Tanium as a Service overview

Taniumâ„¢ as a Service (TaaS) is the full functionality of the Tanium platform delivered as a fully-managed, cloud-based service, with zero customer infrastructure required.

With TaaS, you can use Tanium without having to install software and maintain virtual or physical servers. The Tanium Core Platform and products are automatically configured and maintained, so that you can focus on using Tanium to manage endpoints. Tanium as a Service is governed by the TaaS Subscription Agreement.

Architecture

The TaaS architecture is provided in a single tenant. By isolating tenants, the data is secured for each Tanium platform instance.

With TaaS, the overall Tanium architecture is abstracted to a single service that you can connect to with a secure web browser. The underlying Tanium platform components (Module Server, Tanium Server, and so on) are managed by TaaS.

If a customer endpoint can reach two internet IP addresses on two TCP ports, the endpoint can be managed with the full capabilities of the Tanium platform.

Figure  1:  Tanium as a Service Architecture

Responsibilities

With TaaS, you can use the Tanium platform and products, without worrying about performing updates or securing the environment.

Responsibility Customer Tanium as a Service
Software component management / Application level controls Use on demand, for patching, threat hunting, and so on. Maintain Tanium product releases to ensure availability, security and stability. Activate access to products as requested.
Tanium Client and endpoint protection Choose when and where to deploy Tanium Client to endpoints. Use controls to secure endpoints. Maintain updates, stability and reliability of Tanium Client. Provide controls for managing and securing endpoints.
Access and authorization Connect and manage identity and access provider, including the provisioning, deprovisioning, and protection of user accounts. Define the users, roles, and credentials that have access to the service. -
Data classification and accountability Identify, label, and classify data. Determine how data gets processed by TaaS. -
Hosting environment management - Maintain hosting environment, including management of the security, scalability, and performance of Tanium infrastructure.
Network controls Maintain any network controls not included in the TaaS infrastructure. Maintain network controls across TaaS infrastructure.
Security management - Manage security of instances through public key infrastructure (PKI) and data at rest encryption with unique keys.
Physical security - Manage security of the physical cloud environment.

Security

To ensure customer data privacy, TaaS implements single tenant isolation. Each instance is isolated from every other TaaS instance. Each TaaS instance is unique with no shared components, including compute, storage, network, encryption.

Tanium as a Service has undergone third-party security assessment and review. For a letter of attestation, contact your TAM.

After a compliance audit, TaaS management processes achieved Cloud Security Alliance STAR Level 1 certification. To compare how TaaS meets your own security standards, review the Common Assessment Initiative Questionnaire (CAIQ).

Service level objectives

Tanium as a Service monitors all aspects of the Tanium Platform, products, and operating environment to ensure availability, security and performance of the service. Through this monitoring, the service aims to achieve 99.9% uptime.

Custom content

Tanium reserves the Write Sensor privilege in TaaS for customers who have completed a Tanium Advanced Content Authoring class. Contact your TAM to gain access to this course.

After the Write Sensor privilege is granted, you can create custom content to extend Tanium solutions with TaaS. However, Tanium reserves the right to remove any custom content that is deemed unhealthy to the environment.

Proxy access

Most modules will be configured to fully function by default in Tanium as a Service. However, with certain modules, all possible destinations cannot be predicted. If you need to add external destination access from a Tanium as a Service component, contact your TAM to submit a request. Be specific with destination URL or IP and service port (for example: TCP443 to customer-abc.cloud.myservice.com).

Tanium platform and products

You can use Tanium products and platform with TaaS. Some configuration settings and functions are not available with TaaS by design, such as administrator roles, operational logs, and global server settings.

The user guides for the Tanium platform and products include a toggle so that you can view information specific to the TaaS environment: