Nothing here yet.
Nothing here yet.
Mar 29 · 6 min read · The quote from Splunk came in at $96,000 per year. For audit logging. Our CTO read the email, looked at me and said "we can build this." And for once, he was right. Sort of. The Enterprise Pricing Problem If you've ever priced enterprise logging solu...
Join discussionMar 29 · 6 min read · We passed our SOC 2 Type II audit on the second attempt. The first attempt, we failed. And the things that tripped us up were not the things any blog post had warned us about. Everyone writes about "implement access controls" and "encrypt data at res...
Join discussionMar 29 · 6 min read · We were 4 months into our SOC 2 audit when the auditor asked a question that stopped us cold: "How do you prove that your audit logs haven't been modified after the fact?" We looked at each other. Our audit logs were in a PostgreSQL table. Anyone wit...
Join discussionMar 29 · 6 min read · We shipped our SaaS product with a single audit_logs table that had a tenant_id column. Seemed fine. Every query filtered by tenant_id. We had an index on it. Done. Then a customer's admin found another customer's audit events in their activity feed....
Join discussionMar 29 · 6 min read · When our auditor asked to see our audit logs, i pulled up Kibana and showed him our ELK stack. Beautiful dashboards. Millions of log entries. Full request/response logging. Structured JSON. The works. He looked at it for about 30 seconds and said, "T...
Join discussion