Avigilon Acquires RedCloud Access Control

Published May 30, 2013 04:00 AM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

Avigilon has acquired RedCloud, an access control manufacturer, for $17 million in cash. This post will fill in with details over the next day.

[Update: See our analysis of Lenel vs Avigilon for the potentially biggest impact of this deal.]

RedCloud Financials Background

RedCloud was founded in 2006 as Plasecinc. In 2011, the company rebranded as RedCloud [link no longer available]. In the slowly developing access control market, RedCloud is one of the 'newest' entrants.

Plasec/RedCloud announced a total of ~$7 million in funding in SEC filings (2011 disclosure, 2012 disclosure). Since the company has been in business for 5 years prior to those disclosures, certainly they raised other funding. Given their relatively small staff (maybe 10 to 20 people even now), we suspect that investment was fairly modest and that total all time funding would be in the ~$10 million range.

The 2011 SEC disclosure cited $1 to $5 million in revenue, which we suspect is where they are at today.

[UPDATE: We have obtained Redcloud's revenue and loss figures:

For the first half of 2013, RedCloud's revenue was just under $1 million, putting them on a $2 million annual pace. Given the $17 million price paid, that's an extremely high 8+ times revenue.

Also not surprising, but worth noting, is that RedCloud was losing a fairly significant amount of money. Expenses were roughly double revenue leading to a whopping 50% net loss. Despite being 7 years old, RedCloud was likely unsustainable absent an acquisition or new funding round. Given their position, RedCloud did very well with this deal.

Here's the excerpt from the financial report covering RedCloud:

Valuation

From RedCloud's perspective, given total investment was close to the acquisition price, it is likely a solid outcome though not a significant return for their investors.

From Avigilon's perspective, they likely paid ~5x RedCloud's 2012 revenue, which for the security industry is fairly high (more common is 1x to 2x). However, given Avigilon's price to sales ratio is in the same range as what they paid for RedCloud, it is not high for their own valuation.

Avigilon Cash Impact

As an all cash transaction, the $17 million represents about 1/3rd of Avigilon's cash as of March 31, 2013. Though this is rather significant, given their current stock market gains, it would be fairly easy for them to raise more cash at attractive terms.

Avigilon Motivation

RedCloud enables Avigilon to expand their end to end video offering into access control servers. The greatest potential is targeting enterprise customers who value tight access / video integration.

However, from a revenue generation standpoint, direct sales of RedCloud appliances are unlikely to make a major difference. Avigilon is already at a $150 million annual revenue pace, so even if they could radically expand RedCloud's sales, it would still only be a fraction of their video sales.

Moreover, most enterprise access control customers are fairly locked into existing vendors (e.g., Lenel, Software House, Honeywell, etc.). So getting them to switch will not be easy, especially those customers with proprietary panels (that will not work with RedCloud).

On the other hand, Avigilon could be aggressive in packaging RedCloud at attractive prices to motivate some major customers to swap out their existing access control software to a full Avigilon offering.

Additionally, there are not many 'up and coming' access control manufacturers. NLSS and S2 are possibilities but they both have their own video side already (which Avigilon would not want) plus they are likely to want even a higher price to sell. RedCloud is likely the most attractive pure play access offerings available.

RedCloud Overview

This marketing video gives a short overview of RedCloud's pitch:

A typical RedCloud system [link no longer available] uses either Linux-based appliances or 'virtual' servers to host head end management software. The head end is connected to the ethernet, and both administrator access and controller communication is accomplished using a LAN/WAN. Three versions of product are offered, ranging from a SMB "Express" version, to the multi-site "Enterprise" and "Virtual" versions:

From there, all 'downstream' hardware like controllers, readers, and locks are manufactured by others. Regardless of the particular RedCloud head end version, the system is compatible with the same (ethernet only) makes of HID or Mercury based door controllers. Part of the installation process includes rewriting controller firmware to work exclusively with the RedCloud head end, and this must be done with every downstream controller installed into the system.

Key Differences

While most access control systems are positioned to be resold by the traditional security channels, RedCloud takes a notable IT Services bend in designing and describing its products. Instead of focusing on 'traditional' physical security aspects like compatible reader and door hardware types, RedCloud's strongest claims are made regarding IT management aspects like "OpenLDAP" support and "Auto-Failover" redundancy features.

