Jira Service Management for financial services
Understanding the configuration management database (CMDB) for regulated industries
Co-authored by Atlassian solution experts and leading Atlassian solution partner: Adaptavist
Nimaworks, part of the Adaptavist Group, has a strong track record of successful engagements in the financial sector and has consistently delivered tailored CMDB solutions that meet the unique requirements of financial services organizations. By leveraging Jira Service Management best practices and their own in-depth knowledge of financial systems, Nimaworks has empowered banks and financial institutions to effectively manage their complex IT infrastructures, ensure regulatory compliance, streamline change management processes, and enhance operational efficiency.
About this guide
In this guide, experts from Nimaworks detail the importance of a configuration management database (CMDB) for financial institutions. They also explore best practices for CMDB design, implementation, and maintenance. We recommend using this guide in conjunction with Atlassian’s IT asset and service configuration management handbook.
What is a CMDB?
A CMDB acts as a central repository that holds comprehensive information about an organization's technology assets, such as hardware, software, and networks. A CMDB also holds information about employees, suppliers, other data models, interdependencies between them, and the services provided within the organization.
CMDB for financial services
A CMDB plays a crucial role in the operations of financial institutions because it manages and maintains vast and complex IT landscapes. Data security, compliance, and operational efficiency are important, especially for financial institutions like central banks, financial regulators, and monetary authorities. By leveraging a CMDB, financial institutions can enhance security, streamline operations, ensure regulatory compliance, and ultimately provide reliable and efficient services to their customers in a highly competitive and rapidly evolving industry. Therefore, keeping the CMDB relevant and well-maintained is crucial.
CMDB challenges financial institutions face
All companies that provide critical services or operate in highly regulated environments face challenges when it comes to implementing and maintaining a CMDB. Companies offering financial services in particular are subject to extensive legal and regulatory frameworks imposed by governmental bodies. This is because they manage various types of risks, rely heavily on customer trust, and leverage advanced software systems, digital platforms, and security measures to facilitate transactions, automate processes, and ensure data protection. CMDB challenges include:
- Complexity of IT infrastructure: Financial institutions typically have complex and diverse IT infrastructures.
- Data accuracy and completeness: Financial institutions often deal with frequent changes, system upgrades, and new deployments, making it difficult to maintain an up-to-date and accurate CMDB.
- Integration and data synchronization: Financial institutions may use various IT management tools and systems that need to be integrated with the CMDB. Achieving seamless integration and ensuring data synchronization between these systems can be complex.
- Configuration item identification: Configuration items (CIs) include any component of an IT environment meant to be under the CMDB's control, including physical locations, employees, software and applications, hardware, and more. Identifying and categorizing CIs within the CMDB, especially in a dynamic financial environment, can prove challenging. Determining the appropriate level of granularity for CIs and establishing consistent naming conventions across different systems and teams is crucial, but complicated.
- Governance and change management: Implementing effective governance and change management processes around the CMDB is crucial but can be complex. Financial institutions need to establish clear roles, responsibilities, and approval workflows for making changes to the CMDB. Ensuring proper documentation, change tracking, and maintaining an audit trail is critical to avoiding unauthorized or undocumented modifications.
- Organizational culture and resistance to change: Implementing a CMDB requires a cultural shift and organizational buy-in. Some employees may resist changes, view them as a burden, or be reluctant to adopt new processes and tools.
Addressing these challenges requires a thoughtful strategy, strong leadership support, effective communication, and a commitment to the ongoing maintenance and improvement of the CMDB. Below we'll explore how financial institutions can address and overcome these challenges and leverage a CMDB that enhances operational efficiency, compliance, and overall IT service delivery.
Addressing CMDB challenges
To address CMDB requirements, you can leverage Atlassian Assets, Jira Service Management’s native solution, which provides a flexible, yet robust, platform for building and managing the CMDB. Assets offers a flexible way to track and manage assets and CIs and link them to service requests, incidents, problems, changes, and workloads.
The following best practices will help you ensure data accuracy, consistency, scalability, integration, compliance, and efficient change management as you build and maintain your CMDB.
