Audit Trail Anti-Patterns

While the typical user of your application probably won’t be interested in your audit trails, that doesn’t mean that you can get by without them. Whether it is due to regulatory compliance issues, security policies, or simply because you need to troubleshoot something in production, you’ll have to deal with setting up and managing application audit trails at some point. Audit trails suffer from many of the same problems that logging does; while a simple implementation can be set up easily by a junior developer, you’ll often find that these implementations do not work well over time, at scale, or for making quick diagnostic decisions under pressure in production. When you start talking to people about audit trails, you’ll also find that there are some persistent misunderstandings that are common. When we discuss audit trails, we really need to spend some time at the beginning breaking down what we are auditing, how we are auditing it, and what we are looking for (and how we expect to find it). Most of the time, when a business leader starts talking about audit trails, they have no idea about what they really want. “Audit trails” have been a corporate buzzword for years. “An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, event, or device. Audit records typically result from activities such as financial transactions, scientific research and health care data transactions, or communications by individual people, systems, accounts, or other entities.” ~ Wikipedia Basically, the idea here is to have a way of listing out the sequence of events (and other relevant information, such as who caused the event) that resulted in a system state. This information needs to be comprehensive, comprehensable, and secured in a way that prevents tampering. It’s essentially evidence and is often a critical feature of applications that touch healthcare information, online transactions, personal information, or financial data. Audit trails are also part of an organization’s security and compliance requirements. They are often required both by governmental regulation (such as HIPAA) and by industry standards (such as PCI). There are usually data retention requirements here as well. Audit trails are also useful for catching security issues, for providing evidence in courtroom proceedings involving computer systems, and can be very helpful when debugging complex and rare system issues. Audit trails help you track when things happen in a large application or system of applications. You’re able to follow the path that a user or tester took when they found the issue. The concept is not only useful for computing but can also be applied in your own life. Tracking is often the first step in making changes, for example if you want to lose weight you could start by tracking the foods you eat, when you eat them, and your mood or state when eating. That will give you a baseline to start making changes. You can apply this same concept to any area of your life where you want to make a change. Need to save up for a new car or PS5? Start tracking your finances to see where and why you are spending your money. Need to stop smoking, or chewing, start tracking when you smoke, what’s going on around the event, and what your mood is before and after. The idea is that you can apply this concept to your own life to help identify ways to make positive changes. Episode Breakdown Anti-pattern #1: Audit trails controlled at the application level by only tracking property changes. This is an antipattern because your data is likely in a database that is controlled from outside the application, or could be.