COBIT5 : Where Configuration Management Systems optimize your IT Management.

Guest post by Myles Suer, Senior Manager, ITPM Field and Partner Evangelism

 

Configuration management is about defining and maintaining information on all your IT assets and their overall relationship with each other and your organization. With good configuration management you greatly reduce your business risk because you have the ability to see the effects of any proposed change. Configuration Management and Configuration Management Databases (CMBD) obviously have been hot topics for several years because of the need for IT organizations to establish fundamental control over their IT infrastructure. Naturally, interpretations of configuration management can vary from company to company.

 

When people say “configuration management” they typically mean one of the following:

 

1)      Loading configuration information for the service desk

2)      Maintaining configuration information

3)      Managing/maintaining configuration of specific classes of devices

4)      A CMBD that includes configuration discovery of actual state and dependencies as well as the ability to detect configuration drift.

 

Users naturally have a lot of interpretations of what configuration management is. COBIT 5 suggests that IT organizations need to achieve both items three and four. The configuration management function, according to COBIT 5, includes:

  •  Establishing configuration baselines
  • Verifying and auditing the state of configuration information
  • Updating the recorded state in a configuration repository

 

UCMDB integrations.pngThe purpose of configuration management is to provide sufficient information about service assets to enable the services to be effectively managed, the impact of changes to be assessed, and allow for service incidents to be dealt with appropriately. Simply put, these functions require configuration to be up-to-date as well as controlled and managed.

 

Goal for configuration management

To improve this process and reduce IT and business risk, COBIT 5 suggests IT organizations measure themselves against just one process improvement goal. This goal is that the configuration repository is accurate, complete and up-to-date.

 

Two metrics have been provided to determine if your configuration repository is up to snuff:

1) Number of deviations between the configuration repository and live configuration

2) Number of discrepancies relating to incomplete or missing configuration information

 

The first number tells you about how managed state and actual state relate to each other. The latter reflects either things discovered that are not recorded or the quality of the recording process as a whole.

 

So where should you start?

As always, my suggestion is that you start where the most immediate value can be driven. But if it were up to just me, I would start with the number of deviations between the configuration repository and live configuration. We need to drive deviations to a very small number if we are to increase the change success rate, to reduce security vulnerabilities, and to drive up availability and reliability.  What do you think? What would be first on your list? I would love to hear back from you.

 

I also encourage you to read another post I wrote on the value of COBIT5 on IT strategy: Making COBIT 5 part of your IT strategy

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
This account is for guest bloggers. The blog post will identify the blogger.
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.