Lifespan of Electronic Access Control Systems

By Brian Rhodes, Published Jul 01, 2014, 12:00am EDT (Info+)

Just how long do end users hang on to access systems before they look to change? The answer may surprise you. Unlike video surveillance systems that turn over every seven years or so, the service life of access is much longer.

How much longer, and what is the impetus to change? In the update, we look at integrator survey results for the answer.

Systems **** *******

****** ******* ******* ********* *** ** service **********, **** **** **** **% ** systems ******* ** ***** ** ******:

**** **** **% ** ********* ******** end ***** **** **** *** **** system *** **** **** ** *****, and * **** ******** **** **** for ** ***** ** ******.

Why ** ****?

**** ********* ******* ** *** '** - **+ *****' ******** ********* **** maintain ******* **** **** **** ** service **** **** **** ** ********* plans ** *******, ** ****** ***:

  • "**** ** *** ********* **** **** using *** **** ****-*** ******** (******* current **** ******* ********) *** * long ****. *** ******?"
  • "**-** *****. ** *** *** ****** they ***'* ******* **"
  • "********* ********* *****'* **** **** **** for ****** ******* ******, ** **** as ** ***** ** **** ******..."
  • "** **** ** ********. ***** *** system ****."
  • "**** ** *** ********* *** ** until ** ******"
  • "*** ******* *** **** ****** ** have **** ** ***** ** ******** hardware ** ******** **** ** *** hard ** ******** ** ******* *** may **** **** *** *******."
  • "** ** **** **** **** *** customer ******* ** ******* ***** ****** control ******. "
  • "** **** * ***** ******** **** our *** *******"

******* ******: ********* ****

**** ******* ** ******, *** ****** does *** ******** ******** **** ***, but **** *** ******* ** **** a ****** *********** ** *** **** of *********** **:

  • "****** **** ** *** ******** ** beyond ******, **** **** *** ****** soon. ********* ** ******* *** ******** because *** ******** ********/ ************ ** longer ******."
  • "**-** *****. *********** **** **********************."
  • "*** ********* ****** ** *** ****** systems, ***** ** **** *** ********* to **** *****."
  • "*** **** **** ** *** * customer's ****** ** ******* ** **** they **** ****** **** ********* ****** service ********** **** *** ************. *** majority ** **** ********* ******* ***** existing ******** *** ********."
  • "**+ *****. *** ******** ***'* ******* the *** ******."
  • "*****, **** **** ****** *** ** spend ** **** ***'* **** **."

**** ******* ****** ** * *********** of *********, ** *** **** ** operating ****** ******* ******** ** **** passes. ******* ** ** ******* ***** parts ****** ********* ** *******, ** core ********* ******* ***** ****** ** more ******* *********, *** ***** **** costly ******* ** ** ******* ** an ********* ****** ** *******.

Other ******* 

********** ******** ********* **** ***** ***** ******** raised ** *** '********* ****** ******* *******" ******:

*** *********: ***** ****** ******* ******* ******* TCP/IP ********, *** *** *********** **** to ********* **** ***** ******* ******* or ****** **** ******** ****** **** changes. *** *********** ** *********** ****** and ********** ******** ** ** ******** connected ****** *** **** **** ** antiquated *********** ******** ** *** ********* of ** ***** *******, *** **** movement *** **** **** ****** ** the ********** *** ****-***** ***** ** physical ****** *******. ***** ******** ********:

  • "*** ************ ********* (**** ** **) - ********* ** *** *********"
  • "**-** *****. ****** ** ****** **** on *** ****, *** ****** **** internet ********** *** ******* *** ******** with *** *******."

*********** / ****************:** * ****** ******, *********** *********** or *********** ***** ******. *** ******* cannot ****** ******* ********* ******** ** credential ************* ************. ******** ******* **** mergers ** *********** *** ***** ******, as ******* *** **************** ******* ********* platforms ** ****** ********** ** ** non-existent.

  • "** ******* **** ***** ********** ** part ** ******** ********-****** *******, ********* to ******* *********** **** ***** ******** systems."
  • "****** ** ***** ****** ****** ******* force ********* ****'*. ** **** ******* systems ****** ******* ** ****** ******* data **********."

 

Comments (10)

Two main factors:

(1.) Being built on mostly solid state hardware, alarm panels and ACS equipment will usually have a longer life span than systems dependant on spinning hard drives, or tapes and tape heads for predecessor systems. When I worked at a newspaper company we had dumb terminals still way into Windows 2000 systems and servers.

(2.) What better has the industry offered? ACS systems are 10 years or more behind mainstream technology and alarm panels almost 20 years. So what really has the industry offered up in the way of improvements besides the most begrudingly given babysteps of progress?

Agree: 1
Disagree
Informative
Unhelpful
Funny

Hmm.. LDAP integration, Calendar integration, POE (9 years ago), browser based management experiences that run on any form factor, smart phone based credentials, tiered management for multi-site, deeper integration with video, rules engines that allow you to build virtually any functionality, should I stop now?

I agree that in general the security industry lags the general IT industry, but there's lots of innovation going on if you know where to look.

Agree
Disagree
Informative
Unhelpful
Funny

Our experiance in the Perth CBD market has been that generally a building owner will retain their access control technology for at least ten years before considering a change to a new platform. With the advent of IP connectivity to controllers and the abilty to "flash" new firmware upgrades in some systems to card reader level we foresee newer systems will be in place even longer. The change in elevator technology to destination control has forced many building owners to replace their access control systems over the past three years since older systems generally do not have the intelligence to interface to these systems at a high level.

