 Hey Aloha and welcome to this episode of Security Matters Hawaii we're live in the Think Tech Hawaii studios with my friend Paul Cohn from Phoenix and you're the general national business development manager like you got a long title man good for you thanks for coming in today I really appreciate it thanks for having me we're gonna talk about the cloud and and some of you know about cloud this and cloud that and Google and Azure and Amazon but you may not know a lot about cloud-based access control and access control has moved into the cloud very aggressively it's a it's a very easy play and we're gonna kind of drill into some of the things reasons I think that it took so long to happen and white people didn't do it Paul brings a lot of expertise here today so we're gonna have some fun chit-chatting so I know you know about access control in the cloud but the first thing I always got to ask my guess is sort of what what you know for you and from a security perspective you know the people you're talking to in the industry what keeps you up at night these days man what keeps you up at night that's a good question usually it's my dogs see barking dogs and that no one ever gives me that answer that's a great answer but from you know in this context I'd say you know really trying to truly understand when this adoption is finally gonna take place you know I see this conversion party your job keeping you up at night yeah absolutely you know when are we gonna start to see the the true adoption of cloud specifically in the security industry you know we've seen it on the IT side when it comes to voice systems and and all the converting to IP and all these IOT devices and so forth and we just been so far behind in the physical security industry just waking up one day and realizing all right we're finally here we're there and you're gonna be part of the you're gonna be part of the charge yes so you know to that point what do you do you think it I mean the manufacturers we know like there's big names out there in the industry that've been around there established and they've got a big thick heavy software package right that really needs a lot of processing power to run on your PC and then they got a big back-end database structure with sequel do you think that's been the problem for them just to retool that stuff or do you think it took somebody new to kind of come along and build it fresh I think it's a combination of both I think that the the underlying architecture of how a true cloud-based access control platform is built really plays a lot into a lot of factors I think that from a from a scalability perspective from a usability perspective you can't just take a piece of software and put it in a data center somewhere sure and expect it to be cloud doesn't perform right it doesn't perform the same way so taking a look at how it's developed how it's architected and then you know increasing the adoption rate from that perspective right and realizing what the true driving factors are when it comes to adopting cloud access control and I know to that point so Phoenix was able to adopt a different database structure instead of like traditionally it's always been SQL yep the world knows SQL the access control world definitely knows SQL but you guys went down a different path you can talk about that a little bit sure yeah so our our latest platform has been architected and developed around what we would consider a no sequel database okay wow there's a number of different no sequel databases we chose a solution called Mongo database okay they're really the industry leader when it comes to to no sequel and there's a number of different benefits that you get from a no sequel database you know the biggest thing is the scalability factor traditionally Microsoft SQL or any other kind of traditional SQL database really what is considered scaling vertically right meaning that if you need more database structure you got to pay for it I see it's expensive it's heavy with a no sequel type of database that scales horizontally so it allows us to provide the necessary database structure or capacity if you will to our clients whether that's small amount of data or a large amount of data so and it's very fast there's a couple other you know benefits that that you get as far as recovery and how quickly you can retain data in the off chance that your system goes offline or something happens like that so a number of different features and benefits from from a no sequel database also sits in the cloud as well yeah so it seems awesome because you know the I think access control systems where you you know the challenge for all of them was always how many transactions can you process right so you know when you've got a database like you folks have they can scale rapidly you know because I don't know if our audience knows but if you've got huge office buildings in New York or San Francisco everybody's shown up to work at 8 a.m. and and you've got tens of thousands of transactions that got to get done rapidly right and so that scalability you know in performance gives you that with this you know in the cloud architecture absolutely as well as redundancy as well so yeah you know in the traditional model you're buying multiple different SQL databases right they're running in multiple different environments with with a no sequel or with our Mongo it's it's multiple replica sets so the transactions the data that's getting processed everything that's that's getting written to the database is is constantly being mirrored so you have that redundancy built in as well that's awesome it's generally less expensive than SQL and we're talking about an Amazon hosted AWS hosted environment first Phoenix specifically yes we are hosted in AWS excellent yeah so there's there's