The cash register, one of the world's first self-auditing devices. The principle is simple, trust, but verify. You have your entire store being run by a clerk that you trust but you want to make sure that the cash in the drawer matches the actual sales. So every transaction then is recorded and tabulated, so at the end of the day, you know exactly what should be there. Being able to audit transactions in IT is a critical element in most compliant structures, but in a physical data center, there are so many places where a human can, even by accident, make changes without any record of that change getting recorded. At AWS, that problem goes away because everything is programmatic. Introducing AWS cloud trail, the comprehensive API auditing tool. The engine is simple, every request made to AWS, doesn't matter if it's to launch it easy to instance or add a row to Dynamo DB table or change a user's permissions, every request gets logged in the CloudTrail engine. The engine records exactly who made the request. Which operator? When did they send API call? Where were they, what was their IP address? What was the response? Did something change and what is the new state? Was the request denied? From an auditing perspective, well, this is fabulous. Imagine that you're dealing with an auditor who was checking to make sure that nobody from the outside can access your database. That's a good thing. You built a security group that locks out external traffic, but remember that a root level administrator still has permissions to change those settings, right? Well, so how do you prove to the auditor that the security group settings never changed? The answer is CloudTrail, and then CloudTrail can save those logs indefinitely in secure S3 buckets. In addition, with tamper proof methods like VaultLOCKS, you then can show absolute provenance of all of these critical security audit logs.