How GAF Moved to the Cloud With Tanium

The best laid plans. Just ask the IT team at roofing and waterproofing manufacturer GAF. They delivered a powerful on-premises solution for vulnerability monitoring. Done and done, right? Wrong.

The team received a surprise from GAF’s senior leaders. They announced a companywide move to the cloud — including the solution the IT team had just installed.

GAF’s Tanium project dated back to 2017, when senior IT leaders became concerned about endpoint vulnerabilities to malware and other attack types. That led the team to install Tanium, which was then offered on premises.

The Tanium implementation was so successful that it became the foundation of GAF’s operational reporting. But then the IT team was told they would need to move the entire Tanium suite to the cloud.

As part of the move, GAF planned to entirely shutter its New Jersey data center. Also, some 5,100 endpoints in North America — including desktops and laptops used by developers and engineers — would be moved to Google Workspace, a cloud-based suite of collaboration tools.

The IT team also had to work quickly. Tanium was one of only a handful of workloads still running in GAF’s soon-to-be-closed data center.

The move to Tanium Cloud

Fortunately, the cloud migration of Tanium was a straightforward project, one that could be completed in about four weeks.

Now GAF enjoys the full functionality of the Tanium platform delivered as a fully managed, cloud-based service. In addition, Tanium Cloud requires zero customer infrastructure.

Moving to the cloud also lets GAF use Tanium without having to install software and maintain virtual or physical servers. The Tanium core platform and solutions are automatically configured and maintained in the cloud, freeing GAF to focus on using Tanium to manage endpoints.

Thanks to the power of the cloud, GAF was also able to maintain endpoint management connections as employees shifted to working from home and then, more recently, back to the office.

“There were no issues,” says Jim Pantopicos, GAF’s director of workplace technologies. “We never skipped a beat.”

Faster, more accurate reporting

One gain came on the security front. Thanks to Tanium Cloud, virtually all GAF’s endpoints are now compliant with Google’s Chrome browser emergency update to address a zero-day vulnerability. The small number of remaining machines get quarantined until they too are compliant.

Another benefit is endpoint imaging. Prior to using Tanium, GAF was doing bare-metal imaging by hand, even though most of the apps are now web-based. That could take as long as two hours per build. Now with Tanium, that’s down to just 15 to 20 minutes.

“Think about the time we’ll save when we have to image 20, 30, 40 machines at a clip,” Pantopicos says. “That should deliver a huge ROI.”

Tanium has also helped GAF by reporting on and remediating vulnerabilities discovered earlier this year on Chrome and Edge browsers. This was identified as a zero-day vulnerability that has active exploit code in the wild. “Without Tanium,” Pantopicos says, “we would have had no ability to address these vulnerabilities.”

Looking ahead, GAF intends to help its parent company, Standard Industries, standardize Tanium worldwide. Standard Industries employs some 20,000 people in over 80 countries, so the job will be a big one. But then, GAF’s IT team is used to that.

---

Learn more: Read the full GAF case study to learn how the company moved to a cloud-only architecture with Tanium.