No CMDB – Problem or Opportunity?

Do you have no CMDB and does this represent a problem or opportunity for you?

For those not familiar with the term, CMDB stands for Configuration Management DataBase. Traditionally, such a database contains relevant information about the IT infrastructure, IT services, and the relationships between the two.

Increasingly, CMDB  encompasses the relationships - and digital services - external to the enterprise.

Such digital services as containers, APIs, virtual services, third-party service providers, Cloud services, managed services, and supply-chain services are but some of the external digital services the enterprise increasingly relies on for operations.

So what is the relevance of a CMDB?

Let's find out.

Comprehensive CMDB

Do you have a configuration management database (CMDB) that is up-to-date and that contains security relevant information about all IT assets your enterprise and its providers use for end-to-end business processes?

  • You're not alone if you say no: fewer than 1-in-10 enterprises have a comprehensive CMDB containing an up-to-date list of hardware and software service configuration data across their hybrid business / workloads.
Critical Purpose CMDB

What about an up-to-date CMDB for security for just the most internal critical business processes?

  • If you answer no to this, you'll be in good company with about another 1-in-10 organizations
Logging CMDB

What about security log files that feed a SIEM that have to be programmed - typically using scripts - so that security logs can be written to local files and ingested / exported to be used with security incident and event management systems?

  • Aha, If you said yes then you're in good company with slightly more than 5-in-10 other enterprises doing this.

The fact is that fewer than 2-in-10 have a security relevant CMDB, and fewer than 4-in-10 have any type of CMDB deployed, much less one used for security.

Security relevant CMDB

Which raises the interesting question: Is a CMDB really necessary to improve outcomes for security (i.e., you avoid calls from the FBI and can stop job-hunting every few years to avoid being smeared by a data breach on your watch)?

Some people would have you believe having a CMDB is critical: well at least the folks making money from all that storage would argue it's critical.

But seriously, if the incidence rate has been this low - and has been historically - then why start now?

Well, one important reason might be that knowing exactly what the configuration is, and what the configuration drift looks like, is a good predictor of a pending data breach, of pending unplanned downtime impacting the business, and impending problems for upcoming audits.

Other reasons cited may be more important. For example, knowing the exact configurations details makes it far easier to respond after lateral cyber-attack movements have been detected. And similarly, having these details makes it much easier for SecOps to initiate and recover services and data.

Future State CMDB - Data Lakes

Others say the CMBD of the future will not look anything like the CMDB of the past because the future-state CMDB will contain lots of data pooled in unstructured data lakes and contain data from across the Internet, from your enterprise, and from many other databases.

And, this CMDB will not be focused on configuration data as much as it will be on event-flow data, and as this relates to permeable and semi-permeable configuration data using engines incorporating modern neural network machine learning.

So, maybe holding off on building, integrating and deploying legacy-perimeter focused CMDB might be a good thing, if you have active plans to take advantage of the new cognitive CMDBs.

The only glitch in all of this is you will still need to know where to target activity, isolation, prevention response and recovery, but this is likely to involve CMBD-Lite, rather than today's CMDB-Heavy.

Get ready for changes in what you are specifying and what you'll be using. Much of this will be delivered via "security as a service", which will add wrinkles but will act to speed up the process of improving outcomes.

Related Research

Is SIEM Dead or ir SIEM being Transformed?

Overcoming the Snowflake-Fffect for Cyber and Compliance

Digital Business, Transformation and Automation

Configuration Management Database - ServiceNow

 

 

Featured Research

2018 Cyber Security Spend Report

The 2018 Cyber Security Spend Report focuses on global spend today through the coming five years. Did you know that global spend on cyber security is: More than $103 billion today Will exceed $130 billion by or before 2022 Today’s top two spend categories account for almost 50 percent of spend by enterprises today. The

Innovative Digital Business Models

Is your company making money using some of the innovative digital business models of the future, today? If not, it is important to understand what some of the new digital business models are, what they are best used for, who should consider using them, why they are important, and when they should be used. Not