Explore our platform and learn how it can help your application shine.
Learn about modern authentication techniques and best practices.
Understand multi-tenancy, a foundation of shared computing.
Learn to manage user accounts and access at scale.
Learn how to design and build successful SaaS applications.
Understand what is required to provide an enterprise-ready product.
Understand the uses and benefits of Attribute-Based Access Control.
Learn how Single Sign On (SSO) can improve security and UX.
Learn about OpenID Connect, an open authentication protocol.
Learn about SAML, a popular SSO protocol.
Learn about our history, our team, and our mission.
Companies use audit logs to trace back everything that’s going on within their organization and across the different IT products they use.
An audit log (aka “audit trail”) is defined as a security-relevant chronological record. It provides documentary evidence of the sequence of activities that have affected a specific operation, procedure, or event. The concept is simple: when a change is applied to a system that correlates with a change in the system’s behavior, that change should be documented in an audit log. They provide answers to questions regarding data, security, and system state and are therefore crucial for security and compliance — as well as for tracking systems by multiple organization stakeholders (“activity tracking”).
As a SaaS vendor, many of your prospects will require that an audit logging feature is included in your product (regulations actually require enterprise-grade companies to keep audit logs of all the platforms they use). Your clients will require abilities for audit log management and audit log review. Their main audit logs use cases will be activity tracking and compliance & security.
Management, product, IT and other company stakeholders use activity tracking internally to gain critical insights. Management can gain visibility to ensure adherence to system access procedures. Product and dev can gain knowledge of system conditions prior to the time of an error as a way to prevent future failures. Dev can get an additional layer of transparency in troubleshooting configuration changes.
Internal compliance. Activity log helps organizations meet stringent internal compliance requirements. This ensures that systems remain stable and users are held accountable for their actions, which are tracked by event logs.
External compliance. Audit logs are also necessary from an external compliance standpoint since there are many legal concerns that companies need to adhere to. Industry compliance and certification standards like SOC2 mandate audit logs that conform to strict security, availability, processing integrity, confidentiality and privacy requirements. Failing to meet compliance standards had consequences for accreditation and legal liability.
Security. Finally, audit logs also capture security-related data, and are indispensable for tracking security-related incidents even when other prevention and protection solutions are in place. Essentially, audit logs may be used to “replay” events in sequence to help understand how a damaging event has occurred. For example, an event log will reveal when a user account may have been breached, and if user account privileges were escalated to access specific files or directories with sensitive information.
Learn first hand how easy it is to get your SaaS enterprise ready.
As you consider the implementation of audit logging for your product, you need to factor in the scale, user personas, use cases, data retention, and privacy and sensitivity issues for their audit trails. Based on our accumulated experience, below is a breakdown of the audit logs considerations you need to make:
Scale basically depends on how many admin actions could be done in the specific product, so in most scenarios scale is usually not that high. Business event logging, on the other hand, that sometimes gets mixed up with system audit logs, can lead to an increase of scale. For example if you’re a cybersecurity company that does user activity scanning and you audit each activity scan, that means that you can reach a HUGE amount of logs. Usually this is not the intention of Audit Logs, but if it is for your case, the scale demand should be considered.
Administrators of the SaaS product will be the principal users and gatekeepers of the audit logs. However, once an issue occurs, CISO and CIOs might come into play to trace back what happened. Compliance managers are also stakeholders, as they’ll need to make sure that the logs meet a certain level of compliance required by their organization.
As mentioned above, use cases of audit logs run the gamut of insights that need to be produced regarding the systems’ operations, including traceability on a SaaS account, troubleshooting, and permission enforcement. Here are some common audit logs scenarios:
Retention of audit logs varies depending on your customers, and is higher for enterprises and lower for small companies. To satisfy audit and/or regulatory requirements, log data needs to be retained for a period of time. As a general rule, storage of audit logs should include 6 months of “hot” storage that allows you to actively search/report on them with your tools – although enterprises usually ask for longer retention. At the end of the hot storage period, companies usually archive logs on cheaper and less approachable storages.
Since they pertain to customer data, audit logs need to closely comply with privacy and data sensitivity standards. Here are some scenarios:
Audit logs are an essential part of your SaaS application. Just because they’re an essential part of your customers’ organizational requirements. Your ability to play with big players rides on making your product an enterprise-ready SaaS app that delivers enterprises’ strict audit logs certification and security requirements.
Developing an Audit log feature necessitates understanding the architecture of your system and its different components. Making the right considerations regarding scale, retention, use cases, etc. is critical for the success of the endeavor. The security and compliance requirements for audit logs add additional configuration and operational complexity.
In the next posts in this series we’ll delve deeper into the unique considerations of audit logs — and how to solve them.