Software asset management and identity visibility: what teams miss

TL;DR: Software asset management is about controlling software procurement, usage, compliance, and retirement, with Zluri’s guide stressing that distributed buying, shadow IT, and poor inventory hygiene make costs and licensing risk hard to manage. The real governance lesson is that software control fails when organisations cannot reliably see what is installed, used, and still entitled.

NHIMG editorial — based on content published by Zluri: IT Teams Software Asset Management (SAM) - The Complete Guide

By the numbers:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
• 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should organisations govern software sprawl without losing control of identity assets?

A: Organisations should govern software sprawl with the same discipline they use for access governance: one authoritative inventory, clear ownership, recurring review, and a defined retirement path.

Q: Why do decentralized software purchases create governance risk for IAM teams?

A: Decentralized purchasing creates risk because access and entitlement decisions move away from central oversight, which makes drift harder to detect.

Q: What breaks when software and access inventories are not kept current?

A: When inventories are stale, organisations cannot tell whether an asset is still needed, still entitled, or already retired.

Practitioner guidance

• Centralize inventory reconciliation Create a single source of truth for software assets, access-bearing accounts, and associated ownership data, then reconcile it against discovery results on a fixed cadence.
• Tie entitlements to actual use Review software licenses, service accounts, and privileged access against observed usage so dormant or duplicate rights can be removed quickly.
• Automate retirement workflows Treat renewal, decommissioning, offboarding, and access removal as linked lifecycle steps so retired assets do not leave residual access or spend behind.

What's in the full article

Zluri's full guide covers the operational detail this post intentionally leaves for the source:

• How SAM teams structure software procurement, license normalization, and renewal tracking across a decentralized estate.
• The article's examples of audit readiness and compliance handling when software usage does not match entitlements.
• Its breakdown of SAM KPIs, including input data, operational, and financial metrics for measuring programme health.
• Stepwise guidance for building a software inventory system of record and keeping it current over time.

👉 Read Zluri's full guide to software asset management and license control →

Software asset management and identity visibility: what teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →