This is starting to sound more fiddly than is reasonable for inside security on a corporate office. The real failure here is just that someone left the door propped open. That's easily addressable, and as it turned out, they caught the attacker anyway.