What Experts Recommend

Interviews with experts from three leading companies—Suprema, SALTO Systems, and Primion Technology—focused first on how the role of access control is changing and which cloud‑driven features create new value and drive faster adoption. The experts agree that the main difference between cloud and traditional on‑premises systems lies in how they are managed and scaled. Rather than relying on local servers, VPN networks, and manual upgrades, the cloud model introduces centralized control. This makes it possible to administer multiple locations from a single platform, in real time and without being physically on site. According to Agnieszka Filipowicz, Business Development Manager for Central and Eastern Europe at SALTO Systems, this model is particularly effective for dynamic organizations that are growing quickly or managing distributed locations, which is why it is so attractive.

“Administrators can manage multiple locations from a single control panel, without building complex VPN networks. Software upgrades, security patches, and new features are installed automatically, reducing the IT department’s workload and keeping the system constantly up to date,” says Filipowicz. She also stresses that scaling is almost instant: adding users, doors, or entire sites no longer requires infrastructure changes, making cloud ideal for coworking spaces, multi‑branch corporations, and 24/7 hotels.

Suprema approaches the cloud model through the lens of simple implementation and redefined system architecture. Erik Cornelius, Product Lead of BioStar Air at Suprema Inc., notes that cloud is not just “putting software online” but a new concept in which the hardware itself becomes independent, without separate controllers. “We did not just move access control to the cloud—we removed the need for dedicated controllers. Each edge AI reader includes its own built‑in controller and connects directly to the cloud,” he explains. This approach enables installation without servers, rack cabinets, or local updates: the device connects to the network, is registered in the system, and is immediately ready to use. Suprema also integrates biometrics natively, so the cloud platform is not only a remote management tool but also the backend for accurate face and fingerprint identification.

While SALTO and Suprema emphasize flexibility, ease of use, and lower maintenance costs, Murat Türksoy, Head of Development at Primion Technology, highlights security—especially for European customers seeking full regulatory compliance: “Modern cloud services use end‑to‑end encryption, role‑based access control, multi‑factor authentication, and data storage in certified European data centers. This ensures full compliance with GDPR, ISO 27001, SOC 2, and national data protection regulations.” Türksoy adds that the combination of security, scalability, and automatic updates is particularly attractive for organizations with many sites, large user bases, and demanding audit requirements.

Why Users Move to the Cloud

The experts stress that the journey to cloud platforms is not linear. Motivations differ, but the destination is the same: a simpler, centralized, and more flexible access management system. The most common drivers, in addition to easier administration and lower costs, are the desire to bring multiple sites, users, and systems together on a single platform that does not require local server maintenance, backup routines, or IT support at every location.

“Companies want to manage all locations, doors, and users through one platform, without relying on local servers and IT teams. This saves time, reduces costs, and lowers the risk of errors,” says Türksoy, who argues that it is increasingly difficult to justify investments in local infrastructure when the cloud offers faster, more stable, and more secure options. Filipowicz confirms the same trend, noting that reduced IT workload is particularly appealing for small and mid‑sized businesses.

“There is no need for local servers, manual backups, or maintaining a security system. It is becoming harder and more expensive to keep the same security level on‑premises, which is why users are moving to the cloud.” At the same time, cloud adoption is not driven only by management efficiency—mobility and new user experience models also play a major role. Mobile credentials are becoming one of the key reasons for migration. “BioStar Air offers completely free, customizable mobile passes. Users can embed their access cards into their own apps—without extra costs and without installing a separate application. This is a huge advantage over traditional access cards,” says Cornelius.

Integration is another crucial dimension. Companies already using cloud‑based HR, ERP, video surveillance, or IoT platforms now want access control to become part of the same ecosystem. Cornelius explains that “cloud‑to‑cloud integration” is a key factor for customers who already have digital infrastructure and want a unified operational environment, while Türksoy notes growing demand for systems that incorporate AI‑driven monitoring and data insights. “Cloud platforms enable advanced analytics, insights into user behavior, space utilization, and security events. AI becomes something many organizations simply cannot achieve with local systems,” he says.

Which ACaaS Model is Most Attractive?

Cloud access control models may look similar from a user‑experience point of view, but technically they differ in how they balance local intelligence and centralized control. The experts describe three approaches: full‑cloud architecture, a hybrid model, and a portfolio approach that lets customers choose where they want the “center of gravity” of the system to be.

