Auditing Your Team's Agility
The goal of the cloud is to reduce the time it takes to get an idea, bug fix or security update live.
If you’re using modern DevOps tools like Convox, many of the big time wasters are solved:
An engineer can start and change the app in seconds with
They can ship a patch to GitHub → CircleCI → Production → Slack Notification with Convox Integrations
They can scale the service with
They can apply infrastructure security updates with
convox rack update
They can debug the live app with
They can inspect the app’s private database with
A surprising new challenge appears with this level of agility: knowing who did what for collaboration, management and security purposes.
We just launched the Convox Audit Log to help.
Audit App Activity
The Audit Log shows all app activity like builds, deploys and updates to environment variables:
Visualize Your Team’s Velocity
Now your whole team can easily answer questions like “did the bugfix go out this morning?” and “did something change in production on Monday?”
Audit System Activity
The Audit Log also shows all DevOps activity like SSHing into a box, connecting to a sensitive database, or rolling out new AMIs:
Review Access to Private Resources
No More Haystacks…
On many systems, SSH and database access is hidden deep inside logs stuck on the servers. On AWS, resource access is buried deep inside the raw AWS CloudTrail events. Most teams simply ignore this information and don’t have visibility into who does what.
Looking For a Needle in a Haystack
Convox solves this by giving your team a single API to access and update resources and recording the most sensitive API calls.
The raw logs and trails are still there, you just won’t need to use them any more.
Audit All The Things…
You can read the Audit Log Docs to learn more about how it works.
Are there still things your team is doing that you wish you had more visibility into?
Have you tamed this problem in other ways?
You can also sign up for the newsletter for more announcements.