We, as an industry, need a hard reset on HID and Mercury Security.
I recently wrote in a blog post, “Scaling Mobile in Physical Access Control. We Can. Here is How,” where I covered ways we can breakthrough the current adoption and drive more of a flywheel. Since then I received a good amount of feedback that the list is relevant to the broader industry, which drove me to expand on each of them. For instance, recently I have been posting about the marketing focus needed by our industry - talent and better storytelling. The next example - what do we do with HID and Mercury Security?
I believe this one will be seen a bit more controversial but I have had enough one on one meetings with industry leaders to know its relevant and true - our industry - channels, access control software manufacturers, consultants and endusers - as a whole have an unhealthy marriage and dependency on HID and Mercury Systems. It is limiting the scalability of our industry overall and by not finding a healthy balance, it is opening ourselves up for external disruption (which has started to happen. Examples here and here).
Before I start, I want to make sure my intentions of writing this are clear. Like many of you, I have a great desire to see our industry grow, accelerate, and excel. But there are fundamental legacy ways we have all engaged that will not get us to where we need and want to be tomorrow. I have a great respect for HID and Mercury Security. I like the people that work there. I am grateful for what they have done in the past but as I look to the future, they, like the rest of us, have a choice. We can either adapt and change in how we go to market and recognize that in order for the industry to take those necessary steps, it is going to take new ideas, new business models, new messages, and new collaborations on ways we have not seen to date. Or we can put our heads in the sand and do nothing but complain about slow growth. My desire is to spark a conversation to unlock the former.
So, here, in my opinion, is why we need a reset of our relationship with HID and Mercury Security.
- In my opinion, HID and Mercury are not “open” and are not “more secure” anymore. Maybe that was true in the past 10+(?) years but as we move more mainstream and we move forward, it no longer holds true. It’s time to realign on what we as an industry define as “open” and “more secure.” In regards to open, we need to look to outside the industry and see how others define it. When it comes to “more secure,” this is subjective and there are more transparent and contemporary methods to be adopted. If you present the current way our industry defines open and more secure, they either laugh or instantly get confused.
- In my opinion, the specification strangle hold and lock-in of their closed system is limiting innovation, limiting long term value for your customers and driving all of our margin dollars per door down, while their margin dollars per door seem to go up (also good to note that the costs for customers per door has not gone down drastically either. Not just their fault but still something interesting to note). The downhill effect of that specification strangle hold is degrading your relationship with your customers for no reason. If you ask most customers what type of “access control system they have,” the majority answer “HID.” Why? Because of the card they have and the name of the reader on the wall. So pretty much, they have the market on all the edge devices the consumer interacts with. This is not good for your business. Now with mobile and the plethora of excellent suppliers, you have the opportunity to build that direct relationship and brand recognition with your customers.
So what should we do as an industry?
Overall, demand and start voting with your specifications, partnerships, sales, and end user wallets for more product interoperability, security, and functionality. This can be achieved by doing some of the following:
- Work with brands that put interoperability, security and functionality as a core principle of how they do business, not just say it. Do not just ask for a list of who they work with but ask for their open api documentation, access to their SDKs, and then ask for their partners.
- Partner deeper. There are a ton of exceptional resources at your disposal to help you and your customers that start with being interoperable, secure, and provide equal or better functionality. If you are in the position to hire, bring internal software and security expertise on board.
- Support, specify, and move to alternatives like MIFARE DESFire EV2. As NXP states, “It fully complies with the requirements for fast and highly secure data transmission and flexible application management.” This will drive down costs for end users, afford the industry to make greater margins, and unlock innovation engines.
- Learn, implement, specify, and support PKI.
- For physical access control manufacturers, work with third parties to build you your own readers.
- Come together, participate and support a set of specifications and reference designs for access control and identity credential components, like Leaf Identity.
There are many more things we as an industry can do. Maybe HID and Mercury Security will change their business models which will subsequently make them really open and more secure. Until then, let’s pick each other up and move this industry further by unlocking innovation and deep collaborations that are beneficial for everyone, not just one.
More to come on what else we can do as an industry to see a flywheel.
Agree? Disagree? Let me know. Again, my desire is for conversations that are happening behind the curtain to come front and center. Through the dialogue we can make changes before the changes are forced upon us.