Hybrid ITAM means tracking on-premises and cloud assets, such as servers, licenses, SaaS subscriptions, VMs, and containers, inside a single system of record instead of separate tools for each environment. Cloud migration does not change the need for asset management. It expands the surface area ITAM has to cover because two environments now generate assets rather than one.
Most IT teams assume moving to the cloud is a visibility upgrade. It is not. Without the right ITAM in place, cloud migration relocates the blind spot from on-prem to the cloud, where it is easier to create and harder to notice.
The split-brain problem: Why cloud migration doubles your blind spot
On-prem inventory is usually over-documented. Years of audits, spreadsheets, and asset tags mean IT teams generally know what sits in the data center. Cloud inventory is usually under-documented. Resources spin up in seconds via self-service consoles, with no procurement step and no asset-tag requirement. The result is two separate, incomplete pictures instead of one unified view of the whole estate.
This produces predictable failure scenarios, not edge cases:
- An EC2 instance spun up for a two-week test keeps running, and billing, for months with no owner on record.
- A “temporary” VPN gateway from a project that ended a year ago stays live in production.
- A laptop is marked as decommissioned in the ITAM system, while its assigned SaaS licenses remain active because there is no link between the two records.
None of these are outliers. They are the default outcome of running on-prem and cloud asset tracking as two disconnected systems.
Why the gap is getting worse, not better
According to Flexera’s 2026 State of the Cloud Report, 73% of organizations now run hybrid cloud as their standard operating model, rather than as a transitional phase that has not yielded good outcomes. Wasted cloud spend rose to 29% in 2026, the first increase in five years, despite most organizations having a Cloud Center of Excellence in place. Cloud waste has ranged between 27% and 32% every year since 2019 across independent trackers, including Flexera, Harness, and Datadog, indicating a structural pattern rather than a one-time inefficiency.
Hybrid is not a phase on the way to fully cloud. It is the permanent operating condition, which means the visibility gap it creates is also permanent unless it is deliberately closed.
What hybrid ITAM visibility actually requires
Closing the split-brain gap is not about buying a better tool. It is about changing what counts as a single asset record. Most ITAM failures are not caused by missing data. They are caused by data that exists in three different places and three different formats, with no process to reconcile it. This is not a cloud problem or an on-prem problem to solve separately. It is a data architecture problem, and fixing the architecture makes both environments visible through the same lens.
1. Unify discovery at the source
Action: Pull device data from MDM tools such as Intune, Jamf, and Kandji. Pull infrastructure data directly from cloud-native APIs such as AWS Discovery instead of manual exports. Pull SaaS and app usage from identity providers such as Okta, Azure AD, and Google Workspace.
Why it matters: Point-in-time exports are stale the moment they are pulled. Cloud resources can appear and disappear within a single audit cycle, so discovery has to run continuously.
Example: A quarterly export catches the EC2 fleet that existed on audit day. It misses the 40 instances spun up the following week for a load test, three of which never get shut down.
2. Normalize into one system of record
Action: Deduplicate overlapping records, so a laptop found in both an MDM and a network scan counts as one asset, not two. Standardize fields such as model, owner, location, and status across on-prem and cloud. Build a CMDB that treats a cloud VM and a physical server as the same category of object: an asset with an owner, a lifecycle, and a cost.
Why it matters: Dashboards that live in separate tools require someone to cross-reference them manually, so reconciliation happens only when someone has time, usually right before an audit.
Example: A query for one employee should return their laptop, their SaaS licenses, and any cloud resources tagged to their team in a single result, not three separate lookups.
3. Reconcile ownership across IT, security, and finance
Action: Give IT, security, and finance a shared view instead of three separate asset lists. IT needs to know what exists and its status. Security needs to know what is unmanaged or out of policy. Finance needs to know what is costing money and whether it is still needed.
Why it matters: An asset without a clear owner is nobody’s job to fix. It quietly accumulates costs and risks until someone stumbles upon it.
Example: A $12,000-per-month cloud resource is flagged during a budget review, and it takes days of cross-departmental messages just to identify who provisioned it.
4. Automate the handoffs, not just the discovery
Action: Flag licenses automatically when a device is decommissioned. Surface cloud resources and SaaS seats in the same offboarding workflow as physical equipment.
Why it matters: Visibility without automated follow-through just becomes a bigger spreadsheet. If closing the loop still requires someone to remember to act, the gap moves one step downstream.
Example: An offboarding workflow that recovers a laptop but leaves three SaaS seats and a cloud dev environment active is not a visibility failure. It is an automation failure, since the system already knew the employee had left.
What this looks like in practice
The test of a working hybrid ITAM setup is simple: can you answer what you have, who owns it, and what it costs you in a single query, regardless of whether the asset lives in a data center or a cloud console?
Platforms built for this, AssetSonar included, connect directly to cloud-native discovery sources such as AWS Discovery and pull that infrastructure into the same CMDB as on-prem hardware, instead of treating cloud and on-prem as separate inventories reconciled by hand later.
The difference shows up operationally. Audit prep that used to take days of cross-referencing spreadsheets and consoles becomes a single report. Employee offboarding that used to leave orphaned licenses and forgotten devices becomes a checklist that closes itself out. This is not about buying a bigger tool. It is about refusing to accept that on-prem and cloud need separate answers to the same question: what do we own, and can we see it?
The bottom line
Cloud migration was never going to make IT asset visibility simpler. It was always going to make it broader, spanning two environments with fundamentally different creation patterns.
The organizations that handle this well are not the ones with the most tooling. They are the ones that refuse to let on-prem ITAM and cloud visibility become two separate initiatives with two separate owners and two separate toolsets.
If your ITAM strategy cannot answer what you have, on-prem or cloud, in a single query right now, the migration is not finished. It just moved the blind spot somewhere new. That is the gap AssetSonar is built to close: a single system of record for hardware, software, and cloud infrastructure, so that hybrid describes your environment rather than your reporting process.