Value of configuration management

How Much Configuration Management Is Enough?

If configuration management is about capturing, maintaining, and using information about your assets, then every organization has some degree of that, and therefore some degree of configuration management. Surely just about everyone knows where most of their servers are, who’s on their team, what cell phones they support (and which ones they don’t), and what software they’ve paid for. Tick off those boxes and you can legitimately claim you have some configuration management and that it delivers you some value.

At the other end of the spectrum, who really does ”text-book perfect” ITIL configuration management? You know, that fantasyland they talk about on the training courses where not only do you know about every asset that each service depends upon and how they interact with each other, but you also keep them all perfectly up-to-date in real time. Okay, maybe someone does, but I have to wonder what it must cost them, and if it is money well spent?

Everyone has got some configuration management; its usefulness is answered by questions along the lines of:

  • How much configuration management do you have?
  • How much does your configuration management cost and how valuable is it to you?

Or even better:

  • Have you got the right balance of detail, complexity, and cost?

Getting the Balance of Cost and Value

Configuration management is like most every other expensive and complicated thing we choose to spend our IT money on. We need to balance how much we spend with how much value we are going to get from it.

We see that quickly and clearly enough with our own personal and expensive purchases, things like houses or cars. So, let’s look at that and see if we can apply the same logic to configuration management.

When you set out to choose a car, the size of the car and its features will depend on what you plan to use that car for. You need to answer questions like:

  • How many seats or doors?
  • How powerful an engine?
  • 2 or 4 wheel drive?

To answer those, they require other questions to be answered first, questions like:

  • What is the usual and maximum number of people you plan to transport?
  • How far and fast will you be going?
  • Do you plan to tow things with it?
  • To what locations would you be driving?

When you have those basic needs addressed, then you consider things you’d like to have, and balance how useful they’d be versus what they’d cost, how much money you have and, crucially, what else you could potentially do with that money.

As with Cars, so with Configuration Management

The costs and value delivered by a car are pretty clear. Applying this principle to configuration management is a bit harder. The idea probably applies to every process or product associated with IT service management (ITSM) but it’s especially relevant when thinking about configuration management.

That’s because configuration management doesn’t deliver anything much in terms of direct value, instead the business value for configuration management has to be cascaded down from the value delivered by more direct processes. Change, incident, problem, continuity, availability are the obvious ones, and we can see how those processes support the business through things like faster change, less disruptions, and so on. In turn, configuration management facilitates those processes. In fact, configuration can help just about every process be better including some you might not immediately associate with ITSM, like procurement and even HR. Actually, this is the character point of configuration management: that it ties all the others together and makes the other processes work more effectively.

Justify the Spend

For the car, if it’s your money being spent on your car, you may not have to justify what you spend to anyone else. But for configuration management, you almost certainly will be spending someone else’s money and that means a business case and quantified justification in terms of value delivered against costs incurred.

To understand what degree of configuration management we should implement, retain, and maintain, we need to be sure we can measure our performance at those processes that configuration management supports, and especially identify and measure those aspects we can attribute, in part at least, to configuration support.

This kind of indirect measurement is always going to be more:

  • Subjective – there is an inherent element of interpretation and presumption by people in deducing the amount of influence configuration management has.
  • Vague – due to the allocation of measurements to the underpinning cause, secondary measures are usually held to be less accurate. While configuration management will undoubtedly help other processes improve, so will a range of other things. And some other things may make the higher level processes worse, despite the benefits that configuration management brings.
  • Open to questioning by anyone who might not want configuration management to be seen as worth spending money on. (Often this is someone who would rather see the funds spent on their pet project instead.)

But Measure We Must

None of that means we shouldn’t try and measure configuration management though. And the measurement needs to be in terms of the value it brings, even though that will be an indirect value.

Measuring your configuration management processes only against the guidance laid down by COBIT, ITIL, IEEE or anyone else, only tells you if you’re doing what someone who has never seen your organization write down before. It doesn’t tell you how much value you’re getting back from your spend on configuration.

So you need to see configuration management as the complex tool it is. It isn’t something you do or don’t do. We all do it to some degree. In order to do it to the right degree we need to know:

  • What value it could deliver for us.
  • What investment and complexity of implementation would best deliver that value.
  • How we’ll measure that value, in terms of improvement to the processes supported.
  • What it’ll cost to implement and maintain that level of configuration complexity.

And then, we have to keep measuring and adapting the level of our configuration management to our ever-changing circumstances.

In case you’re not completely familiar with the basics of configuration management, I must recommend you read the blog How to Do Configuration Management that my friend Rebecca Beach wrote. 

Posted by Joe the IT Guy

Joe the IT Guy
Joe the IT Guy

Native New Yorker. Loves everything IT-related (and hugs). Passionate blogger and Twitter addict. Oh...and resident IT Guy at SysAid Technologies (almost forgot the day job!).

7 thoughts on “How Much Configuration Management Is Enough?”

  1. Avatar sielerod

    Could someone share some practical KPIS for configuration management and what are the benchmark numbers for those?


    1. Avatar Joe The IT Guy

      There are a few examples around the web giving what I would call the conventional approach to configuration management KPIs. Here are a couple (the first is on the ISACA site so has process and auditing credibility):

      But … to reinforce the point I was trying to make in the blog, these are mostly about how you are doing configuration management, the number of errors in your data, etc. There is some indication of measuring how much effort – and therefore money – this all costs you. The ISACA list for example suggests measuring ‘Effort for CMS Verifications’ but that’s all. Nothing much there that looks to how much value you get form that effort. And when it gets close (the itilnews site offers us ‘% of incidents not solved in-time due to inaccurate configuration data’), it goes all pessimistic. Why not measure how many times CMS data DID help you solve issues and, even better, prevent damage?

      So … use these KPIS to measure what you are doing, but then use them as input – along with incident and change cost and benefit measurement, to point up the value your CMS delivers.


      1. Avatar sielerod

        I agree 100%, but even when we talk about basic effort measurement I still can’t find numbers in practice, how is other companies performing when we talk about CMDB? what would be the market benchmarking?

      2. Avatar Ivor Macfarlane

        Hi, Can I throw my twopenn’orth in here? I’ve seen a few initiatives over the years to come up with baselines and industry norms, but they never really seem to fly very well. Especially so in configuration management. So many variables and differences it is so hard to set anything like a norm. I’ve seen organisations doing things that weren’t valuable because they tried to match perceived norms. I tried to write about this more generically a couple of years back – here

        What you can do is measure what you are doing now, and then remeasure in three months and see if you are moving in the right direction. That’s probably more relevant to many organizations than matching the numbers that others have got – or claimed to get, there’s a whole other issue about honesty here too. 🙂

      3. Avatar sielerod

        Thanks! For sure I am doing already some measures only considering the company I am in.
        However there are always questions on what else can be done? How good is our CMDB if we look at the market? Are we already in a good position or too far away?

  2. Avatar Steve Lawless

    HI Joe, i’d agree that Configuration Management has no benefits in its own right, its the benefit it adds to other processes like Change Management and Problem Management to allow IT staff to do impact assessment. On my courses I talk about Configuration Management being like the foundations of a house, they support the structure and are normally hidden from sight. It’s becoming increasingly important for security and to avoid software licence fines to know what you have, what its used for and who has access to it.

    Our introductory course gives a good overview of what you really need to manage and report on.


Leave a Reply

Your email address will not be published.