Originally posted on 12/7/11
If you recall, a few weeks ago things really started to heat up in IT, literally. With two reports of iPhones glowing red hot and then catching fire, it might just give HP a bit of time to fully address what they now say are exaggerated reports that hackers could take control of your printer and cause it to catch fire – all from a remote location. There is a larger lesson here though, and it really goes out to IT organizations, and how they keep track of their hardware. Understanding exactly what type of hardware is on, as well as coming and going from, your network is an essential part of IT Service Management.
Strangely, IT organizations understand this risk pretty well, as you’d be hard-pressed to find anyone in disagreement that understanding what devices are on their network is a top concern. However, what is commonly seen as a pressing issue hampering many teams from attaining a solid, best-practices approach to ITSM, is the lack of a true CMDB.
For the uninitiated, a CMDB should be used to give you an overall picture of devices, connectivity, and dependency within your network. A true, modern solution will allow you to identify device hardware and software, as well as store pertinent information such as purchase and provision dates, as well as who “owns” the hardware. It’s very likely if you don’t have a CMDB, your organization has made an attempt or perhaps dedicates resource to record and monitor this information manually.
Unfortunately, a manual process, though a noble gesture it may be, can be even worse than having no solution at all. Quite often maintained on paper, or in Excel, this pseudo databases often give false hope that accurate information is recorded. This is completely understandable since maintaining data this way is often time consuming and easily ignored. Eventually this solution falls short when the information is needed most, and any attempt at a true solution is abandoned, or not even attempted.
These experiences ultimately lead to what you will see as a proclamation that a CMDB isn’t worth the effort. We tend to disagree, but also understand that there is a line a team must walk in determining what level of detail should be captured. As with any project, the key is finding the right balance for your organization.
The alternative of course is to do nothing. Though, eventually this philosophy has a cost as well - typically in down time due to malicious software that made its way on to the network through a hardware or software security defect – sadly, not an uncommon, or worst case scenario
The real advice here is to take assessment of how your organization monitors hardware on your network. While printers burning down your office building, may be a James Bond-type scenario. It’s more likely a laptop running a very old version of windows, which has not been updated, may just be the perfect entry point into your network. A CMDB solution such as ChangeGear (CMDB Edition) could identify this, and alert the right your team to take action – something no pen and paper solution could ever do.