Snow Software has been acquired by Flexera. Learn More.

The Basics of IT Asset Management

IT asset management (ITAM) is the combination of hardware asset management and software asset management. ITAM helps organizations minimize costs, stay compliant and reduce risks related to their technology estate.

Software asset management (SAM) has historically focused on ensuring license compliance and reducing risks from vulnerable and end-of-life (EOL) and end-of-support software. With the increase in SaaS application usage, software asset managers are placing additional emphasis on ensuring that their organizations get the most possible value from the software they’ve purchased. New organizations that have only invested in SaaS applications have turned to a SaaS management solution to help reduce SaaS sprawl and related costs.

Hardware asset management (HAM) focuses on the process of managing hardware IT assets through purchase to retirement and may include end-user devices and peripherals, datacenter servers, network hardware and IoT devices.

How is ITAM different from ITSM and systems management or device management?

ITAM, ITSM and systems management have different goals.

  • ITAM is focused on ensuring license compliance, optimizing IT spend and reducing security and regulatory risk.
  • ITSM is focused on improving the deployment, operation, and management of IT services and resources for all end users.
  • Systems management or device management is focused on ensuring the reliability and security of endpoints and servers.

While the goals are different, there are overlapping processes and tool capabilities within these practices. For example, there are many IT operations management processes that benefit from and integrate with ITAM processes.

These integrated processes include:

  • Incident and problem management — In this process, teams use configuration item (CI) information to understand which CIs are involved in an incident. For example, identifying the correct version of software should help speed the identification, resolution and routing of incidents.
  • Change management — Change management personnel use CI information to understand the ramifications of a proposed change such as understanding the licensing impacts of the change and how to lessen the impact.
  • Release management — In this process, a team updates their configuration management system (CMS) with information about deployed releases (aides in lowering risk to production).
  • Security management — Teams in charge of this process leverage IT asset inventory data to understand which assets they need to protect, which assets are at risk, who is using assets that could put company and customer data at risk, and to report their compliance to industry and governmental regulations. 
  • IT strategy — IT strategy personnel leverage IT asset data to assess which transformation projects would provide the best outcome for their employees and customers.

Learn more about the differences between these practices in this article, “Six Common Shortcomings of Systems Management Tools When Used for ITAM.”

What’s the difference between an ITAM database and a CMDB?

IT asset management databases (AMDBs) and configuration management databases (CMDBs) serve different purposes. AMDBs help organizations optimize IT asset costs, identify risk, ensure compliance, understand adoption and aide in IT strategic planning.

CMDBs help organizations understand the relationships between assets (CIs) and how those assets are configured to improve service delivery and performance.

An AMDB can greatly improve your CMDB’s health by fortifying and cleaning your CMDB.

There are a few factors that make help from an AMDB so crucial:

  • CMDB data is brought in from multiple platforms. Each of these platforms may report it differently, resulting in duplicates and gaping holes in the CMDB.
  • Unusable noise that ultimately brings no value to ITSM tools also gets brought into your CMDB from poor software recognition. This “data bloat” makes the database unwieldy to manage.
  • There is usually minimal usage tracking because too many organizations simply don’t have this type of insight.

What lies ahead for ITAM?

In general, we’ll see more software spending and more opportunities to optimize costs. There is more being spent on software than ever before, and those numbers are increasing. Across all industries in 2019, software accounted for 31% of IT budget, and in 2022 it was projected at 34%. With vendor price increases in 2023 and 2024, software will account for nearly 40% of IT spend. With 30% of this wasted, that’s 10% of the total IT budget being wasted. This impact is even greater for industries with greater software spend, such as high-tech, financial services and retail.

The predictability of financials is also a concern. Are there going to be surprises in your budget based on adoption of tools you weren’t aware of?

More shadow IT will lead to more risk. Shadow IT risks stem from distributed purchasing and the ease of trying and buying SaaS software. Organizations know there are applications in use that have not been through risk assessments. With their current tools, however, they can’t say for certain. The use of generative AI is causing a lot of grief (e.g., Samsung forbidding ChatGPT use after they spotted a data leak).

Data concerns related to employee turnover are also huge — how do you know when someone leaves the company, if they no longer have access to your data, or if it is just floating out there without your knowledge?

