Join
1
0 Comments

Would you pay for: Audit Logging as a Service?

by Victor

The newest edition of Unvalidated Ideas is out -- here's an idea all you ๐Ÿ‘จ๐Ÿพโ€๐Ÿ’ป๐Ÿ‘ฉ๐Ÿพโ€๐Ÿ’ปs out there might be into:

Figured I might as well ask some real devs!

Audit Logging as a Service

Audit logging is a premium/enterprise feature for many products, similar to Single Sign On (SSO) (some believe SSO shouldn't be premium -- there's a wall of shame!).

There's no telling how many software teams out there have "build audit logging" on their roadmaps for this quarter, year, or next year.

Conceptually, audit logging is simple -- save a record every time someone takes actions you care about. There's more to it of course, but that's the 80/20.

The best thing about audit logs is that they're not supposed to change. Most audit log features are essentially writing lines of JSON to Object storage (ex. AWS S3) or some other hyper-scale database like BigTable.

Save companies time and money by providing audit logs as a service. Why should companies spend development time and energy building the 5639th system that writes to S3/BigTable when you can offer isolation and more features?

If it's still not clicking, here's another scenario -- what happens if Company A gets hacked? Their home grown auditing solution is normally awesome, but is now actually a huge risk -- was database access itself being audited? Machine access?

None of that is a problem if Company A is using your external auditing service in the first place. In addition, your service is actually of use to forensic teams as a data source to cross reference.

This service is easy to build and has probably the easiest integration imaginable for developers -- all developers have to do is send you some JSON with one or more indexing keys (ex., accountId, userId), and you send it back when they ask for it.

This service is so simple most developers could build it in a couple hours! But not building it yourself is the point -- it's an external audit log you don't have to maintain and can't compromise, as a service.

Read my raw notes >

NOTE There are lot value you can add:

  • Simple watching & notification for a given event
  • Embedding (i.e., via an <iframe>) a section of an audit log
  • Transform and Translate log messages of a given format to human language

But it's probably better to start with simply storing JSON and simply sending it back, as an MVP.

About to burn a day or weekend building this?

Subscribe to the newsletter for more distractions from your $DAYJOB.

You'll make $1MM in revenue on the first idea you implement, or the newsletter is free.

Would you pay for this Service?
  1. Hell yeah
  2. Hell nah
Vote
Avatar for Victor Victor
posted to Icon for group Developers
Developers
 on July 25, 2022
Say something nice to vadosโ€ฆ
Post Comment
Trending on Indie Hackers
I'm a lawyer who launched an AI contract tool on Product Hunt today โ€” here's what building it as a non-technical founder actually felt like User Avatar 151 comments Never hire an SEO Agency for your Saas Startup User Avatar 83 comments A simple way to keep AI automations from making bad decisions User Avatar 65 comments โ€œThis contract looked normal - but could cost millionsโ€ User Avatar 54 comments ๐Ÿ‘‰ The most expensive contract mistakes donโ€™t feel risky User Avatar 41 comments We automated our business vetting with OpenClaw User Avatar 34 comments