Gaining organizational effectiveness

The four key organizational governance steps to maximizing the value that is delivered by Performance are as follows:

Change management

Develop a tailored, dedicated change management process for endpoint performance monitoring activities, taking into account the new capabilities provided by Tanium.

  • Create and integrate a Tanium-specific change management process with updated service-level agreements (SLAs) from identification to resolution of endpoint performance issues.
  • Identify key resources in the organization to review and approve changes to endpoint performance requirements that ensure a minimal number of events per endpoint and align with an organizational-specific RACI chart.
  • Align activities to key resources for Tanium-managed endpoint performance activities across IT Security, IT Operations, and IT Risk / Compliance.

RACI chart

A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources against endpoint performance. Use the following table as a baseline example.

Task IT Security IT Operations IT Risk/Compliance Executive Rationale

Identify endpoint performance issue

- R/A - - The operations team is responsible for identifying endpoint performance issues.
Troubleshoot endpoint performance issue C R/A - - The operations team troubleshoots endpoint performance issues and consults with the security team on the troubleshooting process.
Scope the impact of performance issue C R/A - - The operations team scopes the impact of performance issues and consults with the IT Security team on the scoping process.
Remediate affected endpoints C R/A - - The operations team remediates affected endpoints and consults with the security team on the remediation process.
Ongoing monitoring I A/R - I The operations team monitors for endpoint performance issues and informs the executive and security teams of results.
Reporting I R - A The operations teams is responsible for reporting, and the executive team is accountable for the task. The security team is informed of all reports.
Figure  1:  Standard Performance workflow

Operational metrics

Performance maturity

Managing an endpoint performance program successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The four key processes to measure and guide operational maturity of your Tanium Performance program are as follows:

Process Description
Usage how and when Tanium Performance is used in your organization; for example, is Performance the only tool or is it a supplemental tool for another legacy tool
Automation how automated Tanium Performance is, and how well is it used in the automation of other systems
Functional Integration how integrated Tanium Performance is, across security, operations, and risk/compliance teams
Reporting how data from Tanium Performance is consumed by people and systems within the organization

Benchmark metrics

In addition to the key endpoint performance monitoring processes, the key benchmark metrics that align to the operational maturity of the Tanium Performance program to achieve maximum value and success are as follows:

Executive Metrics Performance Coverage Endpoints with Critical Performance Events in the Past Day
Description Returns the number of endpoints in each of these categories:
  • Optimal: Endpoints where Performance is operational
  • Needs attention: Endpoints that do not have the Performance tools installed, are not targeted by a profile, or do not have a supported version of the Tanium Client installed
  • Unsupported: Endpoints with an operating system version that is not supported by Performance

For steps to investigate endpoints that are categorized as Needs Attention or Unsupported, see Monitor and troubleshoot Performance Coverage.

For operating system and Tanium Client versions supported by Performance, see Requirements.

The percentage of endpoints with a critical performance event in the last 24 hours. Critical performance events include system crashes, low disk capacity, and application crashes.
Instrumentation Uses the Performance - Coverage Status sensor to determine the endpoints where Performance is optimal, needs attention, and is unsupported. The number of endpoints that had a critical performance event in the past day divided by the total number of endpoints that are managed by Performance.
Why this metric matters If Performance is not running on all of your endpoints, you do not have visibility into what problems they are having, which risks more downtime and less productivity for critical systems and end users.

Teams should minimize the number of performance problems that users experience.

With this metric, you can get a complete view of end user experience by looking at both the fraction of endpoints experiencing performance problems and how many problems each of these endpoints experience.

Use the following table to determine the maturity level for Tanium Performance in your organization.

    Level 1
(Needs improvement)
Level 2
(Below average)
Level 3
(Average)
Level 4
(Above average)
Level 5
(Optimized)
Process Usage Performance configured Performance used by exception to troubleshoot issues with individual endpoints Performance used to troubleshoot issues with individual endpoints Performance used to proactively and reactively troubleshoot issues; data from Performance occasionally drives strategic decisions and identifies cost efficiencies Performance used to proactively and reactively troubleshoot issues; data from Performance often drives strategic decisions and identifies cost efficiencies
Automation Manual Manual Manual Partial automation to resolve end user problems on an ongoing basis Partial automation to resolve end user problems on an ongoing basis
Functional integration Functionally siloed Occasionally consult with other teams to troubleshoot tickets Multiple teams use Performance to troubleshoot and report on end user experience;

Performance integrated with ITSM or Business Analytics tools

Multiple teams use Performance to troubleshoot and report on end user experience;

Performance integrated with ITSM or Business Analytics tools

Multiple teams use Performance to troubleshoot and report on end user experience;

Performance integrated with ITSM or Business Analytics tools

Reporting Manual Manual; Trends boards imported Automated; reporting for IT Help Desk, End User Computing, and Operational Leadership teams Automated; reporting for IT Help Desk, End User Computing, and Operational Leadership teams Automated; reporting for IT Help Desk, End User Computing, and Operational Leadership teams
Metrics Performance Coverage <70% 70-79% 80-89% 90-99% >99%
Percent of Endpoints with Events in the Past Day >40% 30-40% 20-30% 10-20% <10%

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk/compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions to improve endpoint performance monitoring processes.