Regulatory pressures will drive a sense of urgency. Starting with the 2019-2020 SolarWinds debacle, cybersecurity risks have caused an undeniable increase in regulatory pressure and have lead to NIST guidance, U.S. state and EU legislation and FTC warnings. These risks also led the S&P Global Ratings Agency to state that inadequate ITAM could impact credit ratings.

As a result of these factors, including the advancement of FinOps in organizations, we are seeing CFOs, CPOs and CISOs more interested in the outcomes of a proactive ITAM practice.

That’s a really good thing for ITAM professionals. 

Indicators your organization needs an ITAM solution

Here are some of the most common reasons why organizations start investigating ITAM solutions:

  • Failed audit (i.e., vendor audit, security audit, internal audit) resulting in fines or recommendations to invest in an ITAM practice
  • Upcoming renewal or vendor audit, especially when there’s no confidence in current license position or understanding of how people are using the software
  • History of M&A that resulted in application complexity and sprawl
  • Desire to achieve ISO 27001 or SOC2 compliance
  • Rising application spend that occurred when organizations paid for price increases blindly without understanding how people use the software
  • The discovery of duplicate software purchased in different organizational units
  • Missing deserved volume discounts because of a lack of visibility into software usage across the organization (i.e., not seeing opportunities across multiple agreements)
  • Security incidents or security team concerns about the risks of end-of-life applications that might have vulnerabilities that they cannot patch, or the risk of not knowing how employees are sending data to applications (e.g., generative AI applications, file sharing applications, etc.).
  • The ITSM team struggles with a CMDB that contains outdated, incomplete and duplicate data
  • Too much time spent in data gathering for IT strategy/digital transformation analysis
  • Worries about meeting new regulatory requirements (DORA, etc.), or concerns about an organization’s credit rating without proactive IT risk assessments

Siloed job functions and inadequate visibility have hampered ITAM in the past. With the additional need to get ahead of cloud infrastructure spend, many organizations are investing in FinOps practices. It’s probably an invaluable task. Analysts such as Gartner predict that, by 2026, organizations that merge SAM and FinOps into a central governance function will report 60% less financial waste from software and cloud investments.1

The benefits of an ITAM solution

  • Cost optimization and predictable budgets — On average, 30% of spend on licenses is wasted. With software nearing close to 40% of the IT budget, that’s 10% of the total IT budget not having any organizational impact.
  • Mitigated risk — The global average cost of a data breach in 2023 was $4.45 million, but the cost of a financial services incursion is potentially even higher — $5.9M per breach.2 In addition to actual remediation costs, data breaches damage revenue potential due to loss of trust. They also disrupt an organizations’ strategic objectives with so much time and attention devoted to remediating the issue.

Vendor audit fines can also be extremely expensive. One of our customers was able to mitigate the cost of a vendor audit to the tune of $34M. Additionally, regulatory fines can be extremely costly. For example, failure to comply with the EU DORA Act could result in a fine of 5% of revenue.

  • Improved staff efficiency — We’ve heard many examples from our customers about how a comprehensive ITAM tool reduced their time to prepare for audits, renewals and IT strategic plans. For example, one customer was able to reduce time spent preparing for audits by 90%.

ITAM requirements for today’s complex environments

Deep visibility into all applications

Audits are getting harder because commercial applications can sit in containers and cloud infrastructure, which are not visible to most ITAM and SAM professionals. Also, SaaS is becoming a huge chunk of spend, having doubled over the last 4 years. With expected price hikes, analysts project that share to increase by over 25%. As a result, it will be important for organizations to know about known applications and applications that haven’t gone through a central procurement channel and commercial applications that live on containers and in IaaS environments.

True understanding of technology usage

In the past, ITAM was largely focused on license compliance and comparing installations vs. entitlements. With the increased use of SaaS and subscription models, usage is the more important metric to help you:

  • Determine that you’re getting value from what you’ve paid for
  • Find out if employees are using overlapping technologies
  • Identify risk, i.e., discover who is using denylisted apps and who is using apps not vetted by security teams

Outcomes with urgency

With cost constraints, regulatory pressures and security threats, in today’s world, organizations can’t wait to get visibility, ensure compliance and reduce costs. To jump start your ITAM program at your organization, download our ITAM best practices guide now.

  1. Gartner, “Market Guide for Software Asset Management Tools.” Analysts Jaswant Kalay, Ciaran Hudson, Yolanda Harris. 3 October 2023.
  2. IBM Cost of a Data Breach Report 2023.

Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.