ITAM software and the identity surface gap teams are missing

TL;DR: IT asset management software is increasingly being used as a control point for inventory, lifecycle, and compliance, but Zluri’s analysis shows the same asset sprawl that complicates hardware and software tracking also exposes identity relationships, dormant accounts, and shadow AI. That makes asset management a governance problem as much as an operations one.

NHIMG editorial — based on content published by Zluri: IT Teams Top 20 IT Asset Management Software for 2026

By the numbers:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.

Questions worth separating out

Q: How should teams connect IT asset management with identity governance?

A: Teams should treat IT asset data as an input to identity governance, not as a separate management island.

Q: Why do asset inventories fail to reduce access risk on their own?

A: Asset inventories show what exists, but they do not prove who can use it, how long access has existed, or whether the access is still justified.

Q: What do organisations get wrong about ITAM and compliance?

A: They often assume accurate inventory is the same as control.

Practitioner guidance

• Map asset records to identity relationships Join ITAM data with entitlement, activity, and ownership data so every critical asset also shows the humans, service accounts, and integrations attached to it.
• Tie disposal workflows to offboarding checks Require confirmation that linked accounts, API keys, tokens, and SaaS integrations are revoked before an asset is retired or reassigned.
• Flag orphaned and dormant access during inventory reviews Use inventory refresh cycles to surface access paths that remain active after a device, application, or contract changes state.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• A vendor-by-vendor feature comparison of IT asset management workflows for discovery, lifecycle tracking, and audit support
• Detailed capability descriptions for inventory scanning, contract tracking, and compliance reporting that procurement teams can evaluate
• Step-level examples of how each platform handles hardware, software, and SaaS visibility in day-to-day operations
• Implementation context for organisations comparing ITAM tooling with broader identity governance requirements

👉 Read Zluri's IT asset management software roundup and feature breakdown →

ITAM software and the identity surface gap teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →