Of course. If you work in a SCIF, you're going to have a very different set of rules and experiences than if you work at LiftMaster, if you know what I mean.

> I use a few different RMM solutions that could almost certainly handle the log collection, analysis, and real-time monitoring with alerts and I don’t think it’d take much time/effort to set up.

Right! But someone's gotta watch it. All day, and all the time. If it's sending alerts, who is it sending them to? The same security guard can't be responsible for both watching security monitors and watching or responding to access log issues.

The expense is in the people and maintenance, not in the initial buildout, as is true for many large enterprise initiatives.

My greatest realpolitik lesson at uni was being assigned parking in an "odd" building's gated parking lot. It was close to my dorm, but required carrying your permit to them, so they could enter you into their system for access.

Cue realization they weren't connected to the main university parking registry.

Cue my not buying a parking pass (a substantial cost, as this was an urban campus) for the next few semesters... as my prior auth continued to work on the gate.

And why would parking police think to check for unregistered parkers in a gated lot?

(As far as I can remember, I still had access ~2 years after graduation, then they finally cleaned up their DB)