Does Your DAM Have A User and Asset Activity Audit Trail?
In our recent Digital Asset Supply Chain Webinar Series, the topic of DAM system audit trails came up a number of times. For those unaware of what I am referring to, an audit trail is a log of all the activity that takes place on a system.
To make the distinction clear, this is not a low-level technical log, but should be understandable by a human Digital Asset Manager or someone else with responsibility for administering a DAM system. For example, if a user searches for digital assets, information such as the following might be stored:
- User: john.smith@example.com
- Date/time: 11:45 am 21st November 2019
- Operation: Search
- Notes: Term = “XYZ campaign photos”
For asset-centric operations (e.g. downloading) the asset unique identifier might also be included. Further, facilities to filter by users, operations, date/time etc could be also be provided. The primary purpose of the audit trail is to forensically analyse user activity from an application perspective (i.e. what users are doing with the system rather than technical details about database queries etc). A secondary use-case is to be able to generate custom reports that the DAM may not offer built in.
I believe an audit trail is an essential component of an enterprise DAM and should ideally be included with departmental or small team DAMs also. The comparison I’ve made in the past is that the audit trail is like a black box flight recorder on an airplane. If you want to do serious in-depth analysis of user behaviour to help find out what has really been going on, an audit trail is essential.
Surprisingly, there are still quite a number of DAMs offered by vendors who aspire to servicing the enterprise market which lack this feature. My recommendation to my clients who are contemplating a new DAM is either to select a product that has one as standard, or (at the very least) get the vendor to include it as a priority item in their roadmap – preferably with a contractual commitment to a hard delivery date.
Occasionally, some SaaS/Cloud vendors will claim that they can’t offer an audit trail without exposing data from other users outside a particular client. This is usually a bogus argument and (if true) hints at more fundamental problems with data security and their ability to ring-fence one client’s data from another. There is no technical reason why audit trails cannot be provided, irrespective of the delivery platform.
For those DAM users who find their vendor really is unable or unwilling to provide a functional audit trail, there are some rudimentary alternatives. If the DAM is web-based, it is possible to use something like a web analytics tool to try and glean some data like what pages users visit. Usually vendors can be persuaded to include the snippet of code into each page to enable this (although I have encountered SaaS vendors who were not able to). Depending on the way the application has been implemented, data about asset identifiers, users etc, it might also be possible to obtain further information. Make no mistake, this method is a poor substitute for a proper audit trail, but it might be effective as an interim solution.
A counter argument offered by some vendors who lack audit trails is that they provide comprehensive and configurable reports as an alternative. My experience with many of these is while they might indeed be in-depth, there is nearly always some data that cannot be accessed or is a lot more complex to extract than it first appeared. A generic format like an audit trail is far easier to generate custom reports from and to analyse with third party tools.
On the last point, in June earlier this year, I wrote an article about analysing usage data for AI and Machine Learning purposes. It should be obvious that in order for this kind of use-case to be successful, the AI/ML needs some material to work with. As such, not only is having auditing data useful for human beings, any automated inferences/analysis will also heavily depend upon them.
As DAM-related discussion topics go, audit trails are evidently unlikely to be the most captivating. With that said, they provide core underlying information about user behaviour which can be the source of numerous insights into troubleshooting why a DAM solution may not be delivering ROI, not to mention finding some hard evidence for modifications which can optimise adoption. If your DAM doesn’t have one, I recommend make a fuss with your vendor until they implement this vitally important feature.
Share this Article:
Excellent article, Ralph! Some audit trails do not capture the users’ search terms. I think it is becoming more essential to do so, to help build taxonomy and yes, AI.
Glad you like the article, Annella. You make a good point, the amount of detail captured in audit trails (or lack thereof) is almost another topic in its own right.
Love this well written article. Another example for an audit trail that one of our clients indicated shortly after our system released audit trail capability, is that their sales staff were sharing older videos. With a trail of who shared which video assets, the video production manager was able to point out that fabulous new material was available for sharing with potential clients.
Glenn
(Product Manager for DBGallery)
Thanks for the article, Ralph! I’s something that I have been thinking about lately.
Our system does capture audit trails in a lot of detail so we can understand what search term was used to find any asset, if it has been downloaded, by who, when, and how often. I’d like to be able to aggregate this information across assets of like subjects or folders in order to understand broader use trends. I am not seeing a product like this available from my vendor, but these statistics could be the basis of powerful reports.