Gaining organizational effectiveness

The four key organizational governance steps to maximizing the value that is delivered by Asset are as follows:

Change management

Develop a tailored, dedicated change management process for asset management, taking into account the new capabilities provided by Tanium.

  • Update SLAs and align activities to key resources for Tanium Asset activities across IT Security, IT Operations, and IT Risk / Compliance.
  • Designate change or maintenance windows for various asset discovery scenarios (example: setting up Active Directory Query and external data sources, integration with CMDBs such as ServiceNow or Flexera).
  • Identify internal and external dependencies to your asset discovery process (example: to achieve effective integrations with the CMDB or Active Directory Query).
  • Create a Tanium Steering Group (TSG) for asset management activities to expedite reviews and approvals of processes that align with SLAs.
  • Determine frequency of reviews for changes and new information.
  • Consider conducting at least a quarterly review of change management process.

RACI chart

A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources against asset management. Use the following table as a baseline example.

Task IT Operations Asset manager Asset user Rationale

Identify Asset scope

R C C The Tanium platform owner must identify computers that are in scope for Asset. This scope is likely all computers, but a conversation should occur between the CMDB owners and the Tanium platform owners to fully understand scope across both tool sets.
Configure supporting tools R - - The Tanium platform owner rolls out the required Asset Tools (including Indexing capability) to the determined set of computers. The Tanium platform owner also must continually monitor tool deployment and upgrades.
Create Asset reports R R / C R / C The Tanium platform owner and business process owner end user must define the report requirements, then build those reports in Asset for viewing by business owners. The platform owner can configure role-based access control (RBAC) to allow users to view reports, or allow business owners to build read-only reports.
Asset RBAC management R C I The Tanium platform owner must plan and implement appropriate Role Based Access Controls to allow other business units to access and create reports and views.
Enable tracking of products C R C If Software Inventory & Usage is configured, the platform owner can enable the business owners to align to the identified vendors and products in Asset or the CMDB.
Collect defined data I I I Tanium Asset collects asset data based on defined requirements and configurations.
Software inventory and usage workflow (click image to enlarge)

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk/compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions to manage software and hardware assets.

Operational metrics

Asset maturity

Managing an asset management program successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The key processes to measure and guide operational maturity of your Tanium Asset program are as follows:

Process Description
Usage How and when Tanium Asset is used in your organization
Automation How automated Tanium Asset is, across endpoints
Reporting How data from Asset is consumed by people and systems within the organization

Benchmark metrics

In addition to the key asset processes, the key benchmark metrics that align to the operational maturity of the Tanium Asset program to achieve maximum value and success are as follows:

Executive Metrics Key Vendors with Reported Products Unused Reported Products
Description The key vendors with reported products The reported products that are not being used
Instrumentation Software Inventory & Usage > All Vendors Software Inventory & Usage > All Products
Why this metric matters Key vendors with a cost associated with them that do not have any reported products are a detriment to the value provided by Asset, especially when it comes to software utilization. Cost-significant products should be reported. The metric demonstrates the usage and effectiveness of software the company has determined is worth reporting on a per user level. Unused software licenses can be reclaimed.

Use the following table to determine the maturity level for Tanium Asset in your organization.

    Level 1
(Initializing)
Level 2
(Progressing)
Level 3
(Intermediate)
Level 4
(Mature)
Level 5
(Optimized)
Process Usage
  • Asset installed
  • Data retention policies and access established
  • Primary user(s) identified on endpoints
  • Endpoint use case gap analysis complete
Custom sensors created for use, and new attributes added from custom sensors Destinations (ServiceNow or Flexera) and external sources are configured, providing enrichment and context to Asset endpoint data

  • Destinations (ServiceNow or Flexera) and external sources are configured, providing enrichment and context to Asset endpoint data
  • All endpoint data flows through Asset, either through imports or exports

Automation Import schedule configured, assets are visible
  • Integration with Active Directory. Active Directory Query content imported
  • Data retention rules enabled and aligned with IT policies
  • Asset views created to export data
  • User group permission enabled and aligned with IT policies
  • Sending additional attributes to CMDB (ServiceNow or Flexera)
  • Sending hardware, application, and primary user details to Splunk / SQL Server or Elastic
  • Sending additional attributes to CMDB (ServiceNow or Flexera)
  • Sending hardware, application, and primary user details to Splunk / SQL Server or Elastic
Functional Integration N/A
  • Integration with Active Directory Query
  • Exporting data from report grid view
Evaluation of ServiceNow or Flexera CMDB for enrichment using Tanium Asset CMDB enrichment value achieved
  • Achieve custom Asset integration with third-party REST endpoint with Tanium Connect
  • Integration with Tanium Deploy to reclaim unused or underutilized licenses
Reporting Manual; Asset workbench and dashboard for Operators only Manual; Asset reports using integration details Automated; exporting scheduled reports to file / email / SQL; tracking top ten packaged or paid-for software products Automated; CMDBs receiving data from Tanium Asset for reporting, including software usage Automated; CMDBs receiving data from Tanium Asset for reporting, including any third-party products with the Tanium Asset API
Metrics Key Vendors with Tracked Products 70% 80% 90% 95% 98%
Unused Tracked Products 50%  40% 30% 20% 5%