Best practices
- Configuration item (CI) identification: First, identify the CIs you want to include in the CMDB, including hardware, software, networks, and their relationships and dependencies. You don’t want to just import everything into your CMDB. It's better to identify the right level of information. You can start by interviewing stakeholders to understand what's important for the organization and assess the level of complexity. Remember to include stakeholders from various divisions, not just IT. Typically, we recommend interviewing the incident management team, infrastructure team, application owners, and business service owners. The infrastructure team can also provide files of assets scanned by monitoring tools as these types of tools are commonly used in complex environments. The Solution Delivery guide offers more information on stakeholders and running discovery.
- CMDB structure and attributes: Ensure the structure and attributes of CIs to be maintained align with the specific needs of your financial organization. This ensures accurate and relevant data capture, including CI details, attributes, ownership, and compliance-related information. Utilizing the Assets open structure means that you can enhance your schema with compliance information, such as frameworks compliance, including data protection frameworks like the Pay Card Industry Data Security Standard (PCI DSS) or the General Data Protection Regulation (GDPR) in Europe, certificates information, and more, or even better, create separate schemas and use Asset’s schema inter-dependency features. Below is an example of how this can look:
- Integration with IT tools and systems: Assets include Assets Discovery, a network-scanning tool that detects and extracts information about hardware and software found on your local network. This data can then be imported into Jira Service Management Assets. By integrating with existing tools that financial institutions typically use, such as monitoring systems and SaaS management tools, you can ensure data synchronization and automatic population of the CMDB, ensuring consistency across different data structures. Your CMDB will be the single point of truth that aggregates all information from day-to-day use and other timely events such as compliance or audit checks.
- Change management and CMDB maintenance: We recommend configuring change management workflows within Jira Service Management to facilitate streamlined and controlled change processes on the CMDB, providing the freedom required by stakeholders to update the relevant data to their role CIs. This includes establishing approval processes, automatic change documentation, and impact assessment to minimize risks and ensure compliance with regulatory requirements. Using automation, you can synchronize Assets fields (objects, attributes and more) with Jira Service Management custom fields. For example, you can restrict Assets access only to the CMDB administrator and maintain users who can actually update objects on object level. Then, you can build your CMDB change management request types, recertification processes that can be triggered automatically, and new CI requests. Here is an example of a workflow:
- Training and support: Design a comprehensive training plan and deliver it to your financial institution's teams to ensure a smooth transition and effective adoption of the CMDB solution. Identify the roles and responsibilities of stakeholders involved in CMDB management and usage, such as administrators, data contributors, and end-users. Provide ongoing support and maintenance to address any technical issues, updates, or enhancements required. All of this can be captured within Confluence, giving full visibility to the users within the organization.
Solution diagram
The solution diagram shows the main CMDB objects and the maintenance or recertification capabilities of the solution. These can be designed based on the compliance needs of each organization and can include any or all of the following steps. Here is an example of a typical flow:
- Request an asset update through the IT portal.
- Requestor can review the asset attributes and references and propose changes.
- Approver reviews and accepts or rejects.
- Asset gets automatically updated without any user editing the actual object through Assets.
All of the above steps are automatically logged on the Jira Service Management ticket and on the Asset object history.
Considerations: ephemeral resources
Many organizations, including financial services organizations, now rely on cloud computing and therefore require ephemeral resources, which don’t necessarily need tracking in the CMDB. Ephemeral resources are temporary resources that are required for testing purposes, for example containers or virtual machines. Therefore tracking them in a CMDB could prove complicated. This is of course very organization-dependent. However, in such cases, we recommend tracking the configuration templates in the CMDB rather than the actual resource. These templates could cover your security and compliance requirements, and users engaging with these resources would not put the organization at risk. Find more details at Building a cloud CMDB on AWS for consistent resource configuration in hybrid environments.
The CMDB holds significant importance in the financial services industry. It serves as a central repository of critical information about the IT infrastructure and services provided and enables accurate tracking, compliance management, change control, incident resolution, and informed decision-making. However, the value of the CMDB lies not only in its initial implementation, but also in its ongoing maintenance. Regular updates, data validation, and adherence to best practices are essential for preserving the CMDB's accuracy, relevance, and reliability. Continuous CMDB maintenance ensures that financial institutions can effectively manage risks, comply with regulations, optimize operations, and deliver seamless and secure services in an ever-evolving industry.
Additional tips and tricks
There may be some requirements with Asset Discovery that require complex integrations within your organization. For such requirements, there are apps available in the Atlassian marketplace, such as Device42.
Was this content helpful?
Connect, share, or get additional help
Atlassian Community