, and IT-friendly Power Over Ethernet, all packaged in a visually appealing design that would look at home in any modern office.

“We are excited about the increased capacity of the new controllers because it will allow us to more effectively service our organizations with a large membership base,” said Sarita Myers, Senior Director of Product Strategy at Daxko, a Brivo channel partner serving nationwide member-based health and wellness centers.

These new products, as well as the previously announced Authentic Mercury open platform, operate on Brivo’s flagship cloud-based access control system, Brivo OnAir®. The OnAir solution combines physical access control, video surveillance and mobile credentialing in a unified cloud-based security platform for over eight million users, making it the largest cloud-based access control solution in the security industry.

Product availability for the ACS6000 and ACS300 for the Brivo OnAir system is set for Summer, 2017.

For more information visit Booth No. 23109 during the ISC West Exposition held April 5-7 in Las Vegas or set up a meeting with the Brivo team.

About Brivo

Brivo is the global leader in cloud-based physical access control systems and mobile credentials. Currently serving over eight million users, the company’s flagship Brivo OnAir® solution provides centralized security management for global enterprises, while retaining ease of use for small and medium sized businesses. As a true multi-tenant SaaS solution, Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based platform. Headquartered in Bethesda, MD. For more information about Brivo, please visit:

BETHESDA, MD, March 15, 2017

Brivo Announces Partnership with Mercury Security To Support An Open Hardware Platform for its Access Control Solution

The integration extends Brivo’s flagship cloud-based access control system, Brivo OnAir®, to include Mercury’s open platform hardware.

Brivo, the global leader in cloud-based physical access control systems and mobile credentials, and Mercury Security, a global leader in OEM access control hardware, announced today the integration of the Authentic Mercury open platform into Brivo’s flagship OnAir access control system.

“We have always believed in open standards for our physical access control system, and lately we’ve heard a growing desire among our customers for an open hardware solution,” said Steve Van Till, President and CEO of Brivo. “Many of our customers have a preference for Mercury hardware, and want to leverage the Mercury training they’ve already invested in their installation teams. We also appreciate the scalability of the Mercury platform, because it extends our reach into more enterprise customer applications.”

Brivo OnAir combines access control technology, video surveillance and mobile credentialing in a unified cloud-based security platform. Brivo pioneered the service in 2002, and has grown to be the largest cloud-based provider in the security industry.  The company added a mobile solution in 2015 that is compatible with all installed Brivo systems, as well as the newly supported Mercury hardware. OnAir will support Mercury within both new and existing OnAir accounts, and presents the same user interface that Brivo customers already use and like.

“Mercury is pleased to welcome Brivo as a valued Authentic Mercury Partner,” said Matt Barnette, President of Mercury Security. With Mercury’s proven open hardware and Brivo’s scalable products, we look forward to jointly addressing the market demand for fully interoperable, flexible access control platforms and cloud-based solutions.”

The Authentic Mercury platform is the dominant open hardware solution for access control with advanced, industry-leading features that are optimized to meet the full range of customer requirements in today’s dynamic market.

Mercury product availability for the Brivo OnAir system is set for Summer of 2017.

To learn more, visit Booth No. 23109 at ISC West Exposition held April 5-7 in Las Vegas. For information about Brivo’s attendance at ISC West visit

About Brivo

Brivo is the global leader in cloud-based physical access control systems and mobile credentials. Currently serving over eight million users, the company’s flagship Brivo OnAir® solution provides centralized security management for global enterprises, while retaining ease of use for small and medium sized businesses. As a true multi-tenant SaaS solution, Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based platform. Headquartered in Bethesda, MD. For more information about Brivo, please visit:

About Mercury Security

Mercury Security is the global leader in the supply of OEM access control hardware. Built on the Authentic Mercury open platform and with over three million panels sold, Mercury has the largest installed base and greatest accumulated run time of any access hardware provider in the world. Mercury Security is headquartered in Long Beach, California and has been providing enhanced access control technology to its valued partners since 1992.

BETHESDA, MD, February 9, 2017

Allegion, Brivo Integration Offers New Cloud-Based Access Control For Schlage® NDE Series Wireless Locks

Integration Offers Installers a Cost-Effective Security Management Solution

Allegion, a leading provider of security products and solutions, and Brivo, global leader in cloud-based physical access control systems and mobile credentials, have worked together to provide customers with a cost-effective security management solution. The integration unites the security of Schlage® NDE wireless locks and Brivo OnAir®, Brivo’s flagship cloud-based access control solution. Previous integration includes the Schlage AD series locks.  

“Through this collaboration, our customers will benefit from simplified installation, secured wireless communication and access via mobile device—without sacrificing safety or efficiency,” said Brad Aikin, electronics portfolio leader at Allegion. “Brivo OnAir easily integrates to deliver enhanced security management and monitoring as well as a unique user experience.”

Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based security platform that can be managed anywhere with a secure connection to the Internet. Enhanced capabilities include enabling secure access to locks via a smartphone.

NDE locks are designed to fit a standard cylindrical door prep without any modification. Users can upgrade from mechanical keys to electronic employee identification credentials without having to drill additional holes or run wires.

“The ease of the installation combined with the lower cost of owning these wireless locks makes moving to a cloud-based access control system even more attractive for single or multi-tenant building owners,” said Steve Van Till, president and CEO of Brivo. “Brivo is excited to begin distributing Allegion’s Schlage NDE wireless locks through its channel partners, across vertical markets.”

Brivo will feature the product integration during the International Security Conference and Exposition (ISC West) at Booth No. 23109, held April 5-7 in Las Vegas.

For more information, visit

About Allegion

About Allegion™ Allegion (NYSE: ALLE) is a global pioneer in safety and security, with leading brands like CISA®, Interflex®, LCN®, Schlage®, SimonsVoss® and Von Duprin®. Focusing on security around the door and adjacent areas, Allegion produces a range of solutions for homes, businesses, schools and other institutions. Allegion is a $2 billion company, with products sold in almost 130 countries. For more, visit

About Brivo

Brivo is the global leader in cloud-based physical access control systems and mobile credentials. Currently serving over eight million users, the company’s flagship Brivo OnAir® solution provides centralized security management for global enterprises, while retaining ease of use for small and medium sized businesses. As a true multi-tenant and user centric SaaS solution, Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based platform. Headquartered in Bethesda, MD. For more information about Brivo, please visit:

BETHESDA, MD, January 31, 2017

Brivo Unveils Redesigned Website

New features refreshed design, and enhanced content for existing and new customers.

Brivo, the global leader in cloud-based physical access control systems and mobile credentials, announced today the launch of its newly redesigned website. The new website was refreshed to attract, engage and educate visitors who are interested in utilizing cloud-based physical access control solutions.

“We are excited about the new website and the wealth of information it provides to our customers, dealers, and partners. The improved navigation helps to highlight our various access control solutions, and how these solutions can be used by different types of facilities and industries,” said Steve Van Till, President and CEO of Brivo.

The website incorporates new content for small businesses and enterprises that showcases the benefits of Brivo’s access control solutions. It also includes a new section for prospective buyers interested in using Brivo cloud access control for their buildings, as well as a section for dealers interested in selling Brivo solutions.

An expanded collection of white papers has also been added that includes a rich library of e-briefs, webinars, and podcasts that are geared towards the needs of small business users, technical users, and partners. The website has also been optimized to be faster, which has improved the overall user experience.

Finally, the website now includes a simple tool to find Brivo’s hardware and software integrations, as well as how facility management, security companies, and other businesses have successfully added access control to their existing offerings.

The new website is currently live and located at the same address, please visit

About Brivo

Brivo is the global leader in cloud-based physical access control systems and mobile credentials. Currently serving over eight million users, the company’s flagship Brivo OnAir® solution provides centralized security management for global enterprises, while retaining ease of use for small and medium sized businesses. As a true multi-tenant and user centric SaaS solution, Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based platform. Headquartered in Bethesda, MD. For more information about Brivo, please visit:


Brivo and Savance Partner to Integrate Access Control with Business Automation to Increase Customer Safety and Efficiency

The partnership offers customers new, comprehensive physical access control and business operations solutions.
Brivo, global leader in cloud-based access control and mobile credentials, and Savance, provider of business automation and employee tracking software solutions, today announced its integration partnership. The partnership will provide customers with unified, customizable, and fully scalable solutions—combining access control with visitor management, staff tracking, time & attendance, emergency mustering, and digital status boards.

“Partnering with Brivo provides us an opportunity to integrate with another cloud company, and offer comprehensive access control and business operations solutions that make businesses more efficient and improve on their safety,” says Steve Bardocz, President and CEO of Savance, LLC.

Brivo and Savance partnered due to growing market demands for an integration between physical security systems and solutions for payroll management, electronic visitor check-in, emergency preparedness, and staff tracking. The partnership will combine Savance’s expertise in highly customizable business automation solutions with Brivo’s flagship cloud-based physical access control solution, Brivo OnAir®, to deliver advanced capabilities that enhance the security and tracking requirements of any size company or organization.

