Skip to main content
← Research Journal
Research Journal · Week 01

HR knows you're off. Your badge, laptop, and VPN don't.

Identity & AccessDisconnected DataResearch Log

When an employee is on vacation, his access to company assets needs to be temporarily blocked — including laptops, building access, and remote access. But that almost never happens. HR records the vacation. The badge reader, the laptop, the VPN, and the SIEM each carry on as if nothing changed.

The Question I am Exploring

If an employee is on approved leave, should other systems be notified — especially physical and digital access systems?

The Framework

A simple framework I am testing (first pass).

Step 01

Data is Created

Should Happen

HR system creates a vacation event.

Actually Happens

It does. But no downstream system subscribes.

Disconnected
Step 02

Data is Moved

Should Happen

Vacation dates are sent to PACS, IAM, VPN.

Actually Happens

HR → IAM exists sometimes. HR → PACS almost never.

Disconnected
Step 03

Data is Correlated

Should Happen

An analyst sees "vacation + badge swipe at 2am" as one event.

Actually Happens

Physical logs never reach the SIEM.

Missed
Step 04

Data is Governed

Should Happen

Policy says access is removed within one hour.

Actually Happens

Audit finds a 40% failure rate.

Untrusted
Root Cause

The gap between rows.

The root cause is not a single failure. It is the gaps between rows — especially between Create, Move, and Correlate. The systems are working as designed. The design just never assumed they would need to talk to each other.

Research Context

I am spending 90 days mapping exactly these gaps across physical and cyber security data. This is Week 1.

Your Turn

What other disconnected data do you see in your workplace?

Add your observation. We are mapping all of these into the converged-data framework.

Send a Field Observation