A couple weeks ago at Forrester’s Technology & Innovation Summit EMEA in London, I declared the configuration management database (CMDB) to be dead. I don’t usually indulge in “X is dead” clickbait, but the term “configuration management database” has misled the industry for decades, causing confusion, waste, and regulatory missteps.

Let me be very clear: Whenever you have a large-scale organizational capability, you’re going to have an information management problem, and so we have a big information management problem in managing large-scale digital and IT estates.

But the CMDB idea and its legacy continue to confuse and hinder our progress.

A Misguided Legacy

I trace the CMDB’s roots back to ITIL v1 in 1990, and this guidance in turn borrowed heavily from military and aerospace configuration management. That heritage was ill suited to the dynamic, distributed evolution of IT. Worse, the name itself — “configuration management database” — implied that it could store actual configurations. It couldn’t — not in 1990, not now.

This misnomer led regulators and auditors to expect impossible functionality. I saw this firsthand in banking, where regulators assumed that CMDB ownership meant responsibility for Unix server hardening and executives asked whether it was the right place to control low-level network card settings. It took years to correct such misconceptions. The right tools: BladeLogic, Opsware, and, later, Puppet, Chef, and Ansible were always elsewhere.* Some might call me out for going back in history here, but CMDB as an idea has been slowly propagating worldwide and (especially when non-English speakers are involved) there are still misunderstandings.

The CMDB was never designed to manage low-level configuration parameters — too numerous and too volatile, with ever-changing schemas, nor did the CMDB ever have the power to actually change those settings. Yet organizations bought discovery tools, cranked them to eleven, filled the CMDB with stale data, and wondered why engineers ignored it. When troubleshooting, admins don’t consult cached values in a database; they SSH into the device for real-time truth.

The Real Value — And The Real Problem

Despite its flaws, the CMDB was still necessary. It can and should handle base inventories (linked to IT asset management.) Beyond that, it promised context, dependencies, and relationships. You can’t figure out much about the device’s business purpose — e.g., who owns its workloads — from an SSH session. Tracing those low-level concerns up to real business impacts is where the CMDB showed potential. But for these purposes, the term “configuration” was a confusing stretch. And without solid data management practices, most CMDBs collapsed under their own weight. Dependency data is expensive and hard to manage.

This is the heart of the issue: CMDBs were in most cases built and managed by ITIL/ITSM process experts, not data managers. ITIL’s original military-spec terminology — “configuration item identification, configuration status accounting” — never aligned with industry-standard data practices (e.g., “schema design, data quality reporting”). The result? Poor modeling, weak governance, process confusion, and silly debates (e.g., “Is a person a CI?”).

When leaders ask me why their CMDB efforts are failing — often after three or four attempts — my usual finding is simple: They haven’t involved anyone with real data management expertise. The CMDB was a product of ITIL, a process-centric framework. Data management is a different discipline entirely, governed by the Data Management Association and the Data Management Body of Knowledge. Few practitioners are deep in both.

The Graph Awakens

For years, we searched for better terminology: “business of IT data,” “IT data management platform,” and so on. ITIL v3 itself proposed “configuration management system,” which didn’t resolve the fundamental confusion with the term “configuration.” But now, we have a viable alternative: the IT management graph.

Graph databases have existed for years, but the rise of generative AI and graph RAG has brought them to the forefront. Vendors such as Atlassian, ServiceNow, Dynatrace, Flexera, and Planview now lead with graph-centric messaging. At recent conferences and briefings, “graph” is dominating the narrative while “CMDB” is fading.

The graph model fits IT management data perfectly. This data is not particularly voluminous (aside from logs, which again don’t belong in the CMDB), but it’s deeply interconnected. Multi-hop transitive dependencies are the norm. To understand exposure, impact (i.e., blast radius), and lineage, from technical resources to business capabilities, you need a graph.

At Forrester, we’re deprecating the term CMDB. We’ll still speak the language of our clients, but in our research, you’ll increasingly see it termed “IT management graph.”

Toward Quality And Maturity

Will the data in these graphs be perfect? No. But perfection isn’t the goal — fit-for-purpose is. A 98–99% quality rate is sufficient — if you have governance, reporting, and continuous improvement. ServiceNow is already operationalizing data quality reporting in its graph. That’s progress.

We’re also seeing a quality revolution, driven by:

  • Agents that assist with data curation.
  • OpenTelemetry for dependency insight.
  • The extended Berkeley Packet Filter.
  • Integrations with increasingly intelligent observability tools (the Dynatrace adapter into the ServiceNow graph is one of the most popular)

Why did we keep banging our head against the wall, trying to build CMDBs despite repeated failures? Because we had no choice. IT consumes 3% of corporate budgets. Regulations like HIPAA, DORA, and GDPR demand visibility. We’ve got to know what we have and how it connects. We will continue to need robust information management, and as we finally get it, we are going to be able to solve increasingly challenging problems in digital and IT management, such as technical debt.

Now, with graphs, we’re finally getting there. It’s time to leave the past behind and embrace a mature, data-centric future.

Long live the IT management graph.

If you want to talk, let’s connect. Forrester clients can access our exclusive reports and schedule a guidance session to explore current trends and solutions.

*BladeLogic and Opsware were acquired by BMC and HP, respectively.