Configuration Management Database

Most CMDBs aren’t unused because CMDB is a bad idea — they’re unused because the data in them doesn’t match reality. Desqcon builds and repairs CMDBs so that when an incident bridge asks “what does this service actually depend on,” the answer on screen is the true answer, not last year’s approximation.

A CMDB is only as useful as the trust your teams put in it.

Why it’s back on the agenda

The CMDB is becoming the foundation everything else depends on

As IT estates get more distributed — cloud, on-prem, SaaS, containers, edge — the case for a single, trustworthy source of truth about what exists and how it connects has only gotten stronger, not weaker. Market analysts put the global CMDB and IT discovery software market at roughly $5.3 billion in 2025, projected to more than double to nearly $11.8 billion by 2031, growing faster than the IT service management market overall as AIOps, security, and now AI-agent platforms all depend on the same underlying configuration data.

CMDB & IT Discovery Software Market (USD Billions)$5.28B2025$5.98B2026$11.78B2031ESource: Mordor Intelligence, CMDB and IT Discovery Software Market Report, 2025 — CAGR 14.52% (2026-2031).

That growth is a vote of confidence in the concept of a CMDB — even as many individual organizations still struggle to make their own instance trustworthy.

The real cost of an untrustworthy CMDB

Unmanaged configuration items are a security problem, not just a data-quality one

You’ll find a widely repeated claim online that a fixed percentage of CMDB projects “fail,” usually attributed to Gartner. We looked for the primary source and couldn’t verify it — it appears to be an industry myth that has been recycled without citation for years, and we’re not going to repeat it here. What the available research does support, consistently, is that unmanaged and poorly-reconciled configuration items carry real security and operational risk:

Unmanaged Assets Are a Security Problem, Not Just a Bookkeeping OneOrgs where security incidents tracedto unmanaged assets67%Enterprise devices estimatedunmanaged / unaccounted50%Medium-high security risk fromunmanaged IoT/OT assets64%Source: Armis, State of Cybersecurity Report (secondary citation via industry analysis). Directional estimates.

Security researchers tracking unmanaged and IoT/OT assets have repeatedly found that a majority of security incidents at affected organizations trace back to devices or configuration items that weren’t properly tracked — meaning the CMDB’s job of maintaining accurate, current relationships between assets and services is directly tied to how quickly (and how safely) an organization can respond when something breaks or is attacked. A CMDB that’s 18 months stale isn’t a productivity inconvenience; it’s a blind spot during your next major incident.

What’s changing

Where AI, Generative AI, and Agentic AI are taking CMDB — and why data quality comes first

AI-assisted reconciliation and drift detection. Traditional CMDBs rely on scheduled discovery scans and manual reconciliation rules. AI models are increasingly used to detect configuration drift continuously, flag relationships that look statistically anomalous (a database server suddenly “owned” by a decommissioned application), and prioritize which discrepancies actually matter instead of surfacing every mismatch with equal urgency.

Generative AI as the CMDB’s front door. GenAI interfaces are starting to sit on top of CMDBs so that engineers can ask “what depends on this service?” in plain language during an incident, instead of writing CI relationship queries under pressure — collapsing the time between “something’s broken” and “here’s the blast radius.”

Agentic AI depends on CMDB data quality more than any other factor. Of everywhere agentic AI is being discussed in IT operations, CMDB is arguably the sharpest example of why data quality has to come first. An autonomous agent that decides which servers to patch, which services to fail over, or which configuration items are safe to decommission is only as safe as the configuration graph it’s reasoning over. Gartner’s June 2025 research found that over 40% of agentic AI projects are expected to be canceled by the end of 2027 — with unclear value and unresolved data and governance foundations cited as the leading causes, and only around 19% of organizations currently making what Gartner characterizes as significant investment rather than conservative, limited bets:

Why Data Quality Matters Before Going Agentic:Gartner's Agentic AI Project Outlook40%42%19%Projects Gartner expectsto be canceled by 2027Organizations making onlyconservative agentic AI betsOrganizations makingsignificant investmentSource: Gartner press release, June 25, 2025 ("Gartner Predicts Over 40% of Agentic AI Projects Will Be Canceled by End of 2027").

For CMDB specifically, the implication is direct: agentic automation built on top of stale, incomplete, or unreconciled configuration data will make confidently wrong decisions. Getting discovery coverage, reconciliation discipline, and CI relationship accuracy right isn’t a prerequisite that slows down the path to agentic ITSM — it is the path. Organizations that treat CMDB data quality as foundational infrastructure, rather than an afterthought, will be the ones able to safely hand configuration decisions to AI agents when the rest of the market is ready to.

How we help

Desqcon’s CMDB services

CMDB Transition & Transformation

Standing up a new CMDB, or replatforming/re-architecting one that’s drifted out of trust. We design the CI class model and relationship schema (aligned to CSDM where the platform is ServiceNow), the discovery approach, and the reconciliation workflow, then roll it out on a milestone-driven plan.

CMDB Consulting & Advisory

Vendor-neutral advisory for CMDBs that exist but aren’t trusted — fixing discovery coverage gaps, reconciliation identity rules, and CI relationship accuracy so the CMDB becomes a system teams actually check during an incident instead of working around.

CMDB Process & Tool Maturity Assessment

An AEIOU-based assessment of your configuration management process and tooling against ITIL 4 and CSDM good practice — discovery coverage, data accuracy, relationship completeness, and governance — with a prioritized roadmap.

Desqcon's Engagement Model1DiscoverClient-centricdiscovery2DesignDesign-thinkingformulation3AssessAEIOU-basedassessment4TransitionAgile, milestone-drivenrollout5SustainClient-owned processdesign

Every CMDB engagement runs through the same five stages: Discover the current state of your configuration data directly from the teams who rely on (or avoid) it; Design the target CI model and reconciliation process; Assess maturity against ITIL 4 and CSDM; Transition through an agile, milestone-driven rollout; and Sustain the practice with governance your own team owns.

Tools we work with

Platform-neutral, tool-fluent

We’re not tied to a single platform. CMDB engagements most often involve ServiceNow (CMDB, ITOM Discovery, and the Common Service Data Model / CSDM), BMC Helix (CMDB and Discovery), and Atlassian tooling for asset and configuration workflows in smaller or engineering-led estates — alongside whatever discovery and monitoring tools already feed configuration data into a client’s environment. Our role is to make the data model and reconciliation process trustworthy on the platform you run, or help you select one if you’re starting fresh.

Ready to find out if your CMDB can actually be trusted?

A CMDB maturity assessment tells you exactly where discovery coverage, data accuracy, and relationship completeness stand today — before your next major incident finds the gaps for you.