Gaining organizational effectiveness
There are four key organizational governance steps to maximizing the value delivered by Tanium Enforce to enable time to value:
- Develop a dedicated change management process. See Change management.
- Define distinct roles and responsibilities. See RACI chart.
- Track operational maturity. See Benchmark metrics.
- Validate cross-functional alignment. See Organizational alignment.
Develop a tailored, dedicated change management process to create a streamlined process around configuration and compliance policy management across endpoints with one console.
Update SLAs and align activities to key resources for Tanium Enforce activities across configuration and compliance policy management processes. For example, see RACI chart.
Designate change or maintenance windows for various activities across configuration and compliance policy management scenarios. For example, implement a new firewall rule or endpoint hardening policy.
Identify internal and external dependencies to your configuration and compliance policy management process. For example, compliance with standards such as SLAs or with PCI or HIPAA.
Create a Tanium Steering Group (TSG) for discovery activities to expedite reviews and approvals of processes that align with SLAs.
A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources across configuration and compliance policy management. Use the following table as a baseline example.
|Task||Security Team||Operations Team||Risk/Compliance Team||Rationale|
Define Policies: Define Security Policies
|A/R||I||I||Security team creates security policies. For example, firewall policies, anti-malware policies, and end-state computer security settings.|
Define Policies: Define Configuration Policies
|I||A/R||I||Operations team creates configuration policies. For example, application settings, browser settings, operating system look-and-feel/system settings.|
|A/R||A/R||I||The targets created in the security and configuration policies are then configured in Tanium Enforce and policies are deployed to defined targets.|
|Assess Results of Policies Using Reports||A/R||A/R||A/R||Using Tanium Enforce, review the work bench/Trends boards of policy results for assessment and remediation of any findings or need for configuration changes.|
|Remediate Findings and Configuration Changes||A/R||A/R||I||Using the output of the results, action through remediation of findings and configuration changes. For example, change targets, revise policy configuration errors, and then the workflow proceeds in a continuous loop.|
|Assumption: Security Team owns Tanium Enforce|
|Responsible, Accountable, Consulted, Informed|
|Responsible: Person who performs an activity or does the work.|
|Accountable: Person who is ultimately accountable and has Yes/No/Veto.|
|Consulted: Person who needs to provide feedback and contribute to the activity.|
|Informed: Person who needs to know of the decision or action.|
Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk / compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.
In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions on how to manage software and hardware assets.
Managing a configuration and compliance policy management program successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The four key processes to measure and guide operational maturity of your Tanium Enforce program are as follows:
|Usage||how and when is Tanium Enforce used in your organization (example: Is Tanium the sole tool or is it being supplemented by a legacy tool, such as Active Directory Group Policy?)|
|Automation||how automated is Tanium Enforce, and how well is it leveraged in automation of other systems|
|Functional Integration||how integrated Tanium Enforce is, across IT security, operations, compliance/risk, and asset management teams|
|Reporting||how is data from Tanium Enforce consumed by people and systems within the organization|
In addition to the key configuration and compliance policy management processes, the three key benchmark metrics that align to the operational maturity of the Tanium Enforce program to achieve maximum value and success are as follows:
|Value Metric||Value Metric #1||Value Metric #2||Value Metric #3||Value Metric #4||Value Metric #
|Metric Title||Enforce Coverage (% of total)||Policy Enforcements (% of total)||Host firewall enabled||Disk Encryption Enabled||Anti-Virus Enabled|
|Why this metric matters||Provides visibility into the number of systems managed by Enforce||Provides visibility of policy health across enterprise. Enforcement errors or unenforced endpoints introduce risk to the environment.||Provides visibility of host firewall status across enterprise. Endpoints that don't have a host firewall installed and enabled introduce risk to the environment.||Provides visibility of hard drive encryption status across enterprise. Unencrypted endpoints introduce risk to the environment.||Provides visibility of Anti-Virus status across enterprise. Endpoints that don't have an AV agent installed and enabled introduce risk to the environment.|
|Instrumentation||Tools sensor||Enforce policy status (per policy type) / managed endpoints.||Enforce - Host firewall is enabled (Sensor and Board)||Trends Enforce - Encryption Status (Board)||Enforce - Anti-Virus Is Enabled (Sensor and Board)|
Use the following table to determine the maturity level for Tanium Enforce in your organization.
|Process||Usage||Enforce imported/native OS, application, and security policies configured/policies are enforced through legacy means||Policies are verified||Remediation policies for control group of desktops/ servers are implemented||For end user desktop endpoint/team is using Enforce to push policy configurations to endpoints and enforce them for all managed technologies||Implementation across all capable operating systems|
|Automation||Policies/rules imported into Tanium Enforce||Reporting any policy enforcement errors/reports received and accuracy confirmed||Snapshots are captured over time and show improvement using native reporting||Snapshots are captured over time and show improvement using native reporting||For server endpoints, team is using Enforce to push policy configurations to endpoints and enforce them for all managed technologies/Enforce is the default for all rapid response and immediate deployment and enforcement of configurations|
|Functional integration||Native controls are integrated as applicable (example: Defender, firewall, and AD Group Policy)||Native controls are integrated as applicable (example: Defender, firewall, and AD Group Policy)||Native controls are integrated as applicable (example: Defender, firewall, and AD Group Policy)||Native controls are integrated as applicable (example: Defender, firewall, and AD Group )||Remediation policies for file and service operations integrated|
|Reporting||Manual; via Enforce work bench/for operators only||Manual; Enforce integration with native tools to export reports||Automated; Trends boards for operators/peer group only||Automated; Trends boards tailored to stakeholders ranging from operator to executive||Automated; Trends boards tailored to stakeholders ranging from operator to executive|
|Metrics||Verified enforcement per policy (% of total enforcements vs. enforcement errors)||0-69%||70-79%||80-89%||90-98%||99-100%|
|% of hosts with firewall enabled||0-69%||70-79%||80-89%||90-98%||99-100%|
|% of hosts with disk encryption enabled||0-69%||70-79%||80-89%||90-98%||99-100%|
|% of hosts with anti-virus enabled||0-69%||70-79%||80-89%||90-98%||99-100%|
Last updated: 1/11/2021 2:16 PM | Feedback