03 Jul Why Some Brands Are Winning in 2025?

By Trent Loebel, CEO Torus

Below is an excerpt of the Access Control Executive Brief #102 by Lee Odess using the above title. 

In my opinion this is an excellent brief which ‘nails’ the current environment in the access control industry and, more broadly, the Operational Technology industry.

Operational Technology refers to the hardware and software systems used to monitor, control, and automate physical processes, devices, and infrastructure – in industrial and mission-critical environments.

The following 8 points are highlighted by Lee and resonate strongly with what we are seeing being required and demanded by enterprise and government customers.

• Elegant and friendly user interfaces
• Modern architecture, integrations, and enterprise grade software
• Software built using API architecture enables a ‘solution ecosystem’ not silos
• Real time data enables timely decision making and control
• Coupled with modern architecture enables automation of decision making and control
• IoT solutions are easy to deploy and scale, delivering flexibility for the future
• Autonomous access control removes unnecessary friction and inefficiencies
• Simple, transparent pricing without ongoing hidden costs

The benefits for enterprise and government customers investing in solutions which embrace these principles is that they can dramatically improve user experience, operational efficiency and control. This manifests in a compelling return on investment (ROI).

The product development and support teams at Torus have designed and built Torus Software and Cabinets based upon the principles embodied in each of these points. Their purpose is to deliver our customers their objectives which are well summarised by Lee below. Moreover the Torus product and support teams work hard every day to continually evolve and improve the software in order for our customers to have a continually evolving solution – without any additional costs. Only a modern, cloud native solution can empower enterprise and government customers this way.

Why Some Brands Are Winning in 2025?

The market is frustrated, has resources, and are grouping.

Just flat out, they’ve had enough. There’s growing frustration with the lack of meaningful innovation, outdated user interfaces reminiscent of the 1980s, unfulfilled promises of future improvements, poor value proposition relative to cost, and lack of support for open source and perceived defense of business.

What’s new is interesting. The frustrated and vocal group has a ton of resources. They don’t have to eat it anymore.

Also, other areas of the industry are evolving, giving them opportunities they did not have just a few years ago, and they are doing something about it. Two examples of the evolving market that are giving them comfort in leaning more toward the new are:

• More solutions adopt hardware that feels like a standard and turns them into a commodity. It feels like they don’t care much about some of the parts they used to care about and are saying, “Give me the one that just works and supports what I want.”
• Since APIs have opened up to support software solutions like tenant engagement applications (for example, Sharry), identity platforms (for example, RightCrowd), or mobile wallets (for example, Apple or Google Wallet), more software solutions can act as modern access control systems or be a middleware (example SwiftConnect) to bridge into other systems that gives the look and feel of a more modern access control solution.

Modern architecture, integrations, and things that sound like enterprise software (or at least the promise of it)

The enterprise technology landscape has reached an inflection point where the promise of modern architecture has become more compelling than the comfort of legacy systems. I am hearing it over and over again.

Companies are no longer asking whether to modernize but rather how quickly they can transition to systems that embody the principles of contemporary enterprise software design. There seems to be a sea shift from waiting to doing.

These modern solutions of choice distinguish themselves through cloud-native architecture that treats “distributed computing, elasticity, and resilience” (words often used in my discussions) as foundational design principles rather than afterthoughts or add-ons. Unlike legacy systems retrofitted for the cloud, these platforms are conceived with “microservices architecture, containerization, and orchestration” (again, often words used) at their core. This translates into tangible business benefits: “automatic scaling during peak loads, geographic distribution without performance degradation, and the ability to update individual components without system-wide downtime.” Some of them quoted and reported “40-60% reductions in infrastructure costs” when migrating from monolithic legacy systems to cloud-native architectures (I didn’t check receipts, but I will take their word for it), primarily due to optimized resource utilization and elimination of over-provisioning safety margins that characterize traditional deployments.

Give me the API. Give me the freedom.

They want systems that operate in an ecosystem, not a silo, which is why the API-first design philosophy has become almost a default must-have. This approach ensures that every system component is designed with integration as a primary consideration. Companies can rapidly connect disparate systems, create custom workflows, and respond to changing business requirements without extensive custom development, just like they can do reports. The practical impact is clear: where legacy system integrations often require months of professional services and custom coding, modern API-first platforms enable business users to create sophisticated integrations through visual interfaces. This democratization of integration capabilities represents an enormous shift in how companies approach business process automation and digital transformation. This is the Utility+ that I talk about often.

Data to feed

The shift toward real-time event streaming capabilities reflects a fundamental change in business expectations around “data freshness” (I liked this description) and system responsiveness. This functionality also speaks to the IT shift. Modern platforms leverage “event-driven architecture to process” and respond to business events as they occur, rather than relying on “batch processing cycles” that characterize legacy systems. This architectural approach enables use cases previously impossible or expensive: real-time event detection, instantaneous updates across multiple channels, and dynamic adjustments based on the current situation. One person stated that organizations implementing “event-streaming architectures” typically see dramatic improvements in customer experience and operational efficiency.

