>> @Andrew - presumably, the guards aren't notified of personnel changes, especially if this guy's working for a third-party contractor.
Bad presumption. In high-security environments, such notification is a contract term with severe penalties for noncompliance. Like losing your contract. The techs -- and their managers -- know it.
>> So there's the scenario where the guards all know this person, but don't know he was fired this morning, or that he has a bulk eraser/pipe bomb/gallon of salt water in his satchel.
The former is accomplished through database checks, with higher levels of security through verification, exactly for the reason you name. "Hi, Mr. VP? This is Andrew in Security Services . . . is Doug still on the approval list for White Two? He's still in the directory and badging database, but he seems a bit out of sorts today . . . oh, _really_ . . . shall we escort him from the premises or call the police?"
The second is a combination of strong people skills and cursory search procedures. Most people who go through security checks every day are bored with the concept. Anyone nervous rings alarm bells for us. Add a casual search where people are required to show us the bag, and it evens out.
We're not going to stop the pipe bomb.
We are going to gather enough data about the person (authorized or not) who carried it in, that they will be far too busy running from the FBI for the rest of their short, miserable lives to either enjoy their ill-gotten gains and/or the ego trip.
I fear devices that can be carried in pockets, such as Web servers built into what look like Ethernet plugs and the infamous USB keychain drive masquerading as a pen, sushi, AA battery, etc... but not much I can do about it, either.
>> I wouldn't say you should remove the human element entirely - stuff does go wrong from time to time - but the writer is correct that removing the guard from behind the palm scanner would have actually improved security in this case.
I hate palm scanners. They break a lot, can be defeated with high-tech measures ranging from shorting the DC power supply (!) through placing a cut-out photocopy of the offending hand on the sensor (!!!)
If the device breaks a lot, no one relies on it and the security measure may as well not exist.
Data centers are accessed by technical people. Relying on electronic security systems is like operating a hotel where all the customers are locksmiths . . . and this is one reason why the most secure sites rely heavily on what appears to be the good old-fashioned padlock.