Consider adding logging and monitoring capabilities for your app. A security log could include:

- Authentication and authorization events
- Service configuration changes
- Object reads and writes
- User and group permission changes
- Elevation of role to admin

Your logs should use consistent timestamping for each event and should record the users, IP addresses, or hostnames for all logged events.