“This combined solution is suited for all types of businesses, and provides customers with increased safety, better staff accountability, simplified reporting and management at a reduced cost of ownership,” said Steve Van Till, President and CEO of Brivo.
About Brivo
Brivo is the global leader in cloud-based physical access control systems and mobile credentials. Currently serving over eight million users, the company’s flagship Brivo OnAir® solution provides centralized security management for global enterprises, while retaining ease of use for small and medium sized businesses. As a true multi-tenant and user centric SaaS solution, Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based platform. Headquartered in Bethesda, MD. For more information about Brivo, please visit:

About Savance
Founded in 1998, Savance’s primary focus is to effectively use technology to streamline, automate and simplify business processes. Savance’s cloud and on-premise, customizable and fully scalable software solutions allow users to achieve higher levels of productivity, communication, security, and accountability. Solutions include Emergency Mustering, Staff Tracking, and Visitor Management. For more information, visit

(BETHESDA, MD)—November 30, 2016

Five Physical Security Measures Every Company Should Adopt—New Webinar Hosted by Brivo

Brivo, global leader in cloud-based access control and mobile credentials, announced today that it will host an upcoming webinar, “Five Physical Security Measures Every Company Should Have,” on Thursday, December 8, 2016 at 2pm EST.

“Brivo secures over eight million people across several hundred thousand locations and protects our clients by partnering with reputable publications, like Security Magazine, to provide education resources which help improve the physical security of these facilities across the industry,” said Steve Van Till, President and CEO of Brivo.

Joined by co-host Chad Thompson, CMO of Lifestyle Communities, Van Till will lead this 60-minute webinar, and will discuss the advantages of cloud-based technologies, as well as the benefits of utilizing layered security measures. Thompson will describe how Lifestyle Communities was able to save money and improve their overall residential experience by adopting Brivo’s mobile credential solution across its growing portfolio of communities around the country.

This informative webinar will supply attendees with five measures to improve their physical security strategy and the speakers will present best practices to implement cloud-based security at any size facility or business.

For more information on the webinar or to register to attend, please visit

About Brivo
Brivo is the global leader in cloud-based physical access control systems and mobile credentials. Currently serving over eight million users, the company’s flagship Brivo OnAir® solution provides centralized security management for global enterprises, while retaining ease of use for small and medium sized businesses. As a true multi-tenant and user centric SaaS solution, Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based platform. Headquartered in Bethesda, MD. For more information about Brivo, please visit:

(BETHESDA, MD)—October 10, 2016

Lifestyle Communities Provides Mobile-First Experiences for Residents with Brivo’s Cloud-Based Mobile Access Control Solution

Fast-growing property management company leads with cloud-based mobile solution Brivo Mobile Pass to win over residential population.

Brivo, the global leader in cloud-based physical access control and video systems, today announced Lifestyle Communities (LC), a niche residential real estate development and assessment management company, launched a mobile access control capability, Brivo Mobile Pass, to meet the growing demands of its residential population.

“LC designs and manages its communities with a commitment to deliver a distinctive customer experience. We recognized mobile access as a preferred and convenient method for our residents to access secured locations in our communities, ” said Chad Thompson, Chief Marketing Officer at LC.

With a growing portfolio of communities across the country, it was imperative for LC to have a secure access control solution to support its residents’ request for mobile access. Brivo Mobile Pass, the new mobile feature of the Brivo OnAir® platform, creates a fast and easy way for residents to access LC’s community amenities from their smartphones. All new residents are now issued one physical access card and two mobile credentials per unit. LC also allows existing residents to request Brivo Mobile Pass credentials at its primary leasing office. After residents download the mobile application, and accept the emailed credential, they can begin opening doors with their smartphones.

Brivo Mobile Pass is interchangeable with residents’ access cards, as it can provide access to several of LC’s secured community locations, including its fitness studios, resort-style pools and other on-site amenities. LC currently issues mobile credentials to all employees and new residents and was able to reduce its operational costs by nearly 60%.

To learn more about Lifestyle Communities’ experience launching Brivo Mobile Pass, please visit

About Brivo

Brivo is the global leader in cloud-based physical access control. Currently servicing over nine million users, the company’s award-winning Brivo OnAir® provides unmatched scalability and centralized security management for global enterprises, while retaining ease of use for small and medium sized customers. The Brivo OnAir security management system is unique in providing combined access and video management in a single cloud platform. Headquartered in Bethesda, MD, Brivo was founded in 1999. For more information about Brivo, please visit:

About Lifestyle Communities

Lifestyle Communities| LC is a niche, residential real estate development and asset management company focused on serving the specific needs of its residents through the thoughtful integration of living, entertainment and socially-focused ventures. With a portfolio of brands to serve the needs of its residents, neighbors, and communities in the Columbus, Ohio, Lexington and Louisville, Kentucky, and Nashville, Tennessee markets, LC is focused on delivering exceptional resident experience by inspiring meaningful connections, and providing smart living experiences. For more information about LC, please visit:

BIRMINGHAM, AL–(Marketwired – September 20, 2016)

Daxko Announces Facility Access Services for Member-Based Health and Wellness Market

During their customer conference, Daxko announced the launch of an integrated facility access solution specifically for member-based health and wellness organizations. To provide the highest quality, most reliable facility access to customers, Daxko has partnered with Brivo, the global leader in cloud-based physical access control and video systems.

