The Metropolitan Water District of Southern California (MWD), which delivers water to 26 member agencies comprising 19 million people in six counties, has been a customer of Tanium — which enables organizations to have visibility and control across all endpoints in on-premise, cloud and hybrid environments — for more than four years. But the state-established cooperative identified an additional need in responding to Public Records Act (PRA) requests, to ensure it was locating all applicable files in its network — even the hardest to find.
Darrell Saunders, security analyst at MWD, suggested using Tanium’s Reveal module, MWD Chief Information Security Officer Jake Margolis told Techwire. The module is specifically designed to “locate and manage sensitive data across endpoints to mitigate exposure,” according to Tanium. The district already used the company’s products for needs like asset management, software tracking and incident response. It was contemplating using Reveal for a digital management project; but, Margolis said, using it on a “really complex PRA” proved to be a success.
“It does show the versatility of your tool sets, I think, and that’s where your people come into play. It worked really well for us in that situation,” Margolis said. MWD — which began migrating earlier this year away from on-prem servers to the Tanium cloud — embarked on a proof of concept for the Reveal module of roughly 60 days before purchasing the module last year. The overall process was hastened because MWD was an existing customer — and because the Tanium platform uses a single agent and doesn’t require the rollout of additional agents. Among the project’s takeaways:
- Do the assessment. When you’re repurposing a tool, Margolis said, “make sure it actually gains efficiency, reduces cost, improves the user experience. Stick with fundamentals.” Here, MWD’s chief risk in pivoting its use of Reveal away from digital management to PRAs was that the product wouldn’t work — and staff would have to find that data “the hard way,” mapping drives to workstations and then searching them. But other potential use cases may have higher risks, and higher costs of ownership, than potentially losing only a few staff hours.
- Fight with what you have. The expression, the CISO said, originates from the military but is honed here by the knowledge that procurement cycles — even competitively bid contracts like California Multiple Award Schedules and the Software Licensing Program — take time. “You have to weigh what’s the time versus the need? How time-sensitive is this need, versus how long is it going to take me to put in a permanent solution? Because ideally, the solution that’s meant for that issue is almost always the best solution,” he said. With expertise and help, as in this case, he said, a synergy can be achieved — but that’s not always the case. It’s also not always the case with commercial off-the-shelf (COTS): “I think people tend to want to be perfectionists. ... There’s never a perfect fit. There’s always going to be some outlying use case that doesn’t fit,” Margolis said.
- Kick the tires. MWD wasn’t initially considering using the Reveal module on its PRA requests, but that happened because once it was suggested, officials — who met with their Tanium representatives weekly — examined the technology and considered what it could do. That sounds time-consuming, Margolis said, but it’s worth the extra time or overtime to do so, even if that means devoting a Saturday morning to configure a tool or a solution to your needs and achieve a “proper risk analysis.”