IoT, but for what it does not for the sake of saying IOT

The promise of IoT seems to be upon us – particularly through protocols like MQTT, positioning modern platforms for the next wave of digital transformation. When most people explained how they saw systems function, I’d usually follow up with “Oh, like IoT” and get a smile and a “Yes, exactly.” While full IoT implementation may still be aspirational for many organizations, and I am not sure we are even close to full-throat, the architectural foundation for handling millions of lightweight device connections and processing sensor data streams provides future-proofing that legacy systems cannot match. There is also a vibe around wanting “consumer-like functionality.” This capability becomes increasingly valuable as organizations recognize that IoT integration will eventually become a competitive necessity rather than a nice-to-have feature. Modern platforms that support MQTT and other IoT protocols today will be ready to scale these capabilities tomorrow. At a minimum, we should give the trust and comfort that the going forward will continue in this manner.

Trust me, it’s just different.

And this trust and comfort is no joke either. Companies mentioned that they are selecting systems based on current capabilities and the promise of what these architectures enable. This “promise” reflects a strategic understanding that today’s technology decisions will impact organizations for years. And don’t confuse this promise as a “roadmap” promise. This “the architecture decisions made” makes the promise real. Regardless of their current functionality, legacy systems carry technical debt that constrains future possibilities, and they are done waiting. Even when not fully built, modern architectures provide a foundation for innovation and adaptation that becomes increasingly valuable in rapidly changing business environments. Trust and comfort are forward-looking.

Autonomous access control

There is a shift and desire from human-dependent systems in favor of autonomous platforms (there is that word again – platforms). This shift represents more than a technology upgrade—it’s a complete reimagining of how security operations function in the modern enterprise. Traditional access control systems operate on a simple premise: a human in every loop – configure, maintain, detect, alert, and rely on human intervention. This approach creates operational overload, critical vulnerabilities through delayed response times, inconsistent human judgment, and the inability to process complex data patterns at scale. The desire for modern autonomous access control systems is seen to eliminate these gaps by creating self-managing ecosystems that configure, anticipate, prevent, and respond to threats without human bottlenecks.

There has to be a belief that the current system has the opportunity to support autonomy in the future. The goal is not to eliminate humans (but they also seem open to reducing the number of humans needed to operate a system) but to elevate them from mundane routines to strategic planning and complex systems. The companies see that those who embrace this transformation now will establish significant competitive advantages in operational efficiency, risk management, and regulatory compliance – and they don’t want their system to be the reason they can’t do this. They know that those who delay will find themselves increasingly vulnerable to sophisticated threats that outpace human response capabilities. The evolution from legacy to autonomous access control and broader security represents a fundamental shift from reactive protection to proactive risk management—a transformation they cannot postpone.

I’ll put it like this: Legacy access control systems create operational friction and security gaps that modern businesses cannot afford anymore. Manual processes slow response times, increase human error rates and require significant staffing resources. Many of these companies are automating everything and carving off our industry as a special unicorn that can not be touched is no longer being allowed. Legacy access control systems typically operate in silos, unable to share intelligence or coordinate responses without major forklifts.

Business models too

It was mentioned a couple of times that companies also differentiate themselves through their business approach, which includes simplified pricing models that avoid nickel-and-diming customers, comprehensive professional services and implementation support, vertical-specific solutions that address unique market needs, and a strong focus on customer success and support. I found this heartening as I hoped it was beyond technical and product, and it proved true. Every person had a story of how the rep, the pricing, or the service impacted their decision-making. I recognize that this is true even on the legacy side of the industry, but it was different as it was related to the overall shift to being more software-like.

And you know, this one made me smile: A story.

Beyond technology and business models, the winning companies mentioned have compelling storytelling. They share several characteristics: a clear vision and commitment to advancing the industry, R&D, innovation, authentic brand narratives that connect experience with future potential, and a focus on solving customer problems rather than chasing buzzwords. Decision-makers want to believe in the complete picture and understand a clear story (and none of it seems to revolve around technical specifications). My analogy is that we have shifted from the wood behind the arrow, only mattering to the arrows, too.

Looking ahead

It is clear to me that the feeling I was having was real. Yes, I know the access control industry is at a pivotal moment. And yes, while there’s value in supporting existing installations, the real opportunity lies in embracing modern approaches that address current and future needs because that is where the customer is heading. But that feeling of something being different? Yeah, that’s real, too.

It is clear that success requires more than technical capability—it demands a comprehensive understanding of customer needs, a commitment to innovation, and the ability to execute a modern security vision with a good story—and a customer with an ear open enough to hear it and then to believe it.

Are there examples where all of this above is not true? Yes, of course. But that does not mean that what I explained above does not exist. Why? Because these are real stories and real examples of really large end users not just telling me but doing it.

Thank you to those who took the time to talk to me about this. What an awesome time to be in our industry.