HR knows you're off. Your badge, laptop, and VPN don't.
When an employee is on vacation, his access to company assets needs to be temporarily blocked — including laptops, building access, and remote access. But that almost never happens. HR records the vacation. The badge reader, the laptop, the VPN, and the SIEM each carry on as if nothing changed.
If an employee is on approved leave, should other systems be notified — especially physical and digital access systems?
A simple framework I am testing (first pass).
Data is Created
HR system creates a vacation event.
It does. But no downstream system subscribes.
Data is Moved
Vacation dates are sent to PACS, IAM, VPN.
HR → IAM exists sometimes. HR → PACS almost never.
Data is Correlated
An analyst sees "vacation + badge swipe at 2am" as one event.
Physical logs never reach the SIEM.
Data is Governed
Policy says access is removed within one hour.
Audit finds a 40% failure rate.
The gap between rows.
The root cause is not a single failure. It is the gaps between rows — especially between Create, Move, and Correlate. The systems are working as designed. The design just never assumed they would need to talk to each other.
I am spending 90 days mapping exactly these gaps across physical and cyber security data. This is Week 1.
What other disconnected data do you see in your workplace?
Add your observation. We are mapping all of these into the converged-data framework.