The traditional access control server room contains a 3U rack server running Windows Server, SQL Server Express, and a proprietary PACS software version that hasn't been updated since the integrator commissioned it three years ago. A terminated employee's card was never deactivated at the Mumbai office because the security manager at Delhi doesn't have VPN access to the Mumbai PACS server. The Bangalore office server crashed last month — physical access logs for that period are gone. The Chennai office is running a different PACS vendor entirely.
Cloud access control replaces this fragmented, unmanaged, permanently-stale infrastructure with a single management plane from which every door, every site, and every credential across the entire organisation is visible and controllable in real time. Terminate an employee in Delhi — their credential is revoked at every door in Mumbai, Bangalore, and Chennai within 30 seconds, automatically. Add 200 new employees onboarding at Hyderabad — their credentials are provisioned from the HR system integration before they arrive on their first day, without a single manual step in the PACS console.
Cloud Access Control Platform Comparison
| Platform | Model | Offline Resilience | HR Integration | India Data Residency | SOC 2 Type II |
|---|---|---|---|---|---|
| Genetec Security Center SaaS | Unified Video + Access | 72h local cache | REST API (Workday, SAP) | Yes (AWS Mumbai) | Yes |
| Brivo ACS300 | Pure cloud ACaaS | 48h credential cache | REST API + webhooks | Partner required | Yes |
| Openpath (Motorola) | Cloud-native access | 72h local cache | Okta/Azure AD SCIM | Partner required | Yes |
| Verkada Access | Cloud + edge cameras | Local decision engine | SCIM (Okta, AD) | India region TBC | Yes |
| Honeywell Connected Building | Hybrid cloud/on-prem | Full local fallback | REST API | Yes (India support) | In progress |
| Bosch AMS Cloud | Cloud management | 72h local cache | REST API | Yes (EU/India option) | Yes |
Technical Design: Cloud Access Control Architecture
- ACaaS architecture: Local controller panel (Genetec Synergis Cloud Link, Brivo ACS300) at each site handles door hardware and reader communication via OSDP v2 or Wiegand; management plane is cloud-hosted — MQTT/HTTPS connectivity from controller to cloud
- Offline resilience: Controller panel stores 72-hour credential cache locally — during WAN outage, access decisions continue locally; events queued and uploaded on connectivity restoration
- OSDP v2 end-to-end encryption: TLS 1.3 on WAN (controller to cloud), AES-128 on OSDP RS-485 (panel to reader) — encrypted credential chain from mobile device through to access panel
- HR JML automation: SCIM (System for Cross-domain Identity Management) or REST webhook integration with Workday, SAP SuccessFactors, Oracle HCM — new hire triggers automatic credential creation; termination triggers instant revocation across all sites
- India DPDP Act compliance: Biometric data (face/fingerprint templates) stored in India-region cloud (AWS ap-south-1 Mumbai, Azure India Central Pune) — satisfies DPDP Act 2023 data localisation requirements for sensitive personal data
- Multi-site provisioning: New site rollout — rack controller panel, connect to LAN; auto-registers with cloud tenant; credential database pushed automatically — no on-site configuration server visit required
- Mobile credential integration: Cloud platforms provision HID Mobile Access or ASSA ABLOY Seos mobile credentials directly from the cloud dashboard — one step provisions both the access policy and the mobile credential
AI-Driven Cloud Access: Autonomous Policy Management
Cloud access control platforms are adding AI layers that move beyond manual policy configuration into autonomous policy suggestion and enforcement. By analysing actual door usage patterns across all sites, AI will identify policy anomalies — credentials with access rights that have never been used, zones where access has been granted but no one has ever entered — and automatically propose policy rationalisation. Combined with predictive credential provisioning (the system provisions access for a new employee's expected role before their manager submits the request, based on department and role prediction from the HR system), cloud access control will evolve from a platform that executes human-configured policies to a system that intelligently manages physical access posture with minimal human configuration overhead.