Gaining organizational effectiveness

The four key organizational governance steps to maximizing the value that is delivered by Map are as follows:

Change management

Integrate a Tanium-specific, centralized change management process for application service activities.

  • Create a Tanium-specific change management process with updated service-level agreements (SLAs) for all application services.
  • Identify key resources in the organization to use server dependency data to maximize uptime and availability.
  • Align activities to key resources for application service activities across IT Security, IT Operations, and IT Risk / Compliance.
  • Identify server dependencies to maximize uptime during change or maintenance windows.
  • Create a Tanium Steering Group (TSG) to expedite reviews and approvals of processes that align with SLAs for server mapping activities.

RACI chart

A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources against application services. Use the following table as a baseline example.

Task IT Security IT Operations IT Risk/Compliance Executive Rationale

Application Service Infrastructure Troubleshooting

C A/R C - IT Operations is accountable and responsible for the availability of application services. When applications are having issues, IT Operations must understand the application components and where they are hosted. IT Security and IT Risk/Compliance are consulted on whether patching or a threat is taking place.
Server Change Management I A/R I - IT Operations is accountable and responsible for server changes, reboots and ensuring uptime with the understanding of the server role and dependencies. Security and compliance are both informed of the potential downtime.
Server Non-Compliance or Vulnerability Mitigation Plan C A/R C I IT Operations is accountable and responsible for the availability of application services and the plan to restore services. If a server needs patching or remediation, IT Security and IT Risk/Compliance are both consulted. The executive is informed of a widespread outage and the restoration of services.
Data Center Migration C A/R C C Migrating application services across data centers includes all areas of IT. IT Operations is accountable and responsible for minimizing downtime and restoring the pre-migration structure. IT Security and IT Risk/Compliance are both consulted to ensure the compliance and risk-avoidance of migrated services. The executive is consulted throughout the process to understand downtime and availability of business-critical applications.

 

Figure  1:  Application performance troubleshooting workflow
Figure  2:  Data center migration workflow
Figure  3:  Server non-compliance/vulnerability workflow

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk/compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions to improve application service activities.

Operational metrics

Map maturity

Using application and server data successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The four key processes to measure and guide operational maturity of your Tanium Map program are as follows:

Process Description
Usage how and when Tanium Map is used in your organization - is Tanium Map the sole tool or supplemental tool for another legacy tool
Automation how automated Tanium Map is, across endpoints
Functional Integration how integrated Tanium Map is, across IT Security, IT Operations, and IT Risk/Compliance teams
Reporting how automated Tanium Map is, and the audience of map reporting

Benchmark metrics

In addition to the key application service processes, the key benchmark metrics that align to the operational maturity of the Tanium Map program to achieve maximum value and success are as follows:

Executive Metrics Map Coverage Servers Mapped to an Application
Description Percentage of endpoints that have Tanium Map installed and running. Percentage of servers that are mapped to an application.
Instrumentation Number of servers with Map tools present / number of servers in the environment ( supported server group ) Count of application-associated servers / count of servers
Why this metric matters Ensuring that all supported servers have the Map tools installed enables maximum visibility of application services providing the highest level of awareness. If a server exists that is not part of a formalized application, then additional scrutiny is warranted. A stand-alone server could be an indication of an unsanctioned application, a failed migration, or an abandoned device. Figuring out the purpose of a stand-alone server is an opportunity for cost reclamation or perhaps service consolidation.

Use the following table to determine the maturity level for Tanium Map in your organization.

    Level 1
(Needs improvement)
Level 2
(Below average)
Level 3
(Average)
Level 4
(Above average)
Level 5
(Optimized)
Process Usage Map configured Discovered entry points are reviewed Critical application services have been mapped and saved Critical application services are mapped, modified, and saved Critical application services are mapped, modified, and saved
Automation Map is automatically finding entry points with default ports Map is automatically finding entry points with default ports Map is automatically finding entry points with default and custom ports Map is automatically finding entry points with default and custom ports Map is automatically finding entry points with default and custom ports
Functional integration Functionally siloed Functionally siloed in IT Operations for ad hoc tasks Functionally siloed in IT Operations to gain visibility into application dependencies Map data is shared between IT Operations and Security to view application components Map data is shared between IT Operations and IT Security to view application components and application definitions based computer groups used in other Tanium modules to give contextual relevance
Reporting Ad hoc Ad hoc - List of discovered entry points viewed in Map workbench Consistent - Application maps viewed in Map workbench Map data is used to determine new or missing systems over time in previously mapped applications Map data is used to generate alerts based on changes in the constituent systems in an application
Metrics Map Coverage 0-59% 60-74% 75-85% 86-96% 97-100%
Servers Mapped to an Application 0-49% 50-64% 65-79% 80-94% 95-100%