Gaining organizational effectiveness

The four key organizational governance steps to maximizing the value that is delivered by Performance are as follows:

Develop a dedicated change management process. See Change management.
Define distinct roles and responsibilities. See RACI chart.
Track operational maturity and operating metrics over time. See Operational metrics.
Validate cross-functional alignment. See Organizational alignment.

Change management

Develop a tailored, dedicated change management process for endpoint performance monitoring activities, taking into account the new capabilities provided by Tanium.

Create and integrate a Tanium-specific change management process with updated service-level agreements (SLAs) from identification to resolution of endpoint performance issues.
Identify key resources in the organization to review and approve changes to endpoint performance requirements that ensure a minimal number of events per endpoint and align with an organizational-specific RACI chart.
Align activities to key resources for Tanium-managed endpoint performance activities across IT Security, IT Operations, and IT Risk / Compliance.

RACI chart

A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources against endpoint performance. Use the following table as a baseline example.

Task	IT Security	IT Operations	IT Risk/Compliance	Executive	Rationale
Identify endpoint performance issue	-	R/A	-	-	The operations team is responsible for identifying endpoint performance issues.
Troubleshoot endpoint performance issue	C	R/A	-	-	The operations team troubleshoots endpoint performance issues and consults with the security team on the troubleshooting process.
Scope the impact of performance issue	C	R/A	-	-	The operations team scopes the impact of performance issues and consults with the IT Security team on the scoping process.
Remediate affected endpoints	C	R/A	-	-	The operations team remediates affected endpoints and consults with the security team on the remediation process.
Ongoing monitoring	I	R/A	-	I	The operations team monitors for endpoint performance issues and informs the executive and security teams of results.
Reporting	I	R	-	A	The operations team is responsible for reporting, and the executive team is accountable for the task. The security team is informed of all reports.

Standard Performance workflow (click image to enlarge)

Operational metrics

Performance maturity

Managing an endpoint performance program successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The four key processes to measure and guide operational maturity of your Tanium Performance program are as follows:

Process	Description
Usage	how and when Tanium Performance is used in your organization; for example, is Performance the only tool or is it a supplemental tool for another legacy tool
Automation	how automated Tanium Performance is, and how well is it used in the automation of other systems
Functional Integration	how integrated Tanium Performance is, across security, operations, and risk/compliance teams
Reporting	how data from Tanium Performance is consumed by people and systems within the organization

Benchmark metrics

In addition to the key endpoint performance monitoring processes, the key benchmark metrics that align to the operational maturity of the Tanium Performance program to achieve maximum value and success are as follows:

Executive Metrics	Performance Coverage	Endpoints with Critical Performance Events in the Past Day
Description	Returns the number of endpoints in each of these categories: Initializing: Endpoints where Performance tools are installing Optimal: Endpoints where Performance is operational Needs attention: Endpoints that do not have the Performance tools installed, are not targeted by a profile, or do not have a supported version of the Tanium Client installed Unsupported: Endpoints with an operating system version that is not supported by Performance For steps to investigate endpoints that are categorized as Needs Attention or Unsupported, see Monitor and troubleshoot Performance Coverage. For operating system and Tanium Client versions supported by Performance, see Requirements.	The percentage of endpoints with a critical performance event in the last 24 hours. Critical performance events include system crashes, low disk capacity, and application crashes.
Instrumentation	Uses the Performance - Coverage Status sensor to determine the endpoints where Performance is optimal, needs attention, and is unsupported.	The number of endpoints that had a critical performance event in the past day divided by the total number of endpoints that are managed by Performance.
Why this metric matters	If Performance is not running on all of your endpoints, you do not have visibility into what problems they are having, which risks more downtime and less productivity for critical systems and end users.	Teams should minimize the number of performance problems that users experience. With this metric, you can get a complete view of end user experience by looking at both the fraction of endpoints experiencing performance problems and how many problems each of these endpoints experience.

Executive Metrics

Performance Coverage

Endpoints with Critical Performance Events in the Past Day

Description

Returns the number of endpoints in each of these categories:

Initializing: Endpoints where Performance tools are installing
Optimal: Endpoints where Performance is operational
Needs attention: Endpoints that do not have the Performance tools installed, are not targeted by a profile, or do not have a supported version of the Tanium Client installed
Unsupported: Endpoints with an operating system version that is not supported by Performance

For steps to investigate endpoints that are categorized as Needs Attention or Unsupported, see Monitor and troubleshoot Performance Coverage.

For operating system and Tanium Client versions supported by Performance, see Requirements.

The percentage of endpoints with a critical performance event in the last 24 hours. Critical performance events include system crashes, low disk capacity, and application crashes.

Instrumentation

Uses the Performance - Coverage Status sensor to determine the endpoints where Performance is optimal, needs attention, and is unsupported.

The number of endpoints that had a critical performance event in the past day divided by the total number of endpoints that are managed by Performance.

Why this metric matters

If Performance is not running on all of your endpoints, you do not have visibility into what problems they are having, which risks more downtime and less productivity for critical systems and end users.

Teams should minimize the number of performance problems that users experience.

With this metric, you can get a complete view of end user experience by looking at both the fraction of endpoints experiencing performance problems and how many problems each of these endpoints experience.

Use the following table to determine the maturity level for Tanium Performance in your organization.

		Level 1 (Initializing)	Level 2 (Progressing)	Level 3 (Intermediate)	Level 4 (Mature)	Level 5 (Optimized)
Process	Usage	Performance configured	Performance used by exception to troubleshoot issues with individual endpoints	Performance used to troubleshoot issues with individual endpoints	Performance used to proactively and reactively troubleshoot issues; data from Performance occasionally drives strategic decisions and identifies cost efficiencies	Performance used to proactively and reactively troubleshoot issues; data from Performance often drives strategic decisions and identifies cost efficiencies
	Automation	Manual	Manual	Manual	Partial automation to resolve end user problems on an ongoing basis	Partial automation to resolve end user problems on an ongoing basis
	Functional integration	Functionally siloed	Occasionally consult with other teams to troubleshoot tickets	Multiple teams getting value from Performance data	Team uses Performance to troubleshoot and report on end user experience; Performance integrated with ITSM or Business Analytics tools	Multiple teams use Performance to troubleshoot and report on end user experience; Performance integrated with ITSM or Business Analytics tools
	Reporting	Manual; Reporting for Operators only	Manual; Reporting for Operators only and peer group	Automated; Reporting for Operators and peer group only	Automated; Reporting tailored to stakeholders from IT Help Desk, End User Computing, and Operational Leadership teams	Automated; Reporting tailored to stakeholders from IT Help Desk, End User Computing, and Operational Leadership teams
Metrics	Performance Coverage (for Manageable Endpoints)	0-69%	70-79%	80-89%	90-99%	100%
Metrics	Percent of Endpoints with Events in the Past Day	>40%	31-40%	21-30%	10-20%	0-9%

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk/compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions to improve endpoint performance monitoring processes.