Other notable aspects of a RedCloud system include:

  • Web Based: The primary management UI is accessed via the browser, and installing a thick client is not necessary to access the system. However, no provision for serial connectivity is available, and all connected controllers and users must also have LAN access to be included in the system.
  • Open Hardware: The claim is conditional, and does not indicate RedCloud is interoperable with any system hardware because it is open. Rather, only select 'open' Mercury Security or HID (Edge EVO) controllers can be used. Controllers or panels proprietary to other systems cannot simply be added to a RedCloud system.
  • Appliance Server: Despite the IT-centric market message, RedCloud touts its appliance based system as an advantage, citing the ease and trouble-free use of a non-Windows head end. When coupled with its web accessibility, a RedCloud system only 'needs' one central appliance and can utilize existing workstations as clients.
  • VMWare Appliance: For IT organizations standardizing on virtual machines, RedCloud departs from typical providers and features a 'virtual server' only version.

RedCloud Comparison

RedCloud is a relatively new player in the EAC market. In a market segment where installed systems last for decades, and where organic growth creeps against established brands/resell channels like Lenel, SoftwareHouse, and 'other' IP systems like S2 or Brivo, RedCloud's acceptance has been limited.

Because of the 'incumbent establishment' and the appliance based architecture, RedCloud is best suited for the SMB markets. Unlike large institutions that have security integrator relationships, a small company likely will hire a general IT Services vendor before an integrator. In this way, RedCloud is likely to have the greatest success being sold as a corollary offering through a general IT vendor to smaller organizations.

Structurally, RedCloud compares to NLSS that also offers appliance-based access control using Mercury and HID controllers. However, unlike NLSS, RedCloud does not have a tightly integrated video management or video analytics built into the interface.

Avigilon CEO's Interview

Canada's Business News Network interviewed Avigilon's CEO (see video). Key points made:

  • Synergies because most surveillance users also use access control and most security dealers also install access control
  • Avigilon wants to be a pioneer in integrating access and video from one console
  • Expand Avigilon as a one stop shop and leverage their brand recognition to sell more RedCloud

All of these are reasonable and somewhat expected though many Avigilon competitors already integrate access and video from one console. It makes perfect sense that Avigilon will as well, though that will have to be developed.

Update: SSI has a print interview with Avigilon's CEO [link no longer available]. It does not add any new important details but it emphasize the importance of sales synergies over technical ones (though it does reiterate the claim of further development and integration).

The $6 Billion Market

Avigilon is emphasizing that access control is (or will become) a $6 billion market. This is misleading on multiple levels. First, RedCloud only sells server software / appliances and does not offer readers, panels, credentials, etc. that constitute the bulk of access control revenue. Also, IMS estimated the 2010 number for this market at $1.8 billion with a rather modest growth rate. There is still plenty of upside for expanding access control sales, but the multi-billion numbers for RedCloud's address market are misleading.

Comments (18)
UI
Undisclosed Integrator #1
May 30, 2013
Crazy(in a good way I think)! I thought for sure it would be Schneider Electric taking a look at RedCloud, given their recent announced partnership.
JH
John Honovich
May 30, 2013
IPVM

Btw, RedCloud's featured video manufacturer partners include Exacq, Schneider and Verint. It will be interesting to see how Avigilon runs RedCloud, i.e., do they foster working with their surveillance rivals or do they pull it close in for their own surveillance products.

UI
Undisclosed Integrator #2
May 30, 2013

Red Cloud didn't even make door controllers so you had buy an HID or Mercury Security box controller instead? Sounds like they bought half of an access control company instead. I don't think this acqustion is that big of news unless they plan on dropping their other access control intergration partners like Lenel.

JH
John Honovich
May 30, 2013
IPVM

I doubt Avigilon would want to drop Lenel (or Software House) integration. Those two are in too many large accounts. However, will Lenel or Software House be motivated to block Avigilon now?

Avatar
Brian Rhodes
May 30, 2013
IPVMU Certified

To the point about using HID or Mercury controllers:

Using someone else's controller is not really a sign of a half-baked company, as a number of electronic access control companies use HID/Mercury controller hardware, notably NLSS.

Mercury's list of hardware customers include: OpenOptions, Keri, Lenel, and both ASSA and IR.

I agree that it isn't a big deal in terms of the current market, but I also don't see the reliance on HID or Mercury for hardware to be atypical.

Avatar
Ethan Ace
May 30, 2013

I imagine they'd continue working with those partners (Pelco, Exacq, etc.), but it wouldn't surprise me if they stopped doing additional development on the integrations.

I'm most curious what this is going to look like on the client side. I would imagine they'd move access functions into ACC, and not pull ACC video into the RedCloud client. I really doubt Avigilon users are going to want to use a web based interface just to see access/video together.

