Mar 18, 2022
As Voltaire once said, "Perfect is the enemy of good". If you think you can achieve a perfect CMDB on day dot, you've already failed. This isn't possible no matter what your software vendor may tell you or how 'shiny' a tool is; it is easy to buy into the utopian world you may see in presales demonstrations. There is however a journey to get to perfection. The best action is starting with baby steps - as the US Navy Seals say, "slow is smooth and smooth is fast". This saying, used by arguably the most elite force in the world, reminds us that the best way to move fast in a professional setting is to take your time. Slow down, and do the job right, and try not to look through rose-tinted glasses. Saying perfection doesn't exist isn't necessarily buying into mediocrity; organisations should strive for whatever their 'perfect' may look like through continuously improving and maintaining their CMDB. Perfection is a process rather than a steady state.
In certain instances, not having a CMDB has proven to be catastrophic. In 2017, the publicly funded healthcare system in England – known as the National Health Service(NHS) – suffered a ransomware attack titled WannaCry. This attack brought the organisation to its knees overnight. The NHS cancelled some 20,000 medical appointments, locked down hundreds of computers, and closed five emergency centres. Losses from WannaCry were estimated to be around $174 million.
The NHS identified that the proverbial back door was left open by an asset owner who had failed to update their Windows OS. Because of this simple vulnerability,the hackers had found a way into NHS's environment. Unfortunately, by the time there was knowledge of the attack, the IT security managers within the NHS had no idea which department the machines were located in, what software they were running, nor where they were physically located. Despite identifying the problem relatively early on, they could not fix it.
There are many examples of similar catastrophic hacks, outages and consequent lengthy down times are all over the Internet and social media – and the numbers of stories are increasing. Network downtime is good for neither the business nor for the user experience – and any prolonged outage can cause a failure in operations, sometimes proving fatal for an organisation.
ITIL 4 defines a Configuration Management Database (CMDB) as a database used to store configuration records throughout their lifecycle. The CMDB also maintains the relationships between these configuration records. A configuration record is a record containing the details, as well as the lifecycle of a configuration item (CI). Configuration records are stored in a configuration management database as a CI. A CI is any component that needs to be managed to deliver an IT service.
Firstly, the CMDB is a big beast, so organisations must recognise what they plan for. Not having a plan means you plan to fail. Start by defining what their CMDB should look like relative to your organisation—acknowledging that not all organisations have the same:
2. Skillset; or
For instance, a Fortune100 company will likely have an abundance of all three compared to an organisation with 2,000 employees and only 100 people in IT. Each will operate on different economies of scale.
When defining your stance in relation to the above, it is important to link it to outcomes that will deliver value to the organisation. Unfortunately, too many organisations blindly build out their CMDB without understanding what problems they are trying to solve and the inherent value that follows. Do not just focus on the technological aspects of the CMDB; remember to consider people, processes, and services (user journeys) when developing your plan.
The first step after defining your plan is establishing the people layer. This involves creating a configuration control board (CCB) and, importantly, gaining executive buy-in. The CCB will provide leadership, managerial oversight, and a decision-making process to ensure that the CMDB continues to drive value according to the organisation's investment and desired outcomes. Again, this is relative - in some cases, this may only be one person, in others, it could be multiple. It all comes down to your organisation.
With established governance and an approved CMDB design plan, the following steps include populating the CMDB and implementing the processes and technology required to keep it updated and accurate.
We advise that customers focus only on approved customer journeys. Start small, and progressively work your way up instead of going with a big bang approach. We usually start with a single CI type and only import attributes deemed critical in support of the user journeys and ignore collecting attributes that are not. This initial CI will become the template for other CI types (process-wise, not the data captured).
From a high level, we have broken the approach into the following steps:
Review your feedback loops for valued comments as your organisation embraces the CMDB. Consider soliciting feedback from heavy users through interviews or focus groups. Leverage this feedback to make necessary adjustments; if positive, promote the comments with your stakeholders, build excitement, and solidify their support with the "wins."
If less than favorable, step back and assess to determine the underlying contributing factors and make the necessary adjustments through redefining User Journeys.
Successfully using a CMDB brings over several valuable benefits to your organisation. A robust CMDB can achieve the following:
According to Gartner, it takes about three attempts for organisations to implement a successful CMDB. Many try to boil the ocean, fail to maintain accurate CIs, invest too much in tooling, and overlook the people and process layers.
This often cultivates the perception that the CMDB is an unattainable entity; this is simply not true. A CMDB is an easy project to undertake with the right approach and the correct implementation. Learn more about how Service Quality is helping leading Australian businesses change the way they think, implement, and continuously improve Service Management.
About Service Quality:
Founded in 2007, Service Quality survives on a simple but powerful idea: empower you to do more with your Service Management and Security solutions. With cutting-edge support and award-winning security and service management practices, you can be sure that Service Quality will help maximise your Service Management investment. Today, hundreds of thousands of users rely daily on Service Management and Security solutions designed and implemented by Service Quality to make their work flow.
Written By: Angus Kenny - Director of Enterprise Solutions