Part 1 of CoreWillSoft’s 2025–2030 Executive Agenda: Transforming Security Solution Providers for the Next Decade
As the physical security market enters a new digital era, security solution providers and manufacturers face a familiar question: how to stay relevant in the fast-changing IT environments of their customers. Digital transformation, regulatory shifts, and new customer expectations have reshaped what it means to be “secure.” What was once a hardware-driven business now revolves around software, data, and identity.
This article is the first in a six-part series exploring the transformation topics that will shape the next decade for physical security providers. Each part focuses on a practical challenge that manufacturers and integrators must solve to remain competitive. This first topic addresses the foundation for all others: open, identity-centric security platforms.
From device-centric to identity-centric thinking
Traditional access control systems were designed around hardware management: doors, readers, and controllers. Within these systems, two distinct user groups typically exist:
- System users or administrators — operators who log in, monitor events, and configure devices – actual software users as HR, Security Managers and Operators, Facility Managers, IT personnel.
- Cardholders or carriers — employees or visitors who simply use a credential (card, mobile, or biometric) to access physical spaces. They rarely interact with the software directly.
This model worked when access control existed in isolation. Today, however, customers expect their access control systems to integrate into broader enterprise identity ecosystems spanning HR, IT, and business systems. A single employee identity must now connect seamlessly to both digital and physical resources.
Modern enterprises use federated identity systems such as Azure Entra ID, Okta, and SAP Identity Management, and expect every connected platform to:
- Support single sign-on and multifactor authentication.
- Enable automated provisioning and deactivation of users and credentials.
- Provide centralized auditing and policy enforcement.
In short, identity has become the new control plane for access. Platforms that remain device-centric will increasingly struggle to align with enterprise IT environments.
Lessons from the field
Let us look at real-world examples that highlight the challenges and lessons from poor identity management. These case studies show how system design and integration gaps impact efficiency and security.
Story 1: When cardholder synchronization fails
An established security manufacturer (name withheld due to NDA) once delivered a large-scale PACS system for a multinational retailer that required automatic cardholder synchronization with the customer’s Active Directory.
The available API allowed this only through middleware, that we developed on a manufacturer request. It initially worked well, until real-world conditions revealed cracks.
As employees changed departments, their access rights and personal data needed to update automatically. However, because there was no strong identity binding between the physical access profile and the digital directory identity, the system created duplicates instead of updates. The issue multiplied across dozens of sites.
When the project expanded internationally, the challenge grew. The retailer had multiple Active Directory instances, each managed locally. The middleware had to serve as a multi-instance translation bridge, mapping attributes and credentials between inconsistent directory schemas. Over time, maintenance became very resource intensive, and each new region introduced more complexity.
Finally, when the PACS software was upgraded, API changes broke compatibility, requiring rework of every interface. Overall, achieving stable and scalable identity mapping required considerable effort and collaboration with end customers over a two-year period. However, this process has proven highly beneficial for the customer, enabling them to reallocate several full-time resources previously dedicated to maintaining data consistency. This experience highlighted several key lessons:
- Without clear API contracts and a unified identity model, integration quickly becomes brittle.
- Middleware can extend functionality but cannot fully replace a properly designed identity layer within the core platform.
- Governance and role management must be structured from the start to avoid inconsistencies and operational gaps.
Story 2: Redefining single sigh-on
In another project, the manufacturer (name withheld due to NDA) had customers operating in critical infrastructure environments that required Single Sign-On to enable authentication federation across their regional facilities.
The existing PACS supported LDAP authentication, marketed as SSO, but only within a single domain. It did not support multi-domain environments or multifactor authentication integration, both of which were mandatory for the client, as we figured out during the project implementation.
The customer’s IT department rejected the system, citing security and compliance limitations. To recover the project, the manufacturer collaborated with us to design a dedicated authentication front-end that federated identities using SAML/OIDC. This front-end handled login, MFA, and user provisioning, while the PACS retained its core logic unchanged.
The outcome: the customer met its IT security standards without replacing its access control infrastructure. It also gained flexibility to integrate with multiple identity providers over time.
Practical steps for manufacturers and solution providers
Addressing identity challenges requires structured analysis and continuous improvement. The following approach combines architectural fundamentals with practical steps observed in the field.
Step 1: Map identity flows and analyze functionality gaps
Begin by conducting a thorough analysis of how identities are managed and transferred across different systems, starting from HR through IT systems and extending to physical access control. This foundational step ensures a clear understanding of the entire identity lifecycle within the organization.
Key considerations
- Separation of identity, credential, and device logic from each other. It is essential to manage individuals and their access policies independently of their credentials and hardware configurations. This approach prevents device-centric limitations and allows for greater scalability and flexibility in access management.
- Strong identity binding. There must be a secure and auditable link between digital and physical identities. Consider whether it is necessary to distinguish between system users and cardholders, or whether they are the same individuals with additional privileges that enable them to access the PACS software.
- Governance and role management. The system design must include clearly defined access rules, role hierarchies, and approval workflows. Embedding these elements from the outset reduces inconsistencies and operational risks down the line.
Once the mapping is complete, identify which system components already support these principles and which must be updated or replaced.
Step 2: Choose a modernization strategy
| Stage | Extend and Retrofit | Redesign and Migrate |
| Implementation | Enhance APIs to support identity synchronization and federated authentication. Integrate middleware to connect legacy systems with modern identity frameworks (SAML/OIDC). | Revise core data models and access logic to prioritize identity-first principles. Outline migration strategies that safeguard customer data and ensure minimal downtime. |
| Validation | Test and validate through pilot rollouts with actual customers. | Gradually pilot new modules to confirm architectural stability. |
Remember! Extend & Retrofit way is a mid-term strategy and you have to start working on System Redesign in parallel, as this is the only sustainable long-term way.
Step 3: Implement and iterate
Roll out changes in stages, monitoring performance and gathering customer feedback. Treat identity integration as an evolving process, not a one-time project. Continuous refinement ensures better interoperability and alignment with IT standards.
Turning strategy into action
Transitioning to an identity-centric model is a multi-phase process. The most successful manufacturers start small: mapping identity flows, adding federated authentication, and progressively decoupling identity from device management.
Successfully making this transition requires teamwork from product, research and development, sales, and marketing departments, all backed by guidance and support from company leadership. Identity integration is no longer an optional feature, it’s the foundation of a modern security platform.
How CoreWillSoft can help
At CoreWillSoft GmbH, we help manufacturers and solution providers plan, design, and implement identity-first architectures. Our experience shows that disciplined methodology, not project-specific shortcuts and scripting, drives sustainable modernization.
We support partners in:
- Designing identity-centric blueprints and governance models.
- Building federation-ready authentication layers.
- Building open, identity-centric PACS modules and whole systems.
- Advising on role management and data ownership structures and developing them in existing systems.
If you recognize the need for identity-centric modernization or want guidance on your security platform journey, please contact us. Our team is ready to help you take the next step with confidence.
What’s next
This article is part one of CoreWillSoft’s 2025–2030 Executive Agenda, helping manufacturers adapt to the next decade of security technology.
Upcoming topics include:
- Building secure device-management platforms for global fleets.
- Designing hybrid and cloud-ready architectures for next-generation systems.
- Embedding AI capabilities responsibly within security software.
- Achieving true interoperability and open ecosystems.
- Delivering modern mobile access experiences.
The physical security industry is evolving from systems that control buildings to platforms that manage identities. CoreWillSoft GmbH helps manufacturers navigate that evolution: practically, securely, and sustainably.