a and so that you know what that gives you is a global infrastructure that you know when you say resilience I mean your uptime is basically infinite right this thing I mean let's the world ends or all the power of the world stops or something yep you know you're just not at really at risk of losing your data or your data not being replicated there's multiple instance of it available all the time dynamically absolutely that's super expensive to try to reproduce in a on-premise environment yep you know I I recall the days of legato and failover SQL clusters and all this kind of stuff just to you know get five nine resiliency for our military folks you know it's super super pricey and so this this the customers are getting the advantage of all of that built into a package like you folks are building already out of the gate and there's no cost it grows you don't need the different version of SQL or whatever right it's just no cost that's amazing so cloud some people freak out about you know oh where's it where's all my data going how does it get there let's talk a little bit about getting it out off the premise because you know you've in a traditional access control system and they're all about the same you've got a card that you know you use on the reader or your phone on a reader then you've got some data that goes upstream to the controller and in your case the controllers talking instead of to a local database it's going right out through the firewall to the cloud correct and so let's talk tell us a little bit about what's going on there you've got some encryption happening and you're sending that data up one side that's correct yeah so it's encryption as far as TLS 1.2 goes it is a standard which is a standard absolutely it is optional but you know all of our boards get shipped out with it enabled okay you know it's completely serverless infrastructure nice or architecture so it's controllers talking directly to the cloud outbound communication only establishing that trusted communication within the AWS cloud environment so that those transactions can flow bi-directionally fully encrypted nice you know there's there's there's some inherent value as far as total cost of ownership or you know just the reduction of infrastructure cost on that alone right being able to just have that that controller talked and communicate directly to the cloud and I know our team set some of these up and it's it's absolutely takes like minutes yeah so that's in it was that a function that you decided I guess when you're firmware so you and you guys we should talk a little bit about about mercury hardware mercury hardware is used by a whole lot of different manufacturers today you guys adopted mercury we did that it would be I guess well-known absolutely easy to use yeah I mean we have a philosophy a couple a couple things that really hit home for us as far as what our philosophy is and one of them is open hardware okay you know we have our founder and our entire team really has a philosophy that the customer always should have a right to choose right and should never be locked into anything proprietary from a reader and credential perspective as well as a door hardware door controller perspective so we chose mercury for that reason we also have a number of different you know options and features obviously that come along with that but you know mercury is open so really gives the customer the right to choose that's awesome and so so then you in the factory you're basically building your firmware into the mercury panel so when our installers get it and they bring it online to customer's place it it goes out and establishes this connection to the cloud correct right in the traditional model with a premise-based access control system mercury or anybody else those controllers are what are getting shipped out with what we would consider IP server mode okay as far as the communication mode goes ours get shipped out an IP client and that allows that controller to call outbound right one of our benefits is that we don't require any inbound ports be open up on a customer's network nice it's an outbound call again establishing that communication you have a number of different port choices that you can choose but it's all outbound and yes that is how it gets shipped out the setup process is you know like you said a number of minutes because we've taken care of most of the heavy lifting before that board gets out the door isn't that something so we've got a with cloud-based access control if you're just joining us you know we've got this resiliency in the cloud we've got a very secure infrastructure to provide the the transactions and the data from the system on-prem up to that cloud server talk a little bit about this the software development that you folks have been done oh you're you've got a fairly mature version product now it's been out around a while what what what have you seen in growth there as far as ease of use and those types of things yeah I mean really it's there's a lot of factors that go into that okay again when our founder when when he went to work and developed our first version of the software that version itself was developed around cloud okay wow from from day one cloud and and we chose AWS because at the time Amazon Web Services was really the industry leader and I you know okay I still believe that they are but we have Google cloud and you know Azure now and so but it was built around the cloud so again we're not taking a thick client or a piece of software and putting in a data center somewhere and calling it cloud we utilize a number of different services around AWS that really provide us the capability to make those API calls change code on the fly so that all plays into the user experience very low latency when it comes