Skip to content

What Is Configuration Management?


Configuration management is a process for defining, applying and consistently enforcing a system’s desired state across computer systems, servers and software. It can also entail managing and controlling information systems to optimize cybersecurity and mitigate risk.

When it comes to software, proper configuration settings can be many times more important than an applications’ latest features and functionality. The problem is that many IT operations teams struggle with the cost and complexity of managing configuration policies in a unified way across hybrid systems composed of on-premises, remote and cloud environments. Misconfigurations and “configuration drift” away from the desired settings can open the door to data breaches and cyberattacks.

An IDC survey of 300 CISOs found that of those who had experienced data breaches, human error—and security misconfigurations, in particular—were the top culprits in 67% of cases. Only hacking outranks misconfiguration errors as a cause of breaches, a Verizon study found. The stakes couldn’t be higher: Each breach caused by a cloud misconfiguration costs organizations an average of $4.4 million, according to an analysis by Ponemon Institute and IBM.

How the best configuration management tools work

Most traditional configuration systems were built for pre-cloud computing environments, homogenous devices and on-premises deployments. They struggle to find and connect with many endpoints spread across physical and digital locations. IT operations teams often use a “spray and pray” approach to distributing configuration policies, without knowing whether their approach hits the target.

But a new generation of configuration management tools — built for more diverse, dynamic and distributed endpoint environments — is beginning to catch fire.

[Read also: Ten ways to improve configuration management]

Sometimes offered as part of an endpoint management platform, the best systems use modern architectures to continuously scan endpoint environments for misconfigurations or policy conflicts that could lead to breaches. Some also include remediation tools that allow organizations to change device configurations. They can push out tailored controls to specific parts of an organization without having to manually target thousands of individual areas of the organization using sometimes difficult-to-navigate directories.

The best systems find conflicts that could lead to breaches

Once a next-generation configuration management tool distributes updates, it often quickly verifies whether policies were set up properly and where specific problems exist. Admins benefit from a clear window into all their endpoint configurations using a single unified console instead of having to view multiple apps.

The benefits of modern configuration management

Organizations that adopt the latest configuration management tools tend to cite table-stakes benefits such as speed and efficiency. The best systems also have a number of additional advantages.

  • Misconfiguration identification. Modern tools continuously monitor hybrid environments to find misconfigurations and policy enforcement issues that could lead to data breaches or cyberattacks.
  • System health checks. IT professionals use the newest tools to get a clear picture of the health of configuration policies across hybrid device environments. This allows them to uncover enforcement errors, identify misconfiguration patterns and take action to head off future issues.
  • Disk encryption verification. Knowing whether data-protection features like BitLocker conform to IT security policies is just as vital as having strong firewalls, trusted antivirus software and current patches across all devices. The best tools provide visibility into the status of hard-drive encryption and identify unencrypted endpoints requiring remediation.
  • Firewall and antivirus software maintenance. Most companies assume their firewall and antivirus software remains active at every endpoint. But that’s not necessarily true. If systems are unaware of endpoint apps, they cannot protect them. Modern configuration management tools spot and install all necessary firewall and antivirus protections in real time.
  • IT tool simplification. Having a united platform for handling every endpoint-device configuration solves the complex problem of tool proliferation.

Configuration management is no longer simply about what happens under a company’s roof. To be effective today, solutions must reach every physical and digital endpoint connected to a corporate network. Failing to configure a single entry point exponentially increases the risk of cyberattack. That’s why leading organizations have adopted modern configuration management tools that maximize cybersecurity in hybrid environments while minimizing the downside risks of security breaches.

David Rand

David Rand is a business and technology reporter whose work has appeared in major publications around the world. He specializes in spotting and digging into what’s coming next – and helping executives in organizations of all sizes know what to do about it.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.