I recently returned from the Gartner® IT Infrastructure, Operations & Cloud Strategies (IOCS) conference. It’s always great to hear directly from leaders in IT operations. While there, we surveyed attendees to understand how they use discovery tools and the configuration management database (CMDB).

The results reveal a clear shift. While IT Service Management (ITSM) and asset management remain the primary use cases, more teams now use discovery and CMDB to fuel compliance and SecOps—a rapidly growing trend.

Organizations are moving past simple asset management toward total asset visibility. This awareness acts as the "grid" for your IT operations, bringing clarity and connection to data across hybrid and multicloud environments.

Join us to learn more about Total Asset Visibility

Why ITSM and asset management dominate the CMDB

Asset management was the original use case for IT discovery. When mainframes were the primary hardware, inventory was simple. As distributed computing became common, CFOs needed an accurate inventory to manage lifecycle costs like depreciation and licenses.

Figure 1: Primary uses of discovery and CMDB

In the 1990s, change impact analysis became the catalyst for ITIL. With that shift, discovery and CMDB branched out into incident management and other core IT functions.

How does discovery support compliance and SecOps?

By automatically collecting and reconciling data across hybrid and multicloud environments, a CMDB allows teams to follow configuration policies and meet audit requirements. Total asset visibility goes deep into the network, infrastructure, and application layers to monitor the flow of information. This gives compliance and SecOps teams the insight they need to keep the organization safe.

Read: Is the CMDB the new tool for SecOps? Find out how automatic discovery can help

Discovery and CMDB data supports SecOps in three ways:

Mitigate vulnerability and risk. The CMDB tracks End-of-Life (EOL) and End-of-Support (EOS) data across software titles. This reveals installed software—even on remote laptops or inside cloud containers. It helps you find versions with known security vulnerabilities, like the Log4j library, that traditional scanners can miss because they don’t scan deep enough or are aware of where to scan.
Detect misconfigurations and drift. Misconfigured IT resources lead to data breaches. Use CMDB data to identify configurations that fail to meet security policies, such as unencrypted databases or open AWS Security Groups.
Respond with business context. By mapping dependencies between applications, infrastructure and business services, SecOps teams see exactly how to prioritize remediation based on actual business risk.

Figure 2 – Business service dependency map

What holds organizations back from using CMDB data for SecOps use cases?

The survey highlighted three main hurdles: data inaccuracy, incompleteness, and integration gaps.

Inaccuracy often stems from stale data. If you only run discovery every 24 hours, you are already behind in a hybrid world where virtual assets vanish in minutes. Incompleteness occurs when you have blind spots in specific device classes, like the network layer between a server and a database. Finally, integration gaps create dead ends. Hybrid applications use both cloud and data center resources. If your cloud, network, and data center tools do not talk to each other, you are forced into manual effort to bridge the data.

Figure 3 – challenges with discovery and CMDB

Linking the CMDB to business value

You cannot manage what you do not know. To align IT with business value, you must understand how infrastructure supports revenue-generating applications. This is why application dependency mapping is essential. Currently, very few respondents feel their CMDB is truly linked to business value.

Figure 4 – CMDB alignment to business outcomes

How AI changes the game

Survey participants identified "business insight on what’s running" as their top goal, followed by AI. AI-enriched workflows help bridge the visibility gap in three ways:

Smarter discovery. AI improves data quality through normalization. It uses integrated catalogs to ensure discovered assets are identified accurately rather than left as raw data.
Faster discovery. Instead of bulk data collection, AI uses intelligence at the edge to capture only what is needed. This reduces network congestion and processing delays.
Auto-building service maps. Service mapping is difficult because of clusters and atypical configurations. AI automates the naming of assets into logical groups and identifies "what’s missing," prompting users to fill in the gaps.

AI becomes an awareness engine. It is the pathway to total asset visibility at scale.

Figure 5 – Future impact of AI on discovery and CMDB

How can OpenText help your discovery and CMDB initiatives?

OpenText™ Universal Discovery and CMDB manages cloud, network, and on-premises discovery in one place. It solves the speed problem by using asynchronous (event-based) and patented spiral discovery to map your entire estate without the lag. It supports compliance and SecOps by tracking software and out-of-date hardware to identify offerings that violate compliance profiles. By automatically creating dependency maps, it allows you to see which resources are tied to specific business services.

Learn more:

• Read the CIO survey: State of IT Discovery and CMDB.
• Join us for the Total Asset Visibility webinar, January 22, 2026.
• Join us for the 2026 Predictions: When ITSM meets AIOps for agentic incident prevention webinar - January 22, 2026.
• Listen to the OpenText World Observability and Service Management keynote.
• Explore CMDB customer stories.

The post Why does SecOps and Compliance need the CMDB? appeared first on OpenText Blogs.