Why Cloud Access Control Is the Future | Genea + Cook Solutions Group
Physical security has been one of the last enterprise software categories to make the shift from on-premise servers to the cloud — and the gap between institutions running legacy server-based access control and those running cloud-based systems is widening fast. In this session from CSG's 2025 Tech Summit, Genea's founder shares the arguments behind that shift, what it actually costs organizations to maintain legacy infrastructure, and why open standards are as important as cloud architecture when it comes to protecting your long-term investment.
Why Has Access Control Been Slow to Move to the Cloud?
Every other major category of enterprise software — CRM, email, HR systems, financial platforms — has moved to the cloud. Physical access control has largely not, and the primary reason is switching cost. Legacy access control systems require significant capital investment in proprietary hardware: panels, readers, controllers, and the cabling that connects them. Once that capital is deployed and the integrators and technicians have been paid to install it, institutions are effectively locked into the platform — because they cannot recapture those budget cycles to start over.
This dynamic is by design in the legacy security industry. Proprietary hardware means proprietary software dependency, which means renewal is the only practical path forward even when the platform has stopped innovating. The result is what Genea's founder describes as visiting customers who are managing their entire access control system on a dusty Windows laptop in a broom closet — a machine they acknowledge "does that" when it won't wake up.
What Are the Real Costs of On-Premise Access Control Infrastructure?
The visible cost of a legacy access control system — the per-door licensing fee — is only the surface of the total cost picture. The deeper costs are organizational: the human capital required to rack and stack servers, manage SQL licenses, apply patches, maintain firmware, and keep the infrastructure running. Every hour spent asking "is the machine still running?" or "did we apply the latest patch?" is an hour not spent on the actual work of physical security.
The iceberg analogy is apt: the licensing cost is the visible tip, and the infrastructure management burden — extra headcount, extra licensing, extra equipment cycles, and the brain power consumed by maintenance — is the mass below the waterline. Cloud-based access control eliminates most of that submerged cost by shifting infrastructure management to the platform provider, freeing the institution's team to focus on security outcomes rather than IT operations.
What Does Cloud-Based Access Control Actually Deliver That On-Premise Cannot?
The case for cloud access control isn't just about cost reduction — it's about the pace of innovation that cloud architecture enables. Genea released 55 new features in a single year. Legacy on-premise platforms, by contrast, typically release one or two updates annually, and those updates are often not driven by customer requests. Compounded over five or ten years, the gap between a cloud-native platform and a legacy on-premise system becomes a fundamental capability difference, not just a feature list comparison.
The architectural reason for this difference is significant: cloud-native platforms built on modern infrastructure (Genea runs on AWS) can deploy new features as isolated components without the risk of breaking a monolithic codebase. A customer integration request — such as connecting to Piko VMS — can be delivered in weeks rather than quarters, because the development and QA process for a discrete cloud module is fundamentally simpler than modifying millions of lines of tightly coupled on-premise code.
Why Do Open Standards Matter as Much as Cloud Architecture?
Cloud deployment alone doesn't solve the lock-in problem if the underlying hardware is proprietary. Genea is built on Mercury hardware — the same open-architecture access control hardware that CSG uses as its standard for new installations — which supports ONVIF, OSDP, and RTSP open protocols. This means that if Genea ever stops meeting a customer's needs, there are dozens of other Mercury-compatible platforms they can switch to without replacing their physical hardware.
This is a meaningful commitment. Proprietary hardware forces customers to stay regardless of software quality, because the cost of replacing infrastructure is prohibitive. Open-standard hardware keeps the power of choice with the customer — a philosophy that directly parallels CSG's own 30-day out, no-penalty service agreement. Both reflect the same underlying belief: if a vendor is genuinely meeting your needs, you don't need a contract or proprietary hardware to keep you. The retention should come from the value delivered, not the switching cost imposed.
How Does This Apply to Financial Institutions Specifically?
Community banks and credit unions operate in a regulatory environment where access control isn't optional — it's required for vault security, dual control compliance, after-hours access documentation, and audit trail requirements. The question isn't whether to have access control; it's whether the access control system is serving the institution or the institution is serving the system.
A cloud-based access control platform on open hardware gives financial institutions real-time visibility across all locations from a single interface, automatic software updates without infrastructure downtime, credential management that integrates with HR workflows, and the audit trail documentation that examiners expect — without the burden of maintaining on-premise servers at every branch. CSG installs and supports Genea alongside its broader access control portfolio, giving institutions the option of a modern cloud platform with the service and integration backing of a partner who understands the full banking technology environment.
