Improved Security Deployment and Assessment of Risk. When assessing a known vulnerability on a server, CMDB information can be used to assess risk based on both the severity of a patch, as well as the business context of the vulnerability. This capability allows IT organizations to prioritize patches that support the business and ensure that critical systems are secured first.
More Accurate and Streamlined Compliance.
To better facilitate Sarbanes-Oxley and HIPAA initiatives, IT organizations can tap into the CMDB data model to ensure that asset information is accurate and complete. Additionally, the CMDB coupled with the assignment of accountable CI owners and auditors can better enable IT organizations to demonstrate better internal controls. Tracking CIs, relationships and validating their accuracy through continuous monitoring can provide a higher level of assurance that IT systems and related components are controlled and managed in accordance with legislative requirements.
Other advantages of deploying and optimizing a standard CM process and supporting CMDB toolset may include:
Centralize storage of physical and logical infrastructure information
Establish clear ownership and accountability for IT components
Allow more efficient planning and support of the IT infrastructure
Highlight technical inefficiencies for correction and/or improvement
Provide a foundation for standard ITIL-based service management (ITSM)
Compliment regulatory compliance and auditing activities
Decrease the cost of patching, repairing and troubleshooting
Minimize downtime and improve customer responsiveness
Decrease redundancy of IT operational support activities
Support proactive Problem Management initiatives
Track intangible attributes of IT assets and their relationships
Fine-tune Incident Management and operational support
Allow for more efficient handling of data center and/or IT asset migrations
Articulate the business context of IT processes and associated activities
Proactively assess inherent risk from potential IT service failures
Support Business and IT Service Continuity (ITSCM) initiatives · Promote IT standards to the broader IT community
Provide a service-oriented view of the IT infrastructure
Foster an environment of continuous improvement
Implementing a CMDB
Deployment of a CMDB can only be accomplished in parallel with a Configuration Management process. Therefore, IT organizations need to establish goals, create a baseline and foster an environment of continuous improvement. In turn, related activities will help IT management and supporting personnel to gain momentum and demonstrate the value of standard policies, processes and supporting procedures.
In order to establish an effective Configuration Management process, process stakeholders need to ensure that any data associated with core IT operational processes is appropriately stored and managed. Guaranteeing the integrity, validity, accuracy and completeness of CM data is no small task, and requires certain levels of accountability and ownership in order to properly manage the data.
Therefore, deployment of a CMDB requires careful consideration of who owns and is accountable for the operational components of the repository itself. At a minimum, the following Key Goal Indicators (KGI) should be reviewed, established and/or communicated to all stakeholders prior to commencing any CM strategy or CMDB implementation:
Establish process ownership and executive sponsorship for the Configuration Management process
Ensure accountability for the setup, ongoing maintenance and support of CMDB related hardware and components
Ensure network availability, throughput, capacity and access to CMDB related resources is provided
Implement regular, scheduled backup of data and related files required for continuous, reliable CMDB operation
Plan for timely audit and validation of CMDB data to ensure ongoing accuracy of IT environment
Establish a continuous improvement program specific to CM that focuses on the people driving the process
Bottom Line: For many organizations, simply establishing a starting point for a CMDB can greatly help facilitate effective awareness and maturity of the Configuration Management process. However, incorporating too much detail during an initial CMDB deployment can add significant cost to the process and exceed the actual (or perceived) value it provides. In the end, early adopters of CMDB tools that take a tactical, realistic approach to deployment will be rewarded with more rapid realization of IT service support and delivery efficiencies.