to transactions you're seeing things in real time and again you know number of different features and benefits because we use a single AP arrest API okay so that it's one API that that that is the product right and that's what sits in the cloud and the performance that we get that tacked on with Mongo database is really where is where you see the scalability in the performance yeah it looked down we were looking at this in the shop Monday and you know it looks very mature to me you know from an access control perspective I didn't see and I didn't hear anyone in the room bring up things that that they wanted to see done that that the products not already delivering yeah to the point you have visual visitor management and video integration already there yeah so I mean from what we've seen you know cloud access control has been around for quite some time there's some you know manufacturers that have developed it and you know have really brought it brought it to life what we wanted to do is we wanted to build an enterprise class access control platform meaning that it has all the features and functionality that an enterprise customer whether you have two readers or ten thousand you have what what I would consider a true access control solution there are other solutions out there that in my opinion are really just keyless entry solutions right and so when you think about the reporting the number of different you know triggers and procedures the visitor management the the integrations that we have that all kind of plays into what I would consider a true access control solution and especially from that enterprise perspective which you mentioned our enterprise your larger clients that have multiple sites or multiple things happening that there's that they're concerned about from a security perspective we're bringing all different types of data not just forced door they may be more bringing the video with that forced door or they may need to bring some visitor management in the video to confirm that that that guy down there is really the guy that they need to go see that's locked in their man trap or whatever it may be so there's there's a lot of value in that and approaching the enterprise and they've sort of been the last group you might say to say who can you really handle us because they're sure mobile implementations you know probably a hundred thousand readers I don't know I don't have customers like that in Hawaii but yeah really large implementations yeah I mean there's a number of different objections that we've seen and we've had to overcome when it comes to presenting our solution to the enterprise customer you know I often you know ask people what what does enterprise mean to you is that you know it does it is it number of employees is it number of sites is it you know number of card readers and you'll get a different answer from anybody you talk to you so for us it's really being able to scale up or down as you need to and support you know that that environment no matter how big or small it really is wow yeah the cloud's gonna make us infinite even for access control we're gonna pay some bills we'll be back in about one minute aloha I am Howard wig I am the proud host of cold green for think-tech Hawaii I appear every other Monday at three and I have really really exciting guests on the exciting topic of energy efficiency hope to see you there hi I'm Ethan Allen hosts on think-tech Hawaii of Pacific partnerships in education every other Tuesday afternoon at 3 p.m. I hope you'll join us as we explore the value the accomplishments and the challenges of education here in the Pacific Islands hello my name is Stephanie Mach and I'm one of three hosts of think-tech Hawaii's Hawaii food and farmer series our other hosts are Matt Johnson and Pomei Weigert and we talked to those who are in the fields and behind the scenes of our local food system we talked to farmers chefs restaurant tours and more to learn more about what goes into sustainable agriculture here in Hawaii we are on a Thursdays at 4 p.m. and we hope we'll see you next time hey aloha and welcome back to security matters Hawaii I'm with Paul Cohen of Phoenix and we're talking about cloud-based access control you might want to take a look at this if you're like considering replacing upgrading or doing some of your access control systems because cloud is happening big in this space and these are these are one of the leaders that are doing it I'm Paul different customers you were just talking about how they have different concerns you know maybe based on their size or based on their past experience whatever it may be what do you think are or what's that what you see when you talk to you know integrators like myself what do you think the driving factors are for cloud adoption you know what's making them say yes so I think there's really there's probably three primary concerns as far as what we see in the industry and our philosophy is that one it has to be mobile meaning yes you have to be able to access your system and manage your system from anywhere in the world anytime anytime without having to be on a corporate network or some sort of VPN type of scenario it has to be secure from a cybersecurity perspective we take cybersecurity very seriously doing a number of things that you may not see in the industry so it has to be secure by default it has to be encrypted by default because one of the biggest objections with cloud anything cloud applications in the cloud cloud access control is that it's got to be secure mm-hmm and then the convenience factor and this really plays into the user the administrator different organizations within the company or different you know areas within the organization IT facilities it's got to be convenient mm-hmm you know the setup