A Configuration Management Database (CMDB) is the core of ITIL processes. CMDB is a database of information related to all the components of an information system; it contains information about the configuration items (CI) in the IT infrastructure. CIs can be hardware, software, personnel or documentation. As it relates to IT Asset Management, a CMDB is a comprehensive ‘map’ of your entire IT, helping you to keep track of the state of endpoint devices, software and data, useful to detection and response to security incidents.
The CMDB describes CIs using three configurable attributes: technical, ownership and relationship. In plain terms, the CMDB is like the index for the components in the IT environment, helping understand their attributes, relationships and configurations. A key success factor in implementing a CMDB is the ability to automatically discover information about the CIs and to track changes as they happen. CMDBs are important in IT decision making, allowing users to identify dependencies among processes, people, applications and IT infrastructure to find opportunities for change, faster resolution of incidents fewer errors and more.
Unlike a traditional database, the CMDB pulls in data from other sources in such a way that original sources retain control of said data. The CMDB can help you understand data in an organized way, examining it from a multitude of perspectives. According to the ITIL recommended specifications, there are four tasks involved in configuration management:
- Identify the CIs to be put in the CMDB
- Control the data so that it is only changed by authorized individuals
- Ensure the current status of incoming CI is always recorded and updated
- Maintain data accuracy through audits and reviews
A CMDB may be accessed by many individuals, so many companies find it useful to make it more user-friendly by adopting a web interface.
How to Automate Your CMDB (Configuration Management Database)
Automation is the name of the game for IT teams struggling to keep up with a range of seemingly countless manual tasks. Some of these tasks are tedious and others are increasingly complicated as companies push toward digital transformation. Asset management is one area where IT is finding success with the automation of time-consuming tasks, particularly in updating the Configuration Management Database (CMDB) for an accurate asset inventory.
Whether you call it a CMDB or not, everyone has ‘a list’ of company-owned assets. This includes hardware, software licenses, documentation and even personnel. Depending upon your organization, your CMDB may go so far as to serve as a map of all that is IT. More likely though, your CMDB is a static spreadsheet that lists devices and pre-loaded software given to a new employee on their first day.
CMDB in a Perfect World
In its truest form, a CMDB is a database of all configurable items in your IT infrastructure, including laptops, desktops, phones, printers, servers, and more. Going beyond a simple inventory of items however, the database should also include three configurable attributes for each item: technical details (including the software running on them), user information and the asset’s relationship with other people, processes and technologies in the organization.
An accurate, up-to-date CMDB can be thought of as the anchor of your IT asset management program. When done well, it should:
- Provide you and any auditor who asks with an accurate, efficient, at-a-glance view of company assets, where they are, what they are running, and inter-dependencies on other organizational assets.
- Serve as a financial tracker so you aren’t buying more of what you already have or aren’t using. It can also help leadership build out an organizational valuation.
- Help you meet compliance requirements including GDPR, HIPAA and several other regulations related to personal data privacy.
- Improve your security posture. Because you can’t secure what you can’t see or don’t even know you have in your environment, an up-to-date CMDB will give you the confidence that you are securing all of your endpoints. Pushing security updates to an outdated list of assets will leave you with many vulnerabilities.
The Trouble with Manual Updates
While CMDBs should outline what’s listed above, they usually don’t when updates are left to manual, human effort. Firstly, it’s simply too much to keep up with. Secondly, manual processes aren’t a solution for devices that fall off the corporate network. You can’t accurately inventory and monitor what you can’t even see.
Automation is both an effective and efficient way to maintain an up-to-date CMDB, as long as the solution you rely on doesn’t require your endpoints to have a network connection. Another common challenge with most endpoint management solutions is that the health of the agent is not stable. If the agent you rely on is disabled or corrupt when a device is off the network, your visibility into that device is typically gone.
Employees, their devices, and the data that resides on them are always on the move; you need to be able to track the devices (and their security controls) as they travel. Manual effort toward this goal is time wasted, especially when you consider the numerous other tasks left undone while you are trying to keep an updated inventory.
To automate your CMDB, start with your assets. How many endpoints does your organization have and how are you tracking them? If you’d like to find out more about how many off-network endpoints you have, take our Dark Endpoint Assessment.