Seems odd. There is NO ONE that can let people in? Every building I've worked in has required badges, but there's always security inside that can check IDs and let people in. And methods of security getting in even if there's a power failure.
The local readers should have a cache of all known active badges as of their last update (whatever their cycle is). It's not supposed to require a live connection to auth people in, as far as I know.
That's not the way a security system should work, it should "fail secure" and not let anyone in that it can't verify 100%. There are lots of reasons to lock all of the doors, or even lock out a single person. And, since such systems can fail frequently, there always needs to be a backup plan in place, almost always involving humans.
If it didn't go to server for every swipe then that window of opportunity would exist. i.e. the time where server revoked the badge abd the device/cache considers it valid.
Even a few minutes could be risky with an ex-employee who knows what he is doing.
There are InfoSec reasons why some companies will revoke access as soon or even before telling an employee he is being let go and Security escort the employee off premise. While it is very poor way to handle human relations, it is sound from InfoSec perspective.
You are right, as you point out not all perimeters are same, typically more sensitive areas have lesser exceptions though a security guard will not be able to swipe/override you in to a DC as he would in normal office building.
Someone else mentioned that they had to trigger Fire Alarms to get all the engineers they needed fast enough at a DC during a down time at eBay.
The current system seems to prioritize de-activation of employee badges versus ease of use for existing employees. A local cache would need an invalidation mechanism that was networked.
