Logalytics: Intelligent Audit Log (www.logalytics.io)
The Auditors questions around compliance in the cloud were confidently addressed, but there were still blind spots. There were incidents and human errors that should have gone detected much sooner. If we couldn't prevent every possible incident, surely we could monitor, alert, and respond much faster.
Trusting The Cloud
SOX, HIPAA, COBIT, PCI, Basel II, 8th Company Law Directive... some are more prescriptive than others, but fundamentally all these compliance frameworks share the same core set of IT governance principles that are applicable to either cloud or on-premise services.
The Logalytics service continuously analyzes every Salesforce LoginHistory record and delivers suspect events directly into a Salesforce1 Visualforce activity feed:
- Concurrent Logins: Logging in from 2 separate locations within a short time period.
- Open Proxy Logins: Commonly referred to as "zombie" computers, these computers often have key logger and other viruses installed.
- Repeated Failed Login Attempts.
Using the latest features in the Winter '14 Salesforce API (v29), Admins can instantly freeze any user flagged with suspicious login activity. Tasks and Cases can be created with one click for either personal follow-up or team remediation.
Metadata changes on all standard and custom objects are also monitored and reported in the feed.
Once an alert is raised, the Salesforce Administrator or Developer is able to take action and resolve the issue. With Salesforce1, Tasks and Cases are only a swipe action away from the Logalytics feed. Some workflows can be managed end-to-end entirely from a phone.
For all the occasional incidents that may crop up, Salesforce Operations can be an extremely rewarding responsibility. Gaining deeper insights into how often users login, from where, with what apps, using which platform... these insights can now be gleaned with a quick glance at the Logalytics feed during the 150+ micro-moments per day we check our phones.
Heroku is the glue that holds the Logalytics solution together. A REST API uses web dynos to publish the activity feed and serve event details. Background workers analyze production Salesforce environments.
The analysis workers use pretty much every Salesforce API: SOAP, Metadata, Apex, and Chatter.
The user interface is written entirely in HTML5 and hosted in Salesforce1 as a Visualforce mobile web tab. JQuery Mobile was initially used early in the hackathon, but we switched to Zepto for performance reasons.
Database.com is used for subscription and mobile user management. Logalytics provides an in-memory NoSQL datastore for capturing time-series analysis and trend data.