ITIL 4 and Cloud: The Service Configuration Management Practice

The ITIL 4 service configuration management practice

Here’s how the ITIL 4 Foundation Edition book describes the purpose of the service configuration management practice, “…to ensure that accurate and reliable information about the configuration of services, and the configuration items (CIs that support them, is available when and where it is needed. This includes information on how CIs are configured and the relationships between them.”

The core purpose of service configuration management is to understand the relationship between CIs – and this is not done by people drawing architectures in documents. Instead, it’s done by software, creating visual graphs of configured systems for human and computer interpretation. For the computer, these graphs help ensure that unexpected connections don’t occur, and alerts are raised when expected ones do not. Tracking configurations also allow a measure of entropy to be highlighted in terms of configuration drift, and automation systems can remediate such drifting configurations.

A key part of service configuration management is the configuration management database (CMDB) – something that is often a target of jokes such as “How many CMDBs do you have?” as a criticism that an organization doesn’t have a single source of truth; therefore, their configuration management is sub-optimal. However, this is an outmoded criticism in the era of APIs and integrated systems where it’s easier to build a just-in-time CMDB from live configurations rather than relying on multiple, aged, manually updated databases.

How service configuration management works in the cloud

The first aspect to understand about a cloud service is that it isn’t “one thing.” Instead, it’s a collection of discrete, decoupled cloud services with an API/UI in the front of it such as AWS EC2, S3, and SQS.

It’s possible to query the cloud service via an API, SDK, or UI to find out and change its configuration. Equally, higher-order cloud systems compose these into a value stream or application that offers another configuration superset. This is great if you’re a super-technical cloud expert.

To make all this simpler for mere mortals, the best cloud service providers offer “helper” cloud services making it easy to implement changes to cloud configurations, to track them, and to remediate them. They want to help you apply consistent, well-documented, and resilient configurations in an automated manner.

For example, AWS Config is a powerful cloud service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.

Cloud dos and don’ts for service configuration management

The following dos and don’ts are general guidelines for great service configuration management in the cloud:


  • Use a cloud-native managed configuration service like AWS Config.
  • Integrate cloud configuration management with your corporate ITSM tool IF really needed.
  • Use the automated configuration monitoring and remediation to enforce policies and reduce the practice burden.
  • Integrate configuration management automation to enforce security and compliance such as cost rules.
  • Make service configuration management hygiene everyone’s job. There’s no hiding in the cloud as all configurations are easily visible – so, tag CIs with individuals and teams, then name and shame those responsible for the poor service configuration management that causes outages and wastage.


  • Use a non-cloud-native ITSM configuration management tool with the cloud. You’ll waste time and money building a worse system than the cloud service provider probably offers for free.
  • Ignore configuration management in the cloud. The impact of not doing configuration management, or doing it badly, on a public cloud is not just wastage, but potential outages through configuration entropy and – worst of all – security breaches that make news reports and for Twitter trends.

The cloud does configuration management really well, with powerful and complete features that are often available for free or at a very low cost. The automated configuration management services from leading cloud service providers will fit well into any ITSM practitioner’s toolkit.