powered by Waaard For Login
View the Archives

Unvalidated Ideas #013

Here's a fresh idea you can take out there and validate. If you want to see more, subscribe to the uncut edition -- more ideas, previous uncut editions, access to research for each idea, and more.

If you like Unvalidated Ideas, you'll probably love the Business Brainstorms newsletter.

Become a better entrepreneur by discovering paint points, trends, and frameworks specifically for founders trying to find better business ideas (that's you!).

Seriously, check it out -- I'm a happy subscriber.


140280 characters more your style? 🐦 Get this newsletter tweet-by-tweet

Audit Logging as a Service

Audit logging is a premium/enterprise feature for many products, similar to Single Sign On (SSO) (some believe SSO shouldn't be premium -- there's a wall of shame!).

There's no telling how many software teams out there have "build audit logging" on their roadmaps for this quarter, year, or next year.

Conceptually, audit logging is simple -- save a record every time someone takes actions you care about. There's more to it of course, but that's the 80/20.

The best thing about audit logs is that they're not supposed to change. Most audit log features are essentially writing lines of JSON to Object storage (ex. AWS S3) or some other hyper-scale database like BigTable.

Save companies time and money by providing audit logs as a service. Why should companies spend development time and energy building the 5639th system that writes to S3/BigTable when you can offer isolation and more features?

If it's still not clicking, here's another scenario -- what happens if Company A gets hacked? Their home grown auditing solution is normally awesome, but is now actually a huge risk -- was database access itself being audited? Machine access?

None of that is a problem if Company A is using your external auditing service in the first place. In addition, your service is actually of use to forensic teams as a data source to cross reference.

This service is easy to build and has probably the easiest integration imaginable for developers -- all developers have to do is send you some JSON with one or more indexing keys (ex., accountId, userId), and you send it back when they ask for it.

This service is so simple most developers could build it in a couple hours! But not building it yourself is the point -- it's an external audit log you don't have to maintain and can't compromise, as a service.

Read my raw notes >

NOTE There are lot value you can add:

But it's probably better to start with simply storing JSON and simply sending it back, as an MVP.

Liked this idea?

Thanks for reading -- if you liked this newsletter, forward it to your friend(s) who can't help but spend their time on HackerNews,ProductHunt, and IndieHackers.

You can find prior free editions at the archive.

Victor (vados@vadosware.io)