Internet of Things Exposes Blind Spot: Configuration Management

Trying to stitch together a configuration-management plan after your company experiences an explosion of the Internet of Things (IoT) is a fool’s errand. Without solid configuration management already in place, coordination among devices and the relationships they have with other parts of the company will be a massive blind spot.

The fallout: Operations are put in jeopardy, and companies risk falling out of compliance.

“Industrial Internet of Things will expose companies that aren’t doing configuration management in a structured methodology,” says Mike Alley, service management principal at Logicalis US, a managed services provider. “You will see this huge spike of devices that are impacting services and have multiple relationships with various processes. If you can’t keep up with that, you can’t make evaluations of risk.”

Mike Alley

Mike Alley

From a business standpoint, configuration management helps companies understand the relationships between devices and their impact on the business. For example, configuration management can answer this kind of question: If you upgrade a particular server that’s tied to the shipping service, will you not be able to ship product for the next two hours?

Technically, configuration management is one of the top ITIL processes that tracks and manages each configuration item within the organization for the lifetime of the item, Alley says. A configuration item can be anything in the IT infrastructure, such as servers, network routers, IT services, policies and IoT devices. A good configuration-management system continuously gathers data about the items and updates their status to the configuration-management database.

The change and configuration market will grow from slightly more than $1.2 billion in 2016 to more than $2 billion in 2021, according to a MarketsandMarkets study last year. Small-to-midsize companies, a channel sweet spot, are expected to have the highest growth rate in the forecast period.

In the past, configuration management was hard to do because of the various tool sets on the market. It’s easier today thanks to configuration management and the accompanying database being built into a lot of the tools and platforms in the service-management space. IT departments don’t have to design the data layouts and models themselves anymore.

Nevertheless, many companies today still rely on Excel spreadsheets for configuration management. This, of course, won’t be able to handle the flood of IoT devices coming online and playing a key role in the way a business operates.

A manufacturer, for instance, might soon have IoT-enabled equipment throughout its factory floor — everything from weight scales to robotics. It’s also a good bet that this manufacturer is in a competitive, low-margin business. It’s critical for the line-of-business (LOB) executive to know how these IoT devices relate to other parts of the company, in order to limit outages.

“This is what you get when you begin to understand the meta data around a process, when you begin to capture what’s really happening within a workflow,” says Rich Karpinski, research director at 451 Research. “You see where the connections are and where the potential disconnections are. It speaks to the value of data around processes.”

Make no mistake, industrial IoT devices are coming by the hundreds – perhaps thousands – to companies in manufacturing, transportation, health care and other major industries. Gartner predicts businesses will employ 7.5 billion connected things by 2020.

When IoT meets poor configuration management, the red flag is often a compliance problem.

“We’re finding customers that are having to address compliance issues whose root cause was a gap in their configuration-management strategy,” Alley says.

Compliance problems should set off alarms for LOBs, many of whom make technology buying decisions. LOBs might not understand configuration management technology, but they care about the damage huge noncompliance fines and unplanned production stoppages can wreak on the business.

“The risk ties to the bottom line and directly impacts their ability to do business,” Alley says. “The risk is too great, and they’ll demand their IT organization remove this risk.”