and the and the process of deploying cloud access control can't be difficult mm-hmm you know there shouldn't have to be any kind of you know changes that you got to make on your network from a firewall perspective or anything else you know updates and patching as far as keeping your system up-to-date has to be easy it has to be automatic I mean imagine if you you know on your iPhone your mobile mobile device if you had to go through a rigorous process just to update to the latest iOS the latest version I do but you just have to click update yeah exactly and it does it for me with with with this you do it for the everyone correct you just update the cloud instance yeah yeah and so you know those I would say those are the three primary driving factors mobility convenience and security cybersecurity and convenience is a big thing and I think it's lost I've definitely been through a lot of organizations and when they get start to get a little bigger and it's out of the hands of one person and you've got different organizations that need a different feature one one's gonna issue badges one's gonna get the alarms one's gonna do the IT management side perhaps or or the set the authentication levels or whatever manage access levels or whatever it may be all of a sudden those guys they're not talking maybe they don't even work in the same departments and in the management of the system becomes like this hassle yeah so when it's easy and when it's cloud and there's like training right on like YouTube for it right these person these people can learn their piece of the pie very very easily and I think it shouldn't be lost because we said mobility everyone's really used to that phone but it should not be lost about this mobility comment because there is a browser based instance there's a mobile you know device instance and you've got all that same functionality in all of those correct so this truly goes with you anywhere so you can do whatever your tasking may be you need to get approved for badge for printing for example yep that can get done you need to get an access level authorized for someone that can get done you know while you're at lunch yep amazing or on the beach and it can be done securely absolutely right so that's we didn't really talk about that that the other side of that pipe you know from the cloud that the client side is also encrypted down to the device so we've got this end-to-end encryption everything goes up through one pipe and it's encrypted everything comes back down to the devices for the user experience encrypted it's correct very safe very secure very functional this is why everything's gone that's why everything's going cloud because it works like that amazing let's get in now we we brought up a couple these other points and maybe you've heard some of this I don't know but the stereotypes and we touched on a little bit and perceived barriers so how's that going you know you got sort of a national vision on some of the big boys and the larger medium-sized companies let's call them and you're down to small guys well what are you seeing you know is it is it is that barrier dropping I presume so yeah definitely for sure okay you know I would say five years ago you know or even even sooner than that three years ago we we're still trying to overcome you know the the barrier the objection that your cloud access control is only designed for small customers it's only good for the the one to ten door environments right and doesn't scale you know some some other objections as far as you know we there is limited on integrations or you know the is some certain but it's not secure certain industries won't won't adopt it like the financial or banking industry and yeah because there's dust not in the cloud right because your bank because your your bank accounts not right yeah yeah so I think we're starting to see you know that change and I think the technology obviously is changing and and and it's getting less expensive as well you know one of the I'd say one of the bigger objections is yeah it's a it's a recurring model right so just like we have music or Spotify or Netflix or whatever we pay it every month or every year and we have everything our fingertips and we can get whatever we want that that took it took a while for companies to to really understand that but you know we're helping as well as you know firms like like yours helping our customers understand that there's a number of benefits that can be gained through that you know you utilizing operational expenditures versus capital you know really having that predictive model so if you're you know if you're rolling out sites once a year you know what that cost is and you can predict it and budget for next year and the year after in the year after so yes it is recurring but you know there are customers are really starting to benefit from that and and all the other features that go along with it as far as uptime and resiliency and redundancy that all plays into it yeah and we looked at an ROI tool that you've got that really showed that gap you know there's this this OPEX model for recurring revenue it really gets the customer everything that he wants it from a down downtime perspective a backup and encryption they get all of that and it actually costs less and I know that the pricing there's a point at which if you're really big you got to kind of come to you guys that work something out right so some of these guys are consuming if our audience doesn't know they kind of consume cloud services with the amount of CPU that they use in the cloud and the amount of storage that they take and so this this model is not quite there yet and it because it is kind of transactional based and it's reader based and it's credential based there's some other factors in access control that don't quite fit that model but the big boys will probably come at you with some of that right more of a cost plus computer something sure potentially yeah I mean and we you know there's a number of different options as far as you know what that looks like but and there certainly is a breakpoint you know but again we're we're trying to sell the value of this right and there's a lot of hidden costs that go into a traditional premise-based model and yes the things that all the way down to how much it costs to power and cool server yeah I know why that's super significant right electricity yeah how much time is it does it take for your administrators your IT folks to make changes and do updates there's a cost associated with that it may not be right in your face or up front but all that kind of plays into it and again you know sometimes we pay more for value than then you know trying to go with the cheapest option so and then and again it I think we saw that it was actually less expensive and you get all that value anyway which is amazing for those people that fall into that level which is a lot yeah I want to get to some of this stuff we talked about some of these these these customer problems so you know when the customers start where when you get brought in I'm sure you're you know you're visiting with integrators to a customers who's like you know I need a new access control system and then the vars like well why and so do you have to kind of walk them through some of these value propositions that we've been discussing today is that what it takes for the customer to understand absolutely yeah and it's always been my philosophy and I think really everyone at Phoenix and a lot of people in the industry as well is that you know there's some really really good solutions out there when it with access controllers people that have been doing it for 20 plus years right and a lot of the problems and challenges that our customers have been having don't aren't aren't necessarily access control related yeah the door opens right card works it works right we get we get the forced door alarms we that all works but there's there's a number of things that you got to do to maintain that system and you know our customers have limited resources we're starting to as I mentioned when I first started that's convergence with it you know I see access control and physical security is falling on it a lot more nowadays yeah and they don't understand it and oftentimes yeah and so you know a lot of these systems out there that need to be upgraded and some of the pain points our customers are having really have just stemmed from not maintaining the environment yeah not keeping your system up to date yeah and when you do your several versions behind and then you know you have to so all that goes away with cloud access control so the IT groups truly understand consuming this as a service absolutely they may not know how we hooked up all the doors and made it work but boy they understand that that consumption of service based model I can see what I've got in the cloud I can see how it works I know where my reporting is I understand how my database is and it's basically headache list for them yep right whereas instead of them getting the oh we need to buy the latest version of SQL for the newest version growing and go buy another new server bigger chassis yeah oh yeah so been that has been sort of the bane of our industry it's never been that the doors don't work it's been that the maintenance pieces is I would I don't want to say overlooked a lot of organizations do a pretty good job of it but oftentimes when you get out of enterprise you get down to the some guy who's got 50 hats to wear and that little piece just gets forgotten until the server dies correct yeah until you walk in there and it's fine and then they're like it's 10 grand for a new server and you haven't bought anything for five years so consuming it all the time you know when an organization is committed to security it just makes more sense to have that as an operating budget I think it's a well-made point there's another thing here about customers about it's outdated and doesn't work so that's an interesting thing to me because it probably does but they I think they're saying they want other features yeah so what do you what do you feel like we'll be able to give you know what what's coming next because the doors are opening we're getting the reports you showed us some great video integration we're going into business intelligence I mean there's a lot of lot to be learned there about how organization works yeah that's a really good question you know I think from our perspective a lot of a lot of our features that we release and new things and new bells and whistles if you will I really driven by our partners and our customers so you know we we've there's no no schedule no set schedule as far as how many times a month or a year we do updates but we'll take a look at it and you know if it's something that the customer really needs but you know we'll do it also you know it's hard to say I I envision you know it's certainly cloud access control becoming more of a of a platform if you will okay outside of just access controls yeah yeah so you know a number of different sensors that we can bring in and inputs and outputs or you know whatever it may be becoming more of a security management platform versus this is access control off you know and this is only access control perfect so dang if you're looking at your access control system and you got questions think about cloud it's real it's happening I really appreciate you being here today man yeah thanks for having me we'll be back in two weeks with another edition of security matters and happy Halloween out there stay safe aloha