cybersecurity

Audit logs – why you absolutely need them

There are many Content Management System (CMS) out there in the market. You need to choose one which has a logging feature to serve as an audit trail.

Many activities are happening at the backend of a website – you will be making changes on your website, adding new capabilities, configuring them, doing back up, etc.  Though it may not seem important when you are building your website, however, when things go wrong, you want to be able to quickly understand what you have done on your website as things do and can go wrong from time to time.

Track changes

One of the primary use of a logging feature is to track changes. An audit log is something that will result from it. With an audit log, you will have a better understanding of what is happening on your website.

An audit log can advise on changes done, and some can also highlight the criticality of the changes.

Ideally, the audit log application should be able to send off an alert on these critical issues when it detects them.

Some audit log application can also send off an email alert if there is an abnormality (i.e., file size changes)

Multiple users

As more users work on your website, the complexity increases. The need for accountability increases. With a logging feature, you now know who has access to the backend of the website and what action they have taken.

Without an audit log, you wouldn’t know who has done what. Pinning down responsibility would be difficult.

Access by an external vendor

From time to time, you may encounter issues beyond your or your team’s capabilities. You need outside help.  You need to grant access to an external third-party vendor.

When you allow that, after the work is done, you want to have a peace of mind that they do not leave any backdoor application, which they can later use to gain access to the website.

Having this assurance is essential.  Otherwise, you will have sleepless nights. You will constantly be wondering whether you have made the right move in getting a third party to help out. You will be wondering have you solve a problem but created a greater problem of vulnerability that can be exploited anytime by the vendor.

Cyber incident

Audit logs are most useful and critical if there is a cyber-incident or data breach. In certain circumstances, an investigation is required by law. Intimate details of the incident – when it happens, how it happens, what path it took, what systems were involved, etc., would be needed to understand the scope of the damage and how to prevent it from ever occurring again.

The information provided by the audit log will be handy during this moment. It will significantly facilitate and shorten the investigation. It would also reduce the number of days for hiring a cyber-forensic specialist to conduct the investigation.

Think of an audit log like an in-vehicle camera. When something happens, the camera (i.e., audit log) will provide clarity of the incident. While sometimes, it may not give the full picture, but it does narrow things down somewhat.

Backup error

Surprise, surprise, but backups do fail too.

Failures could happen anytime when there is a software conflict within the CMS. When it happens, this might cause the last backup not to restore itself properly.

Your next course of action is to determine what has happened between the last and prior backup. You might want to know who has access to the system and what steps have they taken.

If you have been actively working on the CMS, you want to know what work or actions you have undertaken during the period between the last two backups.

By taking a snapshot of the activities before doing a backup, you will gain some understanding of what you have worked on.

That will save tons of guesswork from stretching your mind trying to recall those activities.

From the above scenarios, the benefits of deploying an audit log application are overwhelming. Its use becomes more critical when the site gets larger or when there are more users in your CMS.

Spread the love

Leave a comment

Your email address will not be published. Required fields are marked *