[Avg. reading time: 3 minutes]
Auditing in IoT
Auditing means tracking who accessed what data, when, and how.
What to Audit
- Device activity logs (e.g., sensor status, config changes)
- Data access logs (who/what accessed sensitive data)
- APIs usage (especially those that write or extract data)
- Firmware updates and remote commands
Best Practices
- Immutable logs (store in write-once S3 buckets or blockchain-based logs)
- Time-synced entries (use NTP to standardize timestamps)
- Correlation IDs to track actions across services
Tools
- ELK stack (Elastic, Logstash, Kibana)
- Loki + Grafana for lightweight logging
Retention Policies
- Avoids data hoarding → reduces liability
- Required by laws (e.g., GDPR’s “right to be forgotten”)
Suggested timelines (depends on business)
| Data Type | Retention Period |
|---|---|
| Raw sensor data | 7–30 days |
| Aggregated metrics | 6–12 months |
| User consent logs | 5–7 years (compliance) |
| Health data (HIPAA) | 6+ years |
- Tiered storage (hot → warm → cold → delete)
- Lifecycle rules (e.g., in S3, Azure Blob)
- Automatic expiry using TTL in InfluxDB, etc.