“By partnering with Brivo we are able to combine innovative facility access controls our customers need, with the ease of management from within their operations software,” says Dave Gray, Daxko CEO.

“We are excited to bring this type of high level security with cloud-based management to our customers and their members.” Daxko Facility Access allows customers to keep members and staff safe by securing both internal and external parts of a facility, while at the same time allowing customers to manage access anytime and anywhere through the Daxko Operations or Spectrum NG.

Daxko Facility Access customers will be able to:

  • Provide facility access that integrates with external hardware needed to secure facilities, including parking garages, interior and exterior doors, locker rooms, and more
  • Create access points that can be controlled by a variety of factors, including demographics such as membership type, age, gender, and program interest
  • Access analytics to understand current facility usage and to make strategic decisions around future facility planning
  • Get state-of-the-art access with predictable monthly costs

About Daxko
Headquartered in Birmingham, Alabama, Daxko is a leading provider of mission-critical software solutions to the member-based health and wellness market. Daxko’s solutions help customers achieve high levels of operational efficiency, strong fiscal management, and increasingly engage the community to expand their mission. Daxko employs 195 team members across the Southeast. For additional information, please visit

About Brivo
Brivo is the global leader in cloud-based physical access control systems. Currently servicing over eight million users, the company’s award-winning Brivo OnAir® provides unmatched scalability and centralized security management for global enterprises, while retaining the ease of use for small and medium sized customers. The Brivo OnAir security management system is unique in providing combined access and video management in a single cloud platform. Headquartered in Bethesda, MD, Brivo was founded in 1999.

(BETHESDA, MD)—September 7, 2016

The Leader in Cloud-Based Access Control, Brivo, Reveals How to Win with Cloud at ASIS 2016

John Szczygiel, EVP and COO of Brivo, will host two in-booth educational sessions at the largest BPA verified international physical security conference and trade show in Orlando, Florida.

Brivo, the global leader in cloud-based physical access control and video systems, announced today it will be exhibiting at ASIS 2016 on September 12 to 14, 2016.

John Szczygiel, Executive Vice President and COO of Brivo, will present, “Success Stories: How to Win with Cloud Access Control”, ways to leverage cloud-based services to deliver multi-site security, improve corporate agility, drive compliance and increase business continuity. The session will be hosted at Brivo’s booth (number 3641) on September 12 and September 13, 2016 at 3:30pm EST.

Over the past decade, the physical security industry has steadily begun to adopt cloud-based technology for critical applications. Along with this new technology, security practitioners have been able to change the way they manage their enterprises, as SaaS applications have freed them from desktops and restrictive licensing agreements. Mobile applications that leverage these cloud platforms have continued to drive the ability to interact with databases and system administration tools with greater ease for an increased number of staff.

These new capabilities have introduced new ways of thinking. Cloud-based systems are changing the expectations that people and organizations have for technology, including security technology,” said Ray Bernard, PSP, CHS-III, in Security Technology Executive’s recent article, The Cloud and Your Security Technology Roadmap.

“We’re expecting a great turn out at this year’s show. John will share examples of how Brivo customers have successfully achieved the ability to support rapid business changes, improved monitoring and compliance with standards and reporting, as well as enhanced their business value and agility with cloud-based integrations,” said Steve Van Till, President and CEO of Brivo.

About Brivo
Brivo is the global leader in cloud-based physical access control. Currently servicing over eight million users, the company’s award-winning Brivo OnAir® provides unmatched scalability and centralized security management for global enterprises, while retaining ease of use for small and medium sized customers. The Brivo OnAir security management system is unique in providing combined access and video management in a single cloud platform. Headquartered in Bethesda, MD, Brivo was founded in 1999.

For more information about Brivo, please visit:

Previous releases


Main Brivo Logo


OnAir Logo



Brivo Mobile Pass


OnAir Mobile App


OnAir iPad


OnAir in use






About Brivo

Brivo is the global leader in cloud-based physical access control systems and mobile credentials. Currently serving over eight million users, the company’s flagship Brivo OnAir® solution provides centralized security management for global enterprises, while retaining ease of use for small and medium sized businesses. As a true multi-tenant and user centric SaaS solution, Brivo OnAir combines access control, video surveillance and mobile credentialing in a unified cloud-based platform. Headquartered in Bethesda, MD.