Putting credentials inside mobile wallets has erased much of the hassle users face and boosted the overall customer experience.
Image courtesy of Edwin Tan / E+ / via Getty Images
May 12, 2025
Cloud-hosted entry systems are rising in popularity as a flexible choice alongside traditional key cards. They let administrators pick between mobile credentials or physical badges to fit their operational needs and help security consultants meet demands in multi-site environments or in industries with strict compliance obligations. Though these services add convenience, moving credential management off-site brings both security benefits and risk factors. Staying current on feature improvements, shifting risk profiles and evolving system designs in this segment has become crucial for everyone involved.
“As cloud-based access control continues to grow, the question is how fast do the various vertical markets transition,” says Alex Kazerani, senior vice president, cloud video security & access control, Motorola Solutions, Chicago. “We encourage integrators to be ahead of this trend and become the cloud physical security experts for their customers.”
Mobile wallets free companies from plastic card inventories, printing delays and manual key issuance. Administrators can set up new credentials in seconds, disable lost or stolen tokens immediately and track usage within a single management console. This immediacy helps organizations comply with stringent policies while giving employees and visitors a more seamless entry process.
One size does not fit all. Organizations evaluate multiple factors when choosing on-premises, fully cloud-managed or hybrid entry controls. Many fall into a middle ground as local servers handle device connectivity, and the cloud hosts user data, firmware updates and remote analytics. Clients that begin with site-based systems often shift key functions online as their footprint grows, tapping cloud tools for centralized oversight.
“We see that most companies will use both physical and mobile credentials as well,” says Marie-Jeanne Sauvé, manager, product & industry marketing, Genetec, Montreal. “We’re not seeing mobile credentials replacing the physical security cards, but instead they are giving options to users and making sure that they can find what’s best for them. Some companies will go full mobile credentials, some will stay all physical, and some will use a hybrid model.”
Sauvé adds that her company’s architecture lets clients switch from an on-site model to a cloud-hosted service quickly, matching growth without costly reconfiguration. Genetec’s open design supports hardware from multiple vendors, letting buyers select readers, controllers and cameras that suit each site’s criteria without being tied to a single manufacturer.
Shifting infrastructure management to cloud providers lifts routine maintenance from internal teams. High-intensity services like redundancy tracking, failover readiness, guaranteed uptime and security patch roll-outs come built into subscription packages. This service model lowers upfront investment in spare equipment and specialized staff, helping smaller operations spin up entry control more quickly.
Providers often maintain multiple data centers across regions to distribute load and guard against data center outages. Geographic diversity reduces single points of failure and helps deliver consistent access in case of regional disruptions.
The rise of wallet-based credentials has forged new partnerships among device makers, credential issuers and tech firms. Cloud services act as a bridge between providers such as HID, Apple and Google and the manufacturers that integrate those tokens into access systems.
“When you bring in —for example — Google wallets, Android wallets or Apple wallets, you now have multiple parties that are kind of playing in that space,” says Kris Houle, product manager SaaS, Genetec. “Meaning, you’ve got — for example — HID, and then you’ve got Apple who are two different credential providers that have to work together along with a manufacturer like us. The cloud aspect of it is also a technological enabler that connects these multiple types of producers or vendors or OEMs to be able to deliver something that’s easy to use for an end user.”
Machine learning is driving smarter surveillance and faster response to threats. Cloud-based entry platforms can flag unusual access attempts, analyze usage patterns and move from reactive logs to proactive alerts.
“Cloud-based access solutions deliver several key capabilities in these areas,” says Brandon Arcement, chief commercial officer, SwiftConnect, Stamford, Conn. “First, they deliver real-time monitoring through AI-driven alerts that detect unauthorized access methods, and by continuous tracking of access logs and usage trends. Second, they automate reporting and compliance through a combination of custom reports for audits, compliance and security reviews, and by integrating with SIEM systems for enhanced visibility. Lastly, they support incident response by instantly revoking credentials if a device is lost or stolen, and by ensuring that access controls can be geo-fenced and time-restricted.”
Real-time analytics combined with video provides a clearer audit trail. Instead of a simple timestamp entry, operators can review footage to verify identities and check possessions. An active link to identity services lets administrators revoke credentials immediately for separated employees, keeping facilities secure in every corner. Facility teams may deploy occupancy sensors and tie them into access logs, creating richer usage profiles. That lets organizations spot underused work areas, adjust HVAC schedules and optimize space planning. Real-time head counts also help first responders locate individuals quickly in emergency drills or evacuations.
“Cloud-based access control solutions offer real-time monitoring and data analysis to operators to help them make important decisions and enhance situational awareness. For example, instead of a log line saying that someone entered the lobby door at 7p.m. using mobile credentials, there is video footage of that event showing who entered and what the person was carrying. Given the cloud footprint, the system can connect to identity providers and disable a terminated employee in real-time. Cloud-based access control systems can provide the status of all doors and see who is entering which area in real time.
“Reporting and analytics are reshaping security and efficiency for access control,” Kazerani continues. “ Instead of scrolling through an endless list of users, AI can be used to quickly connect management or security personnel to a user just by saying their name. In terms of improving efficiency, real-time occupancy data can help improve the utilization of the workspace by determining which spaces may be most commonly used or underused. Also, the trend of returning to office further reinforces the need to know who is at your facility at any given time.”
