Why a Dirty CMDB Is so Bad
Like many areas of IT operations, one of the cornerstones of successful software asset management is having accurate asset data in a central repository, also known as an asset repository. From a SAM perspective, that means discovering and identifying all devices across the entire IT estate and then accurately identifying the software installed and used on those devices (and, increasingly, the software not on those devices that is still being consumed by the end user, like SaaS products).
Organizations tend to overlook software asset management CMDBs since a SAM program is unlikely to need the same data found in a mature IT service management tool’s configuration management database. However, organizations should consider the risk of data duplication between a SAM asset repository and a CMDB and the risk of data either being incomplete or inaccurate. An incomplete, inaccurate CMDB is often referred to as being “dirty.”
The issue with dirty data
While a CMDB is most often associated with an IT service management solution and ITIL requirements, the key to creating a solid and valuable CMDB is populating it with current, complete and accurate information tied to the IT assets and users across the network.
The requirements for maintaining a clean CMDB are similar to a SAM repository. But, it’s harder to achieve than you might think – take a look at some of the reasons below:
- Most inventory solutions are not good at covering multiple platforms – meaning you either have holes in your IT inventory or have to use multiple discovery solutions. Using multiple discovery solutions will report assets in different ways.
- Software recognition is often poor in most inventory solutions. This populates the asset repository and/or CMDB with a lot of noise that offers no value to ITSM or other IT functions.
- Limited understanding of how software is installed. For example, an application that is installed stand-alone will be licensed differently than if it were licensed as part of a suite (e.g. Adobe Photoshop vs. Adobe Creative Cloud).
- Limited usage tracking. Knowing if a software application has been deployed is one thing, but understanding if it is actually being used, provides value that helps the decision-making process around cost-saving initiatives such as license reharvesting.
Populating an asset repository or CMDB with dirty data creates more problems than it solves. According to a 2020 Gartner study, 99% of organizations using CMDB tooling that does not confront configuration item data quality gaps will experience visible business disruption. The same study implies that nearly 1/3 of CMDB challenges stem from data completeness or quality concerns.
It’s a matter of trust
The concept of the CMDB is that it should be a single source of truth that is accessed by multiple systems and functions to power effective processes and decision-making across IT and business functions.
However, when CMDB data is bad or dirty, trust in the accuracy and value of the CMDB is quickly eroded, often leading to the failures described above. Unfortunately, once SAM or ITSM provides dirty data to another department or senior management, it is hard for the recipient to trust future data. Even if the data quality is improved, it will still be received with skepticism and perceived as untrustworthy.
Inconsistencies with CMDB data will result in stakeholders not wanting to use the data. It can also lead to your team manually making adjustments, and in turn, creating more data issues from human error.
Having unreliable data can end up costing the organization a lot more time and money than necessary, often requiring managed services or specialized consultants to own and deliver the desired value. Organizations often inefficiently consume resources to improve the quality of the data, instead of trying to find the root cause.
Improving the quality of your data
As a rule of thumb, a common target we see for CMDB and asset repository accuracy is 97%. It is generally accepted that 100% accuracy is near-impossible at any one moment. By having just a 3% margin of error, any inaccurate data will be identified and rectified within a reasonable timeframe with a more realistic risk/reward balance for the organization.
A good place to start when looking to improve the quality and value of the data in the CMDB is to put in place best-of-breed technologies to populate the desired data. Using the example above, in the case of IT assets, this means implementing:
- An inventory solution or suite using a powerful agent and agentless discovery to identify all IT assets in your environment, includingdesktop and server, and also mobile, cloud, virtual devices and SaaS. In the hardware asset management realm, you might also include network devices such as printers, switches, and routers and even IP telephones.
- A software recognition service to accurately identify all commercial software in use across key platforms, such as iOS, Windows, UNIX and Linux. The software recognition engine should be clever enough to automatically group bundled software and suites where appropriate, as well as identifying upgrade and downgrade rights associated with particular licensing schemes.
- Full software usage tracking. Did you know that the average desktop is home to around $300 USD of unused software? Only by tracking the actual use of applications can you implement effective software reharvesting initiatives. Software application usage also provides light to the types of programs employees are using whether at home or in the office. Occasionally, these programs may pose a security risk to an IT environment whether the risk stems from having known vulnerabilities or exposing PII data to other unauthorized systems or users.
- Full “normalization” of data.Whether using one inventory solution or several, it is increasingly important that raw audit data is cleansed and normalized before it is used to populate the CMDB or asset repository. This is critical to avoiding dirty data and ensures that all software is reported in a consistent manner to be managed and assigned more effectively. By having a structured “parent-kid” type hierarchy for software, normalization speeds up the process for the IT help desk to troubleshoot software issues. This hierarchy lets you zoom into specific software versions or stay at the macro-publisher level to diagnose potential problems, like whether the issue is related to a specific release/update or a platform issue.
- Integrations that enhance other systems. By having a clean CMDB, IT technicians can be confident that when they tap into other systems to perform related workflows that the data is good to act on. For example, in the case of reharvesting software, you may rely on the ITSM (i.e. ServiceNow or BMC) or another automation engine (like Snow’s Productivity Optimizer) to trigger a workflow that automatically shuts off access to a license or automatically reassigns a license, etc. Another need may be for a BI team that sits in IT operations to evaluate future technologies that have interdependencies with some of the existing software or replace existing tools. In this situation, the analyst may extract license utilization data to estimate the impact on productivity or capability gaps, etc.
SAM data integration
If all of the requirements outlined above sound familiar, that’s because they are the same requirements that are fundamental to effective software asset management. SAM solutions create and consume this clean multi-platform inventory information every day. But, they can also make that same high-quality inventory data available to third-party systems such as service desks and CMDBs.
Reliable data = improved efficiency
The service desk relies heavily on having accurate data. IT service managers are customer (employee) facing. The organization relies on them having all the information required for users and associated devices. If the IT help desk uses inaccurate data to support end-users, then the following action they take may be ineffective. Having reliable data within your CMDB, SAM and service management solutions will have a positive impact on your organization that keeps the productivity of the business intact. Remember that IT operations’ core function is to enable organizational productivity that in turn serves the end customer. If a marketing technology goes down, then marketing can’t reach new customers; if sales can’t access their CRM, then they can’t work on opportunities; if finance can’t access reporting, then the company is flying blind.
When the IT service desk is called to act, there is an impact on someone’s productivity. That’s why mean time to repair (MTTR) is a metric that the IT organization tries to keep as low as possible. Having a clean CMDB directly ties to that objective; as well as the other side of the coin of maximizing service availability.
Thanks to reliable data, the service management function can provide an intelligent service to end-users, improving a user’s experience and resolving issues are in an effective and timely manner.
Adding value
Having a proactive relationship between your service management solution and your SAM tool puts you in a prime position to add real value to the organization and align to the CIO’s top transformation goals. With everyone in IT/Infosec’s duty to maintain a secure IT environment, it’s important that the sources of data the organization uses to gain visibility are accurate and trustworthy.
By using SAM-ready data to populate the CMDB, IT operations reduce the chances of “dirty data” and at the same time extract the value of the CMDB as a single source of truth. Consistent, reliable data moving forward will help banish inconsistencies and prove to other areas of the business that SAM data is king.
Snow ITSM Enhancer can fuel your CMDB with accurate discovery, inventory and data normalization across more than 700,000 software titles. See how you can put that data into action by integrating it with your ITSM platform, including ServiceNow, BMC, Cherwell, Topdesk and others.