|
Change and Configuration Management (CCM) tools and processes have become rather commonplace in today's business community as an effective way to gain control of dynamic IT environments. However, traditional change management and configuration management tools do not comprehensively address all aspects of the vast configuration details inherent in complex IT infrastructures. Changes can be instigated from a variety of sources, and each tool is restricted to only understating its particular discipline. Failure to identify critical changes can result in security breaches, inefficient IT performance, loss of productivity and unexpected downtime. Worse, remediation of a failure is significantly delayed if IT operations do not have the detailed forensics data to quickly identify the cause of the problem and promptly determine a path to resolution.
As businesses have instituted internal, industry, and government mandated regulatory compliance, the need for audit data to prove conformity has also become a necessity. Configuration audit and control provides a single, independent source for enforcing and reporting on a change policy across an organization.
Configuration Audit and Control Overview
What is Configuration Audit and Control?
In short, configuration audit and control is the process of establishing that infrastructure components are maintained in a known and trusted state. This is done by ensuring all changes are detected and analyzed to verify the change was authorized and the updated system still complies with organizational and regulatory standards.
The Value of Configuration Audit and Control
Defining IT configurations and identifying a process for change is insufficient for maintaining control of today's dynamic environments that are affected by interaction from a variety of sources. Patches are automatically installed, application upgrades occur, and users manually alter established system settings outside the bounds of a predetermined IT policy. IT managers need to be certain their environments simultaneously maintain operational efficiency and conform to accepted compliance standards. Unfortunately, today's IT service stacks are too complex to manage by purely manual methods, and so a gap has been created between Change and Configuration Management requirements and IT operation's ability to meet those needs.
Configuration Audit and Control fills this gap in IT enterprise management by providing the tools necessary to collect accurate configuration data, monitor change in real time, promptly remediate problems, and ensure a stable and productive IT service stack.
A Component of Change and Configuration Management
The comprehensive process of ensuring appropriate configurations and managing change of all components of an entire IT Infrastructure is today broadly referred to as Change and Configuration Management (CCM). Although there is significant cross-over in functionality between the components that comprise CCM, there are really three distinct disciplines:
Configuration Management ? the process for making changes to the IT infrastructure. This includes deployment of new releases, patches, configuration updates, etc.
Change Management ? the workflow/approval process for managing changes. This is commonly performed with a change ticketing system that provides a strict process for scheduling, identifying resources and tracking management approval for an intended change to an IT infrastructure component.
Configuration Audit and Control ? the function that independently ensures changes are consistent with both the organization's change and configuration policies.
Benefits of Implementing a Configuration and Audit Control Solution
At a high level, configuration audit and control provides the following benefits:
Mitigates risk by ensuring environment stability and preventing unexpected threats
Lowers costs by improving IT productivity and reducing operational support resource utilization
Reduces outages by proactively identifying potential problems before they occur
Speeds recovery by providing detailed information on improper configurations and change-related problems for prompt remediation
Reduces unplanned work by enforcing and controlling pre-established processes for change
Accelerates adoption and value of CMDB implementations by providing comprehensive information for an accurate overview of the status of the IT infrastructure
10 Key Elements of a Configuration and Audit Control Solution
To fully realize the benefits of Configuration Audit and Control, there are a number of elements to be considered in order to effectively evaluate potential solutions. These criteria have been broken down into 10 primary areas. Each element provides an important capability of a Configuration Audit and Control solution, and implementation should be weighted based on the organizational requirements and process maturity of each business unit being supported.
|
