Configuration management or in English configuration management (CM) is a process for the production and maintenance of a uniform product.
This means that all necessary information about the infrastructure or services is documented, necessary changes and adjustments are made and the information is regularly checked to ensure it is up-to-date.
In addition, it should be reproducible in the end. According to ITILv3, CM is part of the Service Transition Module. In combination with Service Asset Management, they form the Service Asset and Configuration Management (ITIL SACM) process.
A standardization of any configuration and of course the associated documentation - am best software Supported – in a configuration management database, CMDB for short, makes troubleshooting and problem solving easier. It also ensures that the security level is the same for all systems.
When a new product is introduced into the IT landscape, the time should be taken to harden the product as much as possible and to record all necessary steps in the CMDB.
This can then be used as a template for all the same products and you do not create additional errors or gaps due to non-uniform configuration.
Of course, if a system has a vulnerability, all sister systems have it, but you can also fix them all at once and not have unexpected problems with individual systems. The changes to the product are carried out and documented by change management, so that it is also possible to completely trace how long the desired behavior has changed.
Another advantage is that you create a reference configuration (English baseline) and have a defined status on which the entire system works together without problems. So if there are problems after changes, you always have a documented baseline to go back to. The reference configuration should be thoroughly checked or audited so that it really is a reference configuration.
Because it is standardized, you can create key performance indicators (KPI) and get better monitoring results. Unusual behavior of individual systems is noticed more quickly and supports the incident response process.
CM is essential for creating a unified system as a supporting process. Because it is unified, you can create KPIs to monitor and measure.
Since measurement results are at least similar, if not the same, anomalies are noticed better and faster and you can react to them more efficiently.
So what initially seems time-consuming is in retrospect a time saver and an opportunity to improve the security level in the long term.
