COMMENTARY: This piece cuts right to the problem many teams keep overlooking - while many have outgrown the traditional ways of looking at asset management, most organizations haven’t caught up. Zero Trust hasn't broken visibility; it has only exposed how limited the tools always were. You can’t just scan and pretend you know your environment. The article clearly reframes asset management as correlation, not collection - the value is not in finding assets, it is in understanding how they connect, overlap, and evolve. In a world defined by APIs, identities, and constant change, that shift in mindset is overdue.
For decades, IT and security teams relied on network scans and centralized inventories to track business-critical assets. A simple vulnerability scanner could sweep a subnet, identify every device, and deliver a comprehensive report. Those days are gone.
As networks have grown more complex — with employees working remotely, servers distributed across multiple cloud platforms, and the rise of Zero Trust Network Access (ZTNA) — traditional asset management methods are no longer enough. Zero Trust, in particular, challenges the assumptions those older systems were built on.
This isn’t a flaw in Zero Trust; it’s a signal that our approach needs to evolve.
Why Zero Trust Breaks Traditional Asset Discovery
Zero Trust emphasizes segmentation, isolation, and the principle of least privilege. These very strengths render traditional discovery methods and inventories ineffective. Here’s why:
- Micro-segmentation prevents scanners from seeing across network boundaries.
- ZTNA replaces VPNs, making remote workers invisible to central scanning systems.
- Cloud workloads and SaaS apps don’t respond to conventional probing techniques.
- IoT and unmanaged devices often ignore active scans entirely.
As a result, visibility becomes fragmented. The more an organization leans into Zero Trust, the less effective legacy scanning and Configuration Management Database (CMDB) tools become.
The New Reality: Multiple Sources of Truth
Instead of one big scan, organizations now need to aggregate data from many different sources:
- Cloud APIs (AWS, Azure, GCP) for workloads and containers.
- SaaS APIs (M365, Okta, Salesforce) for applications and users.
- EDR/XDR/MDM platforms for endpoints and mobile devices.
- IAM directories for identities and privileges.
- SBOMs and dependency tools for software components.
- Passive monitoring for unmanaged or IoT devices.
Each provides a piece of the truth within its own boundary. The real challenge lies in stitching them together.
Why Correlation and Deduplication Matter
Modern asset management isn’t about finding assets; it’s about reconciling multiple perspectives into a single, trustworthy view. Without correlation, organizations risk duplicates, false positives, or missed vulnerabilities.
Consider these common challenges:
- Remote employees using ZTNA instead of VPNs: Devices that connect directly through ZTNA to SaaS apps or data center resources often remain invisible to subnet scanners — even though they’re critical endpoints.
- Bring Your Own Device (BYOD) policies: Personal laptops, tablets, or smartphones accessing corporate systems can bypass central management, leaving them out of CMDBs or EDR tools. These “shadow assets” still pose organizational risk.
- Contractors and third-party vendors: Short-term users working from unmanaged machines typically don’t enroll in corporate MDM or EDR. Their devices may never appear in discovery tools, yet they often access sensitive data — creating high-risk blind spots.
Asset Management in a Zero Trust World
So, is Zero Trust killing asset management? Yes — if your idea of asset management ends with a subnet scan. But in reality, Zero Trust is forcing us to mature:
- From network-centric discovery to API- and identity-driven discovery.
- From one source of truth to federated truth across systems.
- From point-in-time scans to continuous, real-time updates.
The goal hasn’t changed: know what you have, who owns it, and how it’s protected. The way to get there has.
To strengthen visibility and security, organizations should adopt proactive, real-time monitoring strategies built for this new environment. That means:
- API-driven aggregation: Pull data directly from cloud, SaaS, EDR, and IAM systems instead of relying solely on scans.
- Correlation and deduplication: Merge overlapping records — like the same laptop appearing in MDM, EDR, and Active Directory — into one reliable source of truth.
- Continuous updates: Replace static scans with real-time or near real-time feeds to capture short-lived assets like cloud workloads or contractor endpoints.
Final Thought
Zero Trust didn’t kill asset management — it killed the illusion that a single source could keep up. In a distributed, segmented, cloud-first world, the leaders will be those who embrace aggregation, deduplication, and continuous visibility as the new foundation of asset management.
You can’t defend what you can’t see.
MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].