Today, there are many different solutions for physical access control: on-premises, pseudo-cloud, or cloud-native access control. Most are provided as on-premises products, but more and more solutions are now being offered as a service or a native, cloud-based solution. There’s often confusion about the differences between these delivery models.
So, in this article, we explore the three main models available – and the pros and cons of each.
An on-premises physical access control system involves installing software on the customer’s own servers and managing the system internally. This can provide greater control and customisation options. But it also requires more resources and expertise to maintain the system. All communications between the server, controllers, and clients remain internal, without a connection to the outside world.
The access control server comprises often a single, monolithic application with a large, connected database for storage. The various components of this solution are closely interconnected, with all processes handled by the same codebase. To update the system, you have to update the entire codebase.
The primary advantage of a monolithic on-premises application with a single database is the ease of development and the consistency of data access and business logic. This is because everything is held in one central location. However, as the size and complexity of an application increases, scaling and maintenance become more difficult.
For pseudo-cloud access control products, an on-premises solution is installed in a cloud environment and hosted separately for each customer. This is a good fit for customers needing flexibility and convenience. Most of the installation and maintenance is covered by the solution provider, who also takes care of updates and backups. However, as the provider is responsible for maintaining all installations, plus the network infrastructure and connections to customers, this can be a challenge.
The architecture of a pseudo-cloud solution is essentially identical to that of an on-premises solution. Meaning, the provider just installs the same solution, but in a cloud environment. This means each customer has its own standalone installation, complete with its own database. Updating such a solution involves reinstalling the software for each customer, which can be time-consuming.
Cloud-native access control solutions
Cloud-native products are hosted and managed by a third-party service provider. This enables customers to access the physical access control solution through the internet. This approach comes with several benefits, including but not limited to:
- Cost-effectiveness and scalability: The provider takes care of the infrastructure, maintenance, and updates.
- Accessibility: The system can be accessed from anywhere with an internet connection.
- Ability to integrate the cloud solution with other cloud-native technologies such as HR systems, visitor management systems, and other security-related services.
- Business continuity: A cloud-native solution relies strongly on on-premises controllers to guarantee business continuity if there’s a network outage.
The architecture of a cloud-native solution differs significantly from on-premises and pseudo-cloud solutions. Typically, constructions for cloud-native solutions are based on microservices, with processes divided into smaller, independently deployable services. These services communicate with each other through well-defined interfaces.
With this approach, each customer uses the same resources and infrastructure, making it easier to update services independently without any downtime. And the services are usually designed to scale easily to meet the needs of each moment in time. You can, for example, have one instance of one service running during standard office hours, but scale it up to multiple instances during the rest of the time.
This architecture offers three options for storing data:
- The first option is to create a new database server for each customer, similar to an on-premises solution. While this option guarantees data isolation between customers, it can be challenging to maintain and scale due to the need for dedicated resources for each customer.
- The second option is to use a separate database schema per customer on the same server. This approach still offers some level of data separation, but the provider only has to maintain one server.
- The third option is to combine all the data into one database, making it easier to link data and update everything at once. However, this option comes with the risk that one customer may access another customer’s data, which could have serious consequences. Mitigating this risk can be challenging.
What are the pros and cons of each approach?
These three different solutions vary in terms of the level of control, scalability, and maintenance required. So, it’s essential for businesses to carefully consider the available options and select the one that best suits their needs.
Considering an on-premises solution
On-premises physical access control systems are installed and managed locally. Customers can take complete control of their system and data, customising the system to meet their specific needs and determining how data is stored and processed. It’s an option that’s suitable for businesses requiring high levels of control. On-premises systems do have more infrastructure and resources to maintain, however, which means they can be expensive to operate. As they mostly use a monolithic design, it can be challenging to scale them up or down or update them as business needs change.
Considering a pseudo-cloud solution
Pseudo-cloud solutions provide some cloud-native functionality, but still require the same infrastructure and resources as on-premises solutions. They can be a good choice for businesses that want some of the benefits of cloud-native systems, such as remote access and unburdening, but are not yet ready to fully transition to a cloud-native solution. Pseudo-cloud solutions can offer more flexibility in terms of customisation and control than cloud-native systems. But, as the architecture is similar to an on-premises solution, updating and scaling can still be hard for the provider.
Considering a cloud-native access control solution
Cloud-native physical access control systems are managed and maintained by a third-party provider, which offers greater scalability and flexibility. They can be accessed and managed from anywhere with an internet connection, providing greater convenience and ease of use.
As cloud-native systems are based on modern technologies and architectures, it’s also easier to adjust resources based on customers’ needs. On the flip side, cloud-native systems require the customer to trust the provider’s expertise and rely on them for maintenance and security, which means customers have less direct control.
So, what’s best for you?
Choosing the best physical access control system for your business requires careful consideration of the available options and your business’s specific needs, resources, and preferences.
The decision-making process should involve evaluating the benefits and drawbacks of each option, considering the scalability and maintenance requirements, and identifying the level of control your business requires over its security system and data. You should also consider the importance of security, as the safety of employees, visitors, and assets is paramount.
When choosing a cloud-native solution, you also should consider privacy and data security, as the provider is fully in control of these elements. The way data is stored, for example, may vary greatly. Also, check where data is stored and if there’s a good backup and/or redundancy process in place. As the customer isn’t in control, they’ll be reliant on the expertise and maturity of the provider and its infrastructure.
Maintenance requirements also differ depending on the type of solution. On-premises physical access control systems need dedicated IT staff to maintain and update them, which can be expensive. In contrast, pseudo-cloud and cloud-native physical access control systems are managed and maintained by a third-party provider – which can be an advantage if you’re lacking the resources or expertise to manage your own system.