Suprema comes closest to a full‑cloud concept, since its BioStar Air platform is designed without servers, local controllers, or virtual machines to maintain. “Each reader contains its own controller and connects directly to the cloud. There are no local servers or controllers that need servicing,” stresses Cornelius, adding that this architecture can cut initial infrastructure costs by up to 50%.

By contrast, Primion Technology believes the hybrid model is more mature and secure, especially in environments where system uptime is critical and cannot depend solely on network connectivity. “Pure cloud solutions sound attractive but quickly hit limits when doors must continue to work reliably during internet outages. That’s why we use an architecture where on‑site controllers autonomously make key security decisions, while the cloud is responsible for administration, monitoring, and analytics,” explains Türksoy, noting that this combines the best of both worlds: offline resilience and online flexibility.

SALTO Systems takes a third path, offering multiple layers so that customers can choose fully on‑premises software, a pure cloud service, or a combined model. “Our portfolio includes ProAccess SPACE as an on‑premises platform, SALTO KS as a fully cloud‑based solution, and Homelok as a dedicated platform for residential properties. This allows us to support everything—from corporations to residential buildings—without limiting customers technologically,” explains Agnieszka Filipowicz.

Levels of Protection

Many potential users wonder whether the cloud can provide the same or higher level of data protection, privacy, and operational resilience, and what security mechanisms providers use to guarantee continuity of service even during internet outages. SALTO Systems emphasizes that security is built into its platform from the ground up rather than added later. “All data in transit is protected by TLS/SSL encryption, while data at rest is encrypted using AES‑256. With multi‑factor authentication and regular security testing, we ensure full compliance with GDPR and the NIS2 Directive,” says Filipowicz. SALTO uses redundant cloud infrastructure and local failover functions so that the system keeps operating even when the internet is temporarily unavailable. The company also holds BSI Kitemark certificates that confirm the security of IoT device components.

Suprema goes furthest in technical detail, treating data access as a cryptographic chain that must remain secure at every level—from the door reader to the cloud server. Communication occurs exclusively over HTTPS with TLS 1.2, data is encrypted with AES‑256, and mobile credentials are protected using PKI infrastructure,” explains Cornelius. Suprema does not rely on the cloud connection for door operation; each device includes its own local backup: “If the network goes down, the reader retains encrypted credentials and the doors continue to function. BioStar Air is designed to work even when the internet does not.”

Primion Technology offers a third perspective: security as an ongoing process rather than just a technical implementation. “We consistently apply security‑by‑design principles and maintain compliance with GDPR and NIS2, using TLS 1.2/1.3 encryption, digital certificates, and multi‑factor authentication,” says Türksoy. At Primion, key authentication decisions remain on the local controller, ensuring availability even in offline mode. The cloud is used for monitoring, configuration, and administration, while data is stored in redundant European data centers, preserving legal data sovereignty.

Key Development Trends

As access control increasingly moves into the cloud, the question is no longer whether transformation will happen, but what it will look like. Will mobile identities completely replace cards? Will biometrics become the default? What role will AI play, and will access control become just one component within a broader smart‑building ecosystem? These questions still need clear answers. The experts agree that the coming period will see system functionality extend beyond security toward analytics, integration, and business value.

SALTO Systems sees the future in combining several technologies that already exist but are only now entering mainstream use. “Mobile credentials are replacing physical cards, biometrics is becoming standard even in commercial buildings, and AI analytics makes it possible to model user behavior and predict system maintenance needs,” says Filipowicz. What used to be an “extra feature” is now a baseline expectation: mobile access, cloud administration, integration capabilities, and optimized user experience. At the same time, cybersecurity is no longer a separate topic but an integral part of technical security design.

According to Erik Cornelius of Suprema, the biggest change will come from integration with other platforms rather than from standalone technological upgrades. “Mobile ID and biometrics will continue to grow, but the real transformation happens when access control is tied into HR software, building management systems, and business processes. Access control becomes an operational tool, not just a security tool,” he says. Cornelius adds that AI will be used not only for event analytics but also for system management through natural‑language interaction: administrators will be able simply to tell the system, “Find all users added last week and grant them access to Meeting Room A on Tuesday.”

Primion Technology views the future through the lens of converged security and IoT integration. “Cloud access control is evolving from a management platform into an intelligent, connected security and service ecosystem,” says Türksoy, again stressing that technical and cybersecurity will no longer be separate domains. In his view, mobile identities, biometrics, and multi‑factor authentication will become standard, but the real breakthrough will come from how data is used.