Physical Security and the API Economy

Forbes Magazine hailed 2017 as “The Year of the API Economy.” If you’re not following this important trend, what you need to know is that APIs (Application Programming Interfaces) have become the new medium of customer interaction in the cloud era. By simplifying data interactions between companies, APIs amplify the benefits of cloud computing a hundred fold. They drive consumption, open new business models, and foster cross-industry partnerships.  

Call it the sharing economy for applications.

And it’s expanding at nearly 20% per year. This growth comes from companies like Amazon Web Services, whose APIs connect millions of virtual servers to the real world and enable AWS to thrive as the largest public cloud provider in the world. It comes from companies like Google and Facebook, whose APIs help capture one-fifth of all global advertising dollars last year. And it comes from the APIs that thousands of smaller companies have built into their products in every imaginable vertical.   

So, how is the API economy doing in physical security?   

On the whole, it’s hard to say because there is so little public data on this subject. But I can tell you how things look from where I sit at Brivo—the first and biggest cloud-based access control service in the industry.

As it so happens, this Year of the API Economy also marks the ten-year anniversary of Brivo’s web API services for physical security. The company launched its web API in 2007 and gave it a RESTful update in 2014.  Since then, the growth has been explosive. Over 500 individual customer applications now interact with the company’s access control services, extending the platform and the role of access control in ways that few could have imagined.

What are all these software developers doing with the API? They are using it to connect their digital businesses to the physical world.

The main use case is synchronizing identity and credential data between their own databases and Brivo. This lets developers manage access control from within their own platform and offer it to customers as a product extension.

One of the company’s newest partners is Breather, a shared workspace provider that lets users rent business spaces by the hour in locations all over the world. Their mission is to “make the world’s spaces connected, accessible, and productive.” Brivo helps them with the the “accessible” part.  Breather sends customers a code to access their reserved location, thereby helping to usher in the office of the future: co-op work spaces.

Some partners use the company’s APIs to infuse smartphone apps with the power of mobile credentials. Microstrategy’s enterprise security solution, Usher, for example, has extended the reach of their own identity management system by connecting it with API endpoints that permit users to unlock doors with Usher enterprise credentials.

And some partners are using it to ingest large volumes of security event data to better understand correlations between physical and cyber security. The data analytics company Splunk, for example, has created an app (available in their Splunkbase store) that allows mutual customers to apply Splunk’s advanced analytical software to Brivo security event data.

How’s the rest of the security industry? By definition, public web APIs depend on cloud services. Unfortunately, most software providers in the security industry still aren’t cloud-based. Analysts estimate that cloud solutions have only 10% market share versus legacy on-premise systems. But the market is definitely shifting: Access Control as a Service (ACaaS) and Video Surveillance as a Service (VSaaS) are both growing at over 26% per year.

If history offers any lessons, physical security will one day have its own “Year of the API Economy,” but it may still be a number of years in the future. In the meantime, we are happy to see early adopters enjoying the benefits already.