Gaining organizational effectiveness

The four key organizational governance steps to maximizing the value that is delivered by Asset are as follows:

Develop a dedicated change management process. See Change management.
Define distinct roles and responsibilities. See RACI chart.
Track operational maturity. See Operational metrics.
Validate cross-functional alignment. See Organizational alignment.

Change management

Develop a tailored, dedicated change management process for asset management, taking into account the new capabilities provided by Tanium.

Update SLAs and align activities to key resources for Tanium Asset activities across IT Security, IT Operations, and IT Risk / Compliance.
Designate change or maintenance windows for various asset discovery scenarios (example: setting up Active Directory Query and external data sources, integration with CMDBs such as ServiceNow or Flexera).
Identify internal and external dependencies to your asset discovery process (example: to achieve effective integrations with the CMDB or Active Directory Query).
Create a Tanium Steering Group (TSG) for asset management activities to expedite reviews and approvals of processes that align with SLAs.
Determine frequency of reviews for changes and new information.
Consider conducting at least a quarterly review of change management process.

RACI chart

A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources against asset management. Use the following table as a baseline example.

Task	IT Operations	Asset manager	Asset user	Rationale
Identify Asset scope	R	C	C	The Tanium platform owner must identify computers that are in scope for Asset. This scope is likely all computers, but a conversation should occur between the CMDB owners and the Tanium platform owners to fully understand scope across both tool sets.
Configure supporting tools	R	-	-	The Tanium platform owner rolls out the required Asset Tools (including Indexing capability) to the determined set of computers. The Tanium platform owner also must continually monitor tool deployment and upgrades.
Create Asset reports	R	R / C	R / C	The Tanium platform owner and business process owner end user must define the report requirements, then build those reports in Asset for viewing by business owners. The platform owner can configure role-based access control (RBAC) to allow users to view reports, or allow business owners to build read-only reports.
Asset RBAC management	R	C	I	The Tanium platform owner must plan and implement appropriate Role Based Access Controls to allow other business units to access and create reports and views.
Enable tracking of products	C	R	C	If Software Inventory & Usage is configured, the platform owner can enable the business owners to align to the identified vendors and products in Asset or the CMDB.
Collect defined data	I	I	I	Tanium Asset collects asset data based on defined requirements and configurations.

Software inventory and usage workflow (click image to enlarge)

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk/compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions to manage software and hardware assets.

Operational metrics

Asset maturity

Managing an asset management program successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The key processes to measure and guide operational maturity of your Tanium Asset program are as follows:

Process	Description
Usage	How and when Tanium Asset is used in your organization
Automation	How automated Tanium Asset is, across endpoints
Reporting	How data from Asset is consumed by people and systems within the organization

Benchmark metrics

In addition to the key asset processes, the key benchmark metrics that align to the operational maturity of the Tanium Asset program to achieve maximum value and success are as follows:

Executive Metrics	Key Vendors with Tracked Products	Unused Tracked Products
Description	The key vendors with tracked products	The tracked products that are not being used
Instrumentation	Software Inventory & Usage > All Vendors	Software Inventory & Usage > All Products
Why this metric matters	Key vendors with a cost associated with them that do not have any tracked products are a detriment to the value provided by Asset, especially when it comes to software utilization. Cost-significant products should be tracked.	The metric demonstrates the usage and effectiveness of software the company has determined is worth tracking on a per user level. Unused software licenses can be reclaimed.

Use the following table to determine the maturity level for Tanium Asset in your organization.

		Level 1 (Needs improvement)	Level 2 (Below average)	Level 3 (Average)	Level 4 (Above average)	Level 5 (Optimized)
Process	Usage	Asset installed Data retention policies and access established	Primary user(s) identified on endpoints Endpoint use case gap analysis complete	Custom sensors created for use, and new attributes added from custom sensors	Destinations (ServiceNow or Flexera) and external sources are configured, providing enrichment and context to Asset endpoint data	Destinations (ServiceNow or Flexera) and external sources are configured, providing enrichment and context to Asset endpoint data All endpoint data flows through Asset, either through imports or exports
	Automation	Import schedule configured, assets are visible	Integration with Active Directory. Active Directory Query content imported Data retention rules enabled and aligned with IT policies	Asset views created to export data User group permission enabled and aligned with IT policies	Sending additional attributes to CMDB (ServiceNow or Flexera) Sending hardware, application, and primary user details to Splunk / SQL Server or Elastic	Sending additional attributes to CMDB (ServiceNow or Flexera) Sending hardware, application, and primary user details to Splunk / SQL Server or Elastic
	Functional Integration	N/A	Integration with Active Directory Query Exporting data from report grid view	Evaluation of ServiceNow or Flexera CMDB for enrichment using Tanium Asset	CMDB enrichment value achieved	Achieve custom Asset integration with third-party REST endpoint with Tanium Connect Integration with Tanium Deploy to reclaim unused or underutilized licenses
	Reporting	Manual; Asset workbench and dashboard for Operators only	Manual; Asset reports using integration details	Automated; exporting scheduled reports to file / email / SQL; tracking top ten packaged or paid-for software products	Automated; CMDBs receiving data from Tanium Asset for reporting, including software usage	Automated; CMDBs receiving data from Tanium Asset for reporting, including any third-party products with the Tanium Asset API
Metrics	Key Vendors with Tracked Products	70%	80%	90%	95%	98%
Metrics	Unused Tracked Products	50%	40%	30%	20%	5%