As global security threats evolve, so must the approach to access control. According to the 2025 Trends in Access Controllers Report conducted by Mercury Security, a subsidiary of HID, three transformational currents emerged: edge intelligence and embedded applications; rigorous cybersecurity hardening; and an expanding ecosystem that values openness, resilience and scalability.

Edge intelligence: From ‘dumb’ controllers to smart gateways

The report highlights a growing shift: access controllers are no longer mere conduits, but intelligent nodes. Traditional models—where controllers feed scant data to central servers for processing—are giving way to edge-based architectures.

Modern controllers can now host embedded applications directly on the hardware, enabling local access decisions, analytics, and automation without depending on cloud or network availability.

This transition brings several advantages. Organisations reduce latency in mission-critical tasks like door unlocking and alarm handling. They gain system resilience—critical in ransomware scenarios or during network outages. And integration becomes more seamless, with controllers acting as hubs for IoT devices, video analytics, and elevator control.

The surge towards multipurpose intelligence at the edge mirrors a broader industry trend of decentralisation and redundancy.

Cybersecurity: A foundation, not an add-on

As security systems become more intelligent, they also become more exposed. The report flags cybersecurity as the second major trend, citing a heightened operational risk and a fiercely alert IT community. Unpatched vulnerabilities can expose entire facilities; legacy encryption or open communication channels are no longer acceptable.

To counter this, controllers must meet the most demanding security standards. A recurring example from the report is the adoption of FIPS 140‑3 encryption and TLS 1.3. These protocols protect communication in transit and data at rest, ensuring even if attacker access is gained at the network layer, the data remains inaccessible.

Controllers must also support certificate-based authentication, mutual TLS, and 802.1X network authentication. This hardening addresses the increased scrutiny from end users, especially in verticals like government, healthcare and critical infrastructure.

Openness, interoperability, and a growing ecosystem

The report’s other major theme is the value of open ecosystems. Whereas proprietary ecosystems can yield vendor lock-in, closed integrations or forced upgrades, today’s market demands flexibility.

Open architectures let end users mix and match best-of-breed components—readers, sensors, cameras, mobile credentials—without being forced into monolithic systems. Moreover, open architectures foster innovation.

From an integrator’s standpoint, the result is increased project scope, higher ROI, and lower long‑term costs—while end users enjoy future‑proof, agile systems.

Implications for APAC organisations based on report findings

The trends identified in the report have significant implications for organisations across the APAC region, where a dynamic blend of digital transformation, regulatory momentum and evolving threat landscapes are shaping how enterprises secure their facilities.

APAC is one of the fastest-growing markets for smart infrastructure—encompassing everything from smart cities and high-tech manufacturing to digital banking and government e-services. With this growth comes the need for resilient, low-latency security systems. Edge intelligence becomes crucial in environments where cloud connectivity may be intermittent, such as remote industrial zones, distributed campuses, or transport hubs.

By enabling access control decisions to be made locally at the edge, organisations reduce their reliance on centralised systems. This supports operational continuity even during network disruptions.

In addition, as more APAC nations implement national cybersecurity strategies, enterprises are being compelled to align their operational technology (OT) with IT-grade security requirements.

This convergence means physical security systems like access controllers are no longer isolated from scrutiny. Cyber-hardened controllers are becoming essential for compliance and risk reduction, especially in sectors such as finance, government, healthcare and critical infrastructure.

By aligning access control strategies with these principles, APAC organisations can build security systems that are agile enough for today’s needs and robust enough for tomorrow’s challenges.