Privacy, cyber hygiene and strict user verification are leading into zero-trust access models. Multi-factor checks—a biometric on a device plus a PIN or license plate reader—are becoming standard practice for higher-risk sites. Advanced zero-trust policies can assign risk scores to each factor. Devices running outdated firmware or connecting from unknown networks might prompt step-up verification. Gate access to server rooms or labs until the policy engine approves every credential check.
“For example, administrators can enable biometric authentication on a user’s phone,” says Alex Kazerani, senior vice president, cloud video security & access control, Motorola Solutions, Chicago. “Additionally, employers can require a third method of authentication, which could be a pin code, or any combination of badge, mobile, pin, license plate, etc. When using these in combination, one can help increase the security of their facility and create a zero trust environment.”
Aligning with a manufacturer that treats cyber defenses as a priority can lessen risk. On-site servers demand more hardware, duplication and expert staffing to reach high-availability targets. Cloud platforms bundle those services into managed offerings, delivering redundancy, patching for new threats and 24/7 uptime guarantees. Deep expertise in security operations lets manufacturers run dedicated Security Operations Centers (SOCs) that monitor intrusion attempts, coordinate incident response and test for compliance around the clock. That focus relieves clients of 24/7 surveillance burdens and gives them access to specialist teams.
“[With on-prem systems] if you wanted things like high availability or redundancy, there was a lot of cost that gets put onto that customer to maintain that infrastructure, and it required a high level of sophistication,” says Kris Houle, product manager SaaS, Genetec. “When you move into cloud technologies, you’re taking that burden off of the organization. And that, I think, is one of the major reasons why we’re seeing cloud adoption, is that high availability, the redundancy, the guaranteed uptime, the patching of cybersecurity threats. This is now a service by organizations who are dedicated to executing those specific types of services.”
Providers must limit access to authenticated identities on trusted devices and apply least-privilege rules to cut unauthorized entry. Regular third-party penetration tests and SOC 2 Type II or ISO 27001 certifications help validate security controls. Strong encryption standards and protected APIs stop data tampering, while built-in failover keeps systems active during outages.
“Access should be granted only to authenticated users on trusted devices with least privilege permissions to reduce the risk of unauthorized access. Providers should have SOC 2 Type II and ISO 27001 certifications and conduct regular third-party penetration testing to ensure security controls meet the highest standards. Utilize strong encryption protocols and secure API communication to prevent unauthorized data access and tampering. And finally, redundancy and failover mechanisms ensure continuous service availability, preventing downtime in critical environments,” Arcement says.
Dealers expanding beyond door strikes can offer control over parking barriers, turnstiles, elevators and shared amenities such as printers or desk reservations. Plugging those touchpoints into the same cloud application helps facility managers streamline workflows and unify audit reporting. Dealers may bundle user provisioning, visitor management, mobile policy enforcement and integration with HR systems to automate access revocation on employee departure. That end-to-end approach can set integrators apart in competitive bids and build stickier service contracts.
“When evaluating cloud-based access solutions, integrators should consider the entire user journey, beyond just entry points,” he explains. “Cloud-based access should extend to turnstiles, parking, elevators, lockers, and workplace amenities (e.g., smart printers, meeting rooms, desk booking).
“Integrators should ensure the solution aligns with enterprise IT and mobile device management frameworks to facilitate easy adoption and security compliance,” Arcement continues. “The best access solutions offer tap-to-enter functionality using Apple Wallet, Google Wallet, and other NFC-enabled credentials, removing friction for users. This brings unexpected delight without forcing a user to change a behavior and learn something new — it’s a business application with a great consumer experience. Also, choose a platform that supports multiple access technologies and integrates with a range of security and workplace management systems.”
Regulated industries often need strict audit logs to meet policy requirements. In healthcare, patient record systems must track every door open or badge swipe near server closets storing sensitive data.
“HIPAA as an example is where the patient’s information is managed in particular systems. You have to ensure that there’s an audit trail. We don’t ever touch patient information so we technically don’t comply with HIPAA. Now, that being said… our system does help organizations who manage patient information ensure that they are meeting all of the requirements to comply with HIPAA,” says Kris Houle, product manager SaaS, Genetec.
“In a hospital, we’ll have a room with certain servers or paper files. Our cloud-based access control system can monitor who has access to that particular room. It will provide the audit trails of every single access to that door. You will have the remote management capabilities where you can get alerted or prevent authorized entrance. If there is an incident at that level, you will get that notification. I can put into place a mandatory audit review of every single individual that would have access there and make changes to that list at certain intervals that would comply with the organization. These are the types of things a system could put into place to help an organization manage their compliance for a regulation like HIPAA.”
Critical infrastructure projects in remote locations face obligations under NERC regulations to prove who arrived, when and by what means. Offline audit tools in cloud suites let site operators collect door events locally and synchronize records once connectivity is restored.
“North American Electric Reliability Corporation (NERC) is an electrical grade one where even though you might be in the middle of nowhere, you still have to prove who had access and at what time and how they got in and out. We have a specific solution that even though you are offline, we’re able to have that audit record forensically if you need to prove who had access there,” Houle continues.
