Zero Trust Is Killing Your Asset Management
For decades, IT and security teams depended on network scans and centralized inventories to keep track of business critical assets. A simple vulnerability scanner could sweep the subnet, find every device, and deliver a comprehensive report. Those days are gone.
As networks become more complex, with more employees working remotely, servers distributed across various cloud platforms, and the rise of Zero Trust Network Access (ZTNA) security models which are challenging this existing paradigm, traditional asset management methods are no longer sufficient.
While the current situation does not represent an inherent flaw in the system, it does underscore the need for an alternative approach.
Why Zero Trust Breaks Traditional Asset Discovery
Zero Trust emphasizes segmentation, isolation, and the principle of least privilege. These principles render traditional discovery methods, inventories ineffective, and here’s why:
- Micro-segmentation prevents scanners from seeing across network boundaries.
- ZTNA replaces VPNs, making remote workers invisible to central scanning systems.
- Cloud workloads and SaaS apps are not visible through conventional probing techniques.
- IoT and unmanaged devices often do not respond to active scans at all.
As a result, organizations face a fragmented visibility landscape. Pushing Zero Trust further can diminish the effectiveness of legacy scanning and Configuration Management Database (CMDB) tools.
The New Reality: Multiple Sources of Truth
Instead of one giant “scan,” organizations must now pull data from many sources:
- Cloud APIs (AWS, Azure, GCP) for workloads and containers.
- SaaS APIs (M365, Okta, Salesforce) for applications and users.
- EDR/XDR/MDM platforms for endpoints and mobile devices.
- IAM directories for identities and privileges.
- SBOMs and dependency tools for software components.
- Passive monitoring for unmanaged devices and IoT.
Each constitutes a “truth” within its own boundary. The challenge lies in integrating them seamlessly.
The Essential Role of Correlation and Deduplication in Asset Management
Modern asset management isn’t about finding assets, it’s about reconciling multiple perspectives into a singular, reliable overview. Without correlation, organizations risk encountering duplicates, false positives, or overlooked vulnerabilities. Examples of challenges that further complicate matters include:
- The shift from traditional VPNs to Zero Trust Network Access (ZTNA) for remote workers. In scenarios where remote employees connect directly through ZTNA to SaaS applications and data center resources, these devices remain invisible to traditional subnet scanners, despite being critical endpoints.
- Bring Your Own Device (BYOD) policies, where employees utilize personal laptops, tablets, or smartphones to access corporate applications. Such devices often bypass central management systems, resulting in their omission from Configuration Management Databases (CMDBs) or Endpoint Detection and Response (EDR) tools. Lack of control over these devices leads to shadow assets for which the organization is responsible.
- Engagement of contractors and third-party vendors, who often operate from unmanaged machines and for short durations. These devices typically do not enroll in corporate Mobile Device Management (MDM) or EDR systems, which causes discovery tools to overlook them. Nonetheless, they provide access to sensitive information, constituting high-risk blind spots within a Zero Trust framework.
Asset Management in a Zero Trust World
So, is Zero Trust killing asset management? Yes—if you expect to run a subnet scan and call it done.
But in reality, Zero Trust is forcing us to evolve:
- From network-centric discovery to API and identity-driven discovery.
- From one tool as source of truth to federated truth across systems.
- From point-in-time scans to continuous, real-time updates.
The goal remains the same: know what you have, who owns it, and how it’s protected. The path just looks very different now.
To improve security and visibility, consider adopting proactive, real-time monitoring strategies tailored for these modern challenges. Some examples include:
- API-driven aggregation. Use tools that pull data directly from cloud, SaaS, EDR, and IAM systems instead of relying only on scans.
- Correlation and deduplication. Reconcile overlapping records (like the same laptop showing up in MDM, EDR, and Active Directory) into a single source of truth.
- Continuous updates. Replace point-in-time scans with real-time or near real-time feeds, so short-lived assets like cloud workloads or contractor devices aren’t missed.
Final Thought
Zero Trust didn’t kill asset management—it killed the illusion that a single source could keep up. In today’s distributed, segmented, cloud-first world, the winners will be the organizations that embrace multi-source aggregation, deduplication, and continuous visibility as the new foundation of asset management.
You can’t defend what you can’t see.
