Home �   ITIL�  Index

ITIL and the CMDB: Think Small?

Apr 10, 2006

Patrick Moore


Improved Security Deployment and Assessment of Risk. When assessing a known vulnerability on a server, CMDB information can be used to assess risk based on both the severity of a patch, as well as the business context of the vulnerability. This capability allows IT organizations to prioritize patches that support the business and ensure that critical systems are secured first.

More Accurate and Streamlined Compliance. To better facilitate Sarbanes-Oxley and HIPAA initiatives, IT organizations can tap into the CMDB data model to ensure that asset information is accurate and complete. Additionally, the CMDB coupled with the assignment of accountable CI owners and auditors can better enable IT organizations to demonstrate better internal controls. Tracking CIs, relationships and validating their accuracy through continuous monitoring can provide a higher level of assurance that IT systems and related components are controlled and managed in accordance with legislative requirements.

Other advantages of deploying and optimizing a standard CM process and supporting CMDB toolset may include:

  • Centralize storage of physical and logical infrastructure information
  • Establish clear ownership and accountability for IT components
  • Allow more efficient planning and support of the IT infrastructure
  • Highlight technical inefficiencies for correction and/or improvement
  • Provide a foundation for standard ITIL-based service management (ITSM)
  • Compliment regulatory compliance and auditing activities
  • Decrease the cost of patching, repairing and troubleshooting
  • Minimize downtime and improve customer responsiveness
  • Decrease redundancy of IT operational support activities
  • Support proactive Problem Management initiatives
  • Track intangible attributes of IT assets and their relationships
  • Fine-tune Incident Management and operational support
  • Allow for more efficient handling of data center and/or IT asset migrations
  • Articulate the business context of IT processes and associated activities
  • Proactively assess inherent risk from potential IT service failures
  • Support Business and IT Service Continuity (ITSCM) initiatives · Promote IT standards to the broader IT community
  • Provide a service-oriented view of the IT infrastructure
  • Foster an environment of continuous improvement

    Implementing a CMDB

    Deployment of a CMDB can only be accomplished in parallel with a Configuration Management process. Therefore, IT organizations need to establish goals, create a baseline and foster an environment of continuous improvement. In turn, related activities will help IT management and supporting personnel to gain momentum and demonstrate the value of standard policies, processes and supporting procedures.

    In order to establish an effective Configuration Management process, process stakeholders need to ensure that any data associated with core IT operational processes is appropriately stored and managed. Guaranteeing the integrity, validity, accuracy and completeness of CM data is no small task, and requires certain levels of accountability and ownership in order to properly manage the data.

    Therefore, deployment of a CMDB requires careful consideration of who owns and is accountable for the operational components of the repository itself. At a minimum, the following Key Goal Indicators (KGI) should be reviewed, established and/or communicated to all stakeholders prior to commencing any CM strategy or CMDB implementation:

  • Establish process ownership and executive sponsorship for the Configuration Management process
  • Ensure accountability for the setup, ongoing maintenance and support of CMDB related hardware and components
  • Ensure network availability, throughput, capacity and access to CMDB related resources is provided
  • Implement regular, scheduled backup of data and related files required for continuous, reliable CMDB operation
  • Plan for timely audit and validation of CMDB data to ensure ongoing accuracy of IT environment
  • Establish a continuous improvement program specific to CM that focuses on the people driving the process

    Bottom Line: For many organizations, simply establishing a starting point for a CMDB can greatly help facilitate effective awareness and maturity of the Configuration Management process. However, incorporating too much detail during an initial CMDB deployment can add significant cost to the process and exceed the actual (or perceived) value it provides. In the end, early adopters of CMDB tools that take a tactical, realistic approach to deployment will be rewarded with more rapid realization of IT service support and delivery efficiencies.