Providing Flexible Cybersecurity Solutions For Better Access Control In Today’s Digital Landscape

Cybersecurity data breaches result in financial losses of nearly $11T annually. 

With the threat of cybercriminals rising, secure access control systems have become more crucial than ever, significantly reducing risk exposure by implementing measures that regulate entry to both physical spaces and digital resources.

California-based Mercury Security specializes in designing and manufacturing access control hardware, including intelligent controllers for physical security systems. The company was founded in 1992, when co-founders Frank Gasztonyi and Hing Hung saw an opportunity to create an open, flexible, interoperable platform in a world dominated by proprietary access control systems. Back then, most access control software manufacturers built their hardware platforms and their own controllers, and their controllers would only talk to their software, and no one else’s, Mercury Security Director Jeremy Fromm said.  

“Gasztonyi and Hung had an idea of creating a controller platform that works throughout many different access control platforms,” Fromm said. “This was revolutionary in 1992, when systems were more proprietary. This set the foundation for our open and interoperable platform that we continue to develop today.” 

Fromm emphasized that legacy operational technology, or OT systems, like access control, are behaving more like modern information technology, or IT, systems today. As OT and IT continue to converge, and as these systems become more digitally integrated, they face the same cybersecurity threats as traditional IT infrastructure. That’s why it’s critical to protect them with high cyber standards and with high levels of urgency.

In April 2025, the company launched Mercury Embedded Application Environment, inspired by the growing connectivity in the tech world. 

“With everything becoming more connected, we saw that we had to bring complex decision-making and new functionality closer to the door, instead of having that decision-making at a central server or out in the cloud,” he said. “Cybersecurity and artificial intelligence and operational data are intersecting, and through the Embedded Application Environment, we're giving the controllers the ability to host specialized apps — and that's going to help buildings and building owners adapt faster to threats.”

Mercury Security showcased its new platform at ISC West, an international trade event for physical and cybersecurity technologies. It plans for its application to be fully operational by early 2026. 

The company has already shown how the software can integrate with a number of different solutions, including Viakoo, SecuriThings, HID pivCLASS and the Assa Abloy KS210 server cabinet locks. 

“These integrations are helping to demonstrate the automation of digital certificate management and password management,” he said. “They can go and say, ‘The controller has a digital certificate, it has a life cycle — I'm going to monitor that — and if I need to change the certificates, then I have this centralized view into the entire organization's IoT infrastructure, and I can change it all from a centralized point.’ So we've really become like an IoT endpoint.” 

Fromm added that these companies are able to monitor device health, so if the controller is showing signs of any sort of instability, they will be alerted, which helps with compliance. This is key as Mercury begins to play more heavily in the IT space, he said, since IT has set requirements and policies for things like certificates and passwords. 

“Doing that on a controller-by-controller basis, with really no oversight, makes it fairly impossible to meet compliance and to perform audits,” he said. “So these solutions, Viakoo and SecuriThings, help with that.” 

Mercury has partnered with HID pivCLASS for years, with Mercury and HID each writing this specialized application for one of the controllers, and then taking that to market together. 

Now, the HID pivCLASS team writes the integration directly on the controller, and all of the access control companies that want to leverage that have a standard way of doing so — so they all get the same thing, Fromm said. 

“They know the Mercury API set already, so they know how to talk to that in common terms, and they've been doing that for years,” he said. “So this will simplify and speed up adoption. It’s normalizing and standardizing how the different hardware integrations come to market, too.” 

Now that the company’s Embedded Application Environment has advanced past those beginning stages, a client that wants to build and integrate their application on Mercury Security’s controller can do so in a secure container that doesn’t disrupt the access control systems’ or controllers’ core functionality.

Fromm said he believes that over the next five years, security systems will become more dynamic. People will become more reliant on data and AI because of the need to be faster in everything they do, including more edge intelligence, automation and collaboration with data using cloud computing. He’s enthusiastic about how the company’s Embedded Application Environment will play a bigger role in this adoption across different systems. 

“I think our Embedded Application Environment model will be a key part of this coming in fruition, as we become more proactive and cloud-ready with our features and integrations,” he said. “We want to build long-term value into the controller, so our customers aren't locked into static systems and they have a platform or an ecosystem that grows with them and the demands that they face every day.”

This article was produced in collaboration between Mercury Security and Studio B. Bisnow news staff was not involved in the production of this content.

Studio B is Bisnow’s in-house content and design studio. To learn more about how Studio B can help your team, reach out to studio@bisnow.com.