TL;DR: Software asset management is about controlling software procurement, usage, compliance, and retirement, with Zluri’s guide stressing that distributed buying, shadow IT, and poor inventory hygiene make costs and licensing risk hard to manage. The real governance lesson is that software control fails when organisations cannot reliably see what is installed, used, and still entitled.
NHIMG editorial — based on content published by Zluri: IT Teams Software Asset Management (SAM) - The Complete Guide
By the numbers:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should organisations govern software sprawl without losing control of identity assets?
A: Organisations should govern software sprawl with the same discipline they use for access governance: one authoritative inventory, clear ownership, recurring review, and a defined retirement path.
Q: Why do decentralized software purchases create governance risk for IAM teams?
A: Decentralized purchasing creates risk because access and entitlement decisions move away from central oversight, which makes drift harder to detect.
Q: What breaks when software and access inventories are not kept current?
A: When inventories are stale, organisations cannot tell whether an asset is still needed, still entitled, or already retired.
Practitioner guidance
- Centralize inventory reconciliation Create a single source of truth for software assets, access-bearing accounts, and associated ownership data, then reconcile it against discovery results on a fixed cadence.
- Tie entitlements to actual use Review software licenses, service accounts, and privileged access against observed usage so dormant or duplicate rights can be removed quickly.
- Automate retirement workflows Treat renewal, decommissioning, offboarding, and access removal as linked lifecycle steps so retired assets do not leave residual access or spend behind.
What's in the full article
Zluri's full guide covers the operational detail this post intentionally leaves for the source:
- How SAM teams structure software procurement, license normalization, and renewal tracking across a decentralized estate.
- The article's examples of audit readiness and compliance handling when software usage does not match entitlements.
- Its breakdown of SAM KPIs, including input data, operational, and financial metrics for measuring programme health.
- Stepwise guidance for building a software inventory system of record and keeping it current over time.
👉 Read Zluri's full guide to software asset management and license control →
Software asset management and identity visibility: what teams miss?
Explore further
Visibility failure, not tooling shortage, is the real control gap: SAM breaks when organisations cannot keep a reliable system of record for what has been bought, installed, used, and retired. That is the same structural weakness that leaves NHI programmes blind to service accounts and secrets outside managed inventory. The governance issue is not the number of assets alone. It is the inability to prove what still exists and why it should still exist. The practitioner conclusion is to treat inventory integrity as a control objective, not an admin task.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: How do teams know whether asset management is actually working?
A: It is working when discovery data matches the system of record, renewal decisions are based on usage, and retirement happens cleanly without leftover rights or spend. If audits still require manual cleanup or teams keep finding unused assets months later, the process is not under control.
👉 Read our full editorial: Software asset management shows why visibility, not inventory, is the gap