Agree
Disagree
Informative
Unhelpful
Funny

Years ago, through a strange twist of fate, I found myself part of a small development crew which created the product now known as Honeywell Pro-Watch. One of the things we marketed (and I believe they still do) was the broad ability to support about a half-dozen other manufacturer's panels, not just Honeywell's Mercury-powered panels. We would go into sites supporting non-Honeywell boards for existing construction, with the premise that new construction would use Honeywell/Mercury panels, and older construction would be gradually replaced. While that generally proved true for greenfield work, the existing installations remained. To this day I am aware of hybrid sites where nearly all the system is on Honeywell/Mercury, but the orginal non-Honeywell panels, existing when PW was installed more than a decade prior, remain in place.

There are some truths in this industry:

First, access control is, at its best, invisible. At its worst, it is extremely disruptive. Workers don't necessarily know if a camera is down, a camera retains some deterent value even if it's down, and certainly workers don't need to be rebadged if you change out cameras, but everyone knows if a door isn't working.

Second, many door controllers are slaved to a host system or appliance, at which a "top-box" integration is usually implemented, extending usable life of older boards. I know of installations of 1980's-era panels, which nonetheless participate in modern IT integrations, due to logic implemented at the head-end.

Full disclosure: I now work at Mercury and of course our partners find value in our compelling features like SNMP, Zeroconf, TLS, biometrics, etc. That said, I know of end-user sites with 100 Mercury panels, and maybe 5 Thorn/Grinnel boards from the 1980's, but will not replace those 5 until they fail.

Agree
Disagree
Informative
Unhelpful
Funny

Jonathan,

You mention:

"I know of end-user sites with 100 Mercury panels, and maybe 5 Thorn/Grinnel boards from the 1980's"

Is there any feasible way to pitch them the benefits of buying/ switching to a newer panel? Is there not enough improvement in 2014 panels that 1980s boards are seen as just as good?

Agree
Disagree
Informative
Unhelpful
Funny

Nope. (in regards to feasible way to pitch, not lack of benefits)

You're probably thinking, "Why, young Jonathan, is this so?". Let me tell you:

The systems of which I speak are usually very large, like a large airport having expanded, but the original concourse largely unchanged. Want IP connectivity for that old panel? No problem. You can get an IP to RS485 converter terminal server from BlackBox for a couple bucks:

IP to RS485

Want an event on that old panel to trigger video recording on Exacq or Milestone? No problem...it's done at the host, now that it has an IP conneciton to that old board. Want LDAP integration so that cards are automaticly updated and synched with IT? No problem: Implement it at the host.

I would say that newer smart card technologies will finally start to give reason to upgrade those systems before they fail. However, even then one could get by with the HID (formerly Corestreet) F5 board which ultimately provides a standard weigand signal to a controller.

These are all partial solutions, but rips and replaces, especially of old stuff, can be very labor-intensive and expensive.

Agree
Disagree
Informative
Unhelpful
Funny

I think this trend is about to change dramatically. With smarter devices, such as smart cards and readers, and the "internet of things" being deployed, technology obsolecense is introduced into the equation. The legacy of these devices that do not do much and just work allows for the long term use. With advanced technologies comes the much shorter life cycle of the components. In this world it is all about power of the processor and how long can you continue to support the old ones. Readers might work for 20 years but the software integration and smarts of the devices won't keep up with expectations. So, I think the trend will be cut to 5 years. Certainly under 10. The base system might not change but the world of "refresh" will become a part of the access control industry and a new life cycle will emerge.

The challenge is the mindset of the end user. "We just installed that system" - yeah 7 years ago. Companies must adjust to the life cycle change and begin to think about access control like any other technology based platforms they buy. This could mean many more subscription service models in lieu of capital investments.

Agree
Disagree: 2
Informative
Unhelpful
Funny

As long as there are significant labor costs involved with changing out door hardware, as long as badging offices exist, as long as new bells and whistles can be sort-of introduced at higher levels, I doubt you will see much shortening of the cycle. Maybe a little, and certainly there may be waves of upgrades here and there, but no wholesale shortening of the cycle.

It is tempting to use the smartphone analogy, but it is not a good one. When you go down to Best Buy and upgrade your iPhone every 2 years, it affects only you. You do not need to hire a union electrician to plug in the new USB Lightning cable. You do not have to come up with a plan have both your old phone and your new one working together for any stretch of time. The phone is limited in scope and you do not need to train anyone but yourself.

Example: Smart cards were introduced about 20 years ago, yet only now are really taking share from 125kHz, in spite of the clear benefits.

This is not to say that greenfield opportunities won't run the latest and greatest, as they will. I am just saying that the threshold for upgrades is really high when you have wires running through walls and people to train.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Was looking back at this report for some research on the topic. Does anyone think things have changed since 2014? Are there any new regulations or guidance presented by DHS, DoD, ISO 27001, CTPAT, ASIS, etc. that would add to this discussion today?

Agree
Disagree
Informative
Unhelpful
Funny

In the private sector, little has changed. As results have indicated, [even] OSDP has poor adoption.

However, in government and high-security sectors, regulations like FIPS-201-2 (PIV) have driven changes.

For those other entities you mentioned, I will research the scope and applicability of standards that may impact things.

Agree
Disagree
Informative: 1
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports