Unvalidated Ideas #013
Here's a fresh idea you can take out there and validate. If you want to see more, subscribe to the uncut edition -- more ideas, previous uncut editions, access to research for each idea, and more.
140280 characters more your style? 🐦 Get this newsletter tweet-by-tweet
Audit Logging as a Service
Audit logging is a premium/enterprise feature for many products, similar to Single Sign On (SSO) (some believe SSO shouldn't be premium -- there's a wall of shame!).
There's no telling how many software teams out there have "build audit logging" on their roadmaps for this quarter, year, or next year.
Conceptually, audit logging is simple -- save a record every time someone takes actions you care about. There's more to it of course, but that's the 80/20.
The best thing about audit logs is that they're not supposed to change. Most audit log features are essentially writing lines of JSON to Object storage (ex. AWS S3) or some other hyper-scale database like BigTable.
Save companies time and money by providing audit logs as a service. Why should companies spend development time and energy building the 5639th system that writes to S3/BigTable when you can offer isolation and more features?
If it's still not clicking, here's another scenario -- what happens if Company A gets hacked? Their home grown auditing solution is normally awesome, but is now actually a huge risk -- was database access itself being audited? Machine access?
None of that is a problem if Company A is using your external auditing service in the first place. In addition, your service is actually of use to forensic teams as a data source to cross reference.
This service is easy to build and has probably the easiest integration imaginable for developers -- all developers have to do is send you some JSON with one or more indexing keys (ex.,
userId), and you send it back when they ask for it.
This service is so simple most developers could build it in a couple hours! But not building it yourself is the point -- it's an external audit log you don't have to maintain and can't compromise, as a service.
Read my raw notes >
NOTE There are lot value you can add:
- Simple watching & notification for a given event
- Embedding (i.e., via an
<iframe>) a section of an audit log
- Transform and Translate log messages of a given format to human language
But it's probably better to start with simply storing JSON and simply sending it back, as an MVP.
Liked this idea?
Thanks for reading -- if you liked this newsletter, forward it to your friend(s) who can't help but spend their time on HackerNews,ProductHunt, and IndieHackers.
You can find prior free editions at the archive.