JH
John Honovich
May 30, 2013
IPVM

RedCloud's use of Ruby and Rails as its web application platform raises security concerns. Earlier this year, there was an especially scary round of critical bugs (e.g., this threat) and wide spread coverage of Rails being insecure (e.g., insecure defaults) and even one respected developer calling the issues 'apocalyptic'.

We've been developing on Rails for more than 5 years and love it for what it does for web startups (which is where it's mostly used). However, for an enterprise appliance that controls the records for corporate employees and access to buildings, that strikes me as more risk than one wants to bear. Rails simply does not have the maturity or the deep experience that apps running on Java or .NET have.

On the one hand, having these RedCloud appliances inside Corporate LANs could make them more protected against Rails threats. On the other, if those appliances are out of date, they could be more exposed to widely known issues. We've reached out to RedCloud to ask a number of general questions and hope to get some feedback on this.

KL
Keefe Lovgren
May 31, 2013
IPVMU Certified
now that avigilon owns redcloud they may want to make a new sales video where they don't talk down pc based servers... after all if they are all "expensive and hard for it groups to maintain" where does that leave the surveillance servers they sell... and why not build the servers to host accc and red cloud... maybe it is just me but I am struggling to see this purchase as a benefit... hopefully it works out well though... the concept isn't new see the clearpix and the clearpass access control line... appliance based built on mercury hardware...
JH
John Honovich
May 31, 2013
IPVM

Keefe, RedCloud is a Linux based appliance, not a PC based server so I am not sure I understand your point here?

KL
Keefe Lovgren
May 31, 2013
IPVMU Certified

John my point was that I had (mis)heard them discussing "pc" based servers as "expensive and hard for IT groups to maintain"... this was in fact not what was said the video stated that servers are expensive and hard for IT groups to maintain...

before realizing i had misheard it I was making light of the fact that RedCloud is talking about how troublesome (my words) traditional servers are and that Avigilon sells traditional servers... if there was an emoticon for egg on face or eating crow i would be displaying it right now...

ps. please don't ever have emoticons available on this site...

UI
Undisclosed Integrator #2
May 31, 2013

I'm so use to our access control company we use (Stanley PAC) which has an complete end to end solution from proximity tokens all the way up to the head end software. In my book you need to have your own door controllers to be condsidered a major player in the access control market. If Avigilon dealers are able to buy the HID or Mercury door controllers though the Avigilon channel that would catch Lenel's eye but, I'm thinking Lenel like me looks at Red Cloud as just a software company that was bought by Aviglion. There are too many funtional S2 or Lenel access systems out there for Avigilon to exclude intergration with them

UI
Undisclosed Integrator #3
May 31, 2013

I don't think you'll see Lenel try to exclude Avigilon from integrating with their system. Genetec has it's own Access Control platform and master door controller and they're still collaborating with Lenel on several large projects. Many companies in our industry have competing lines and still collaborate with each other, no one product is going to take 100% of the market so it doesn't make commercial sense to end technical partnerships simply because they have overlapping product lines.

Avatar
Paul Grefenstette
Jun 02, 2013

I think they have acquired some solid talent(tech and engineers) in the ac space that they can build from. We haven't seen a demand for complete ac integration with our clients but this might make us consider the advantages and present it moving forward.

JH
John Honovich
Jun 02, 2013
IPVM

Paul, most integrators in our survey about video / access integration have not, as well. However, the larger the camera count, the more likely access control integration is desired, if not required.

NA
Nathan Adams
Jun 03, 2013

This is why you should always know the private equity position of companies before you sign long term agreements with them or make them a large part of your business plan.

1. They could be weeks away from closure.

2. They could be weeks away from a sale.

3. 1 and 2 about sum it up.

Avatar
Brian Rhodes
Jun 03, 2013
IPVMU Certified

@ Nathan

That sounds like experience speaking... living the dream!

NA
Nathan Adams
Jun 03, 2013

Fool me once, shame on you... Fool me twice shame on me.

(not to say Red Cloud isn't a good product. I simply refer to PE firms.)

PS
Phil Shanahan
Aug 03, 2013

In my view, not using your own hardware is the way forward. The access control section of the industry is slowing moving towards the video model where you buy the best/cheapest hardware for the job (like an IP camera) then connect it to the best/cheapest software for the job (like a VMS).

For me Genetec have been the pioneers here as they have been doing this with HID for about 5 years now. Maxxes is another one that see this model, the bigger players like Lenel and Honeywell use mercury hardware but with custom firmware effictively locking user in.

I saw a note here on IPVM a while back about Axis possibly manufactoring access hardware, I think this will accelerate change if it happens as they have the clout and are a very trusted brand (not that HID are not), I wonder if Avigilon are aligning themselves with an immenent Axis announcment?

Phil