Zombie (Ghost) Assets and How to Stop Them


May, 2020

by Daniel Longest

Zombie and ghost assets sound exciting, like a late-night movie you’d watch around Halloween. While in reality they may not be that exciting, they’re scary if you don’t understand and prevent them. The good news is the steps you need to take don’t necessarily require any special technology (though some might come in handy). Instead, it requires only good old-fashioned management to set up, resource, and run the right processes.

In this post, we’ll explore zombie and ghost assets with a focus on

  • What they are
  • How they occur
  • How they impact your business
  • What steps you can take to handle them

We’ll start by discussing what assets are and the importance of an asset statement. Then we’ll discuss zombie and ghost assets and why they matter.


A Brief Primer on Asset Management

Before diving into zombie and ghost assets, it’s critical we first understand some key concepts about assets, generally, and IT assets, specifically. In common business language, an asset is anything owned by the business. Typically, a business uses an asset to produce value. For example, a manufacturer owns a factory with manufacturing equipment. Both the factory and the equipment are assets to the business that are used to make products to sell. That said, an asset doesn’t have to be directly involved in value creation, as the office equipment used by management also counts as an asset.

Standard accounting procedures produce three financial statements on a quarterly basis: the balance statement, the income statement, and the statement of cash flows. The first of these, the balance statement, lists the financial value of all assets owned by the business. There’s a lot to how that happens, but the key for our purpose is this: The assets must be accounted for, as they impact the financial position of the company and that position can affect the ability to get loans and to value the business, among other reasons. Also, for public companies in some countries, the statements must be accurate (within some margin) under legal penalty.

Asset Life Cycle

All assets go through a life cycle that typically consists of four steps. First, an asset is acquired or created. Typically, this involves planning for and then purchasing the asset. There are many ways to finance assets depending on the cost and purpose and all of that happens in this phase. Second, and hopefully the largest part of the life cycle, the business uses the asset as intended to produce value. Next, and actually iterative with the using phase, the business performs maintenance activities on the asset, either as needed due to failure or on a proactive schedule. Last, the business disposes of the asset when it’s reached the end of its useful life.

A key part of successful business operations is managing the asset life cycle properly. In doing so, the business ensures the right assets are always available to run the core business, even as assets move independently through the life cycle.

What Are IT Assets?

IT assets are the software and hardware owned or used by a business.

Some of the most common assets you will see in your IT & Test Environments are:

  • Server hosting your applications
  • Employee computers
  • Office printers
  • Mobile devices
  • Software licenses
  • Data

Just like other assets, it’s critical to monitor and track IT assets, as they affect the statement of assets for the business. As we’ll learn, ghost and zombie assets are names used to describe IT assets that get into a problematic state that detracts from the accuracy of those statements.

What Are Zombie and Ghost Assets?

Both zombie and ghost assets refer to a type of asset that is improperly represented on the asset ledger, simply in different directions:

  • A ghost asset is one that the business has on the books but can’t be located
  • A zombie asset isn’t on the books at all, but is on-hand

These may not sound like dire problems when considered on a small scale. But across an entire company, these assets combine to present major issues.

How Do Zombie and Ghost Assets Impact Your Business?

These may not sound like dire problems, but remember the earlier discussion about the asset statement. First, the company must be able to produce an accurate statement of its assets. Second, both types of assets unnecessarily increase risk. One way, maybe the most obvious, is the impact to the asset statement’s accuracy, which puts both company decision making and potentially regulatory compliance at risk. A second way, especially for IT assets, is the item lays outside the standard security program and may be used as an attack vector for cybercrime.

How Do They Occur?

Zombie and ghost assets occur when a business lacks the necessary processes or controls to track and manage assets. Typically, it’s common for a company’s asset tracking to start off on a spreadsheet and move to something more elaborate later, if necessary. For example, a small IT department issues laptops and mobile devices to employees, and they use a spreadsheet to track issuance and return of the devices.

Here are some situations where ghost and zombie assets can occur:

  • Employees use a written sign-out sheet to borrow a shared laptop with special presentation software. Then, the laptop goes missing one day, and it’s never reported and no one notices its absence.
  • An employee reports a lost laptop to IT and are issued a new one. As a result, IT updates the asset’s life cycle to properly reflect this loss. Later, the employee finds the old laptop and returns it with their other equipment on their last day of work.
  • The business buys software licenses without including IT. As a result, such purchases are not reported to the group responsible for IT asset management

What Steps Can You Take?

The first step to take to mitigate the effects of zombie and ghost assets is to take IT asset management seriously and invest resources to do it properly. First, there’s a fair amount of software in IT asset management that simplifies the tracking. Much of this software integrates with accounting software, so it ties nicely into your finance group’s needs. That synergy improves processes across several different departments, and that’s generally a huge time-saver.

Second, even without IT asset management software, assign accountability for asset management to a staff member, if you haven’t done so already. This accountability, when built into job descriptions and goals, provides the necessary incentives to manage this area properly. Don’t assume that the person who’s buying your servers is the right person to handle these duties just because they do a lot of purchasing. Additionally, put actual processes around asset distribution and management. For example, don’t allow staff to borrow assets and self-report such usage via a sign out sheet, whether that’s paper or digital. An accountable staff member is needed to create, manage, and execute processes.

Third, consider RFID or similar technology for tracking the location of physical assets. These tags on hardware such as servers, mobile devices, and similar auto-reporting status and location make ghost assets much more difficult to stay invisible.

Last, in a technology space that’s moving to more cloud services, consider the role of IT assets for operations altogether. One of the big benefits of cloud computing is the transition of costs from capital to operating expenses. On the one hand, this transition may allow you to replace asset purchases with leases and thus avoid the need to track assets altogether. On the other hand, some IT assets will still be needed and leased hardware must still be tracked.

Wrap Up

In this post, we’ve learned about IT asset management and the impact ghost and zombie assets have on your business. It’s critical to invest in proper asset management practices to avoid the unnecessary cost and risk of these assets. Otherwise, you’ll be in a tough spot when accounting and IT senior leadership comes calling.

Daniel Longest

This post was written by Daniel Longest. With over a decade in the software field, Daniel has worked in basically every possible role, from tester to project manager to development manager to enterprise architect. He has deep technical experience in .NET and database application development. And after several experiences with agile transformations and years spent coaching and mentoring developers, he’s passionate about how organizational design, engineering fundamentals, and continuous improvement can be united in modern software development.

Relevant Articles

Sand Castles and DevOps at Scale

03JUNE, 2022 by Niall Crawford & Carlos "Kami" Maldonado. Modified by Eric Goebelbecker.DevOps at scale is what we call the process of implementing DevOps culture at big, structured companies. Although the DevOps term was back in 2009, most organizations still...

Test Environment Management Explained

Test Environment Management Explained3JUNE, 2022 by Erik Dietrich, Ukpai Ugochi, and Jane Temov. Modified by Eric GoebelbeckerMost companies spend between 45%-55% of their IT budget on non-production activities like  Training, Development & Testing and lose 20-40%...

Serverless Computing for Dummies

3JUNE, 2022 by Eric GoebelbeckerWhat Is Serverless Computing? Serverless computing is a cloud architecture where you don’t have to worry about buying, building, provisioning, or maintaining servers. In return for structuring your code around their APIs, your cloud...

Test Environments – The Tracks for Agile Release Trains

25MAY, 2022 by Niall Crawford & Justin Reynolds. Modified by Eric Goebelbecker.So, you’ve decided to implement a Scaled Agile Framework (SAFe) and promote a continuous delivery pipeline by implementing “Agile Release Trains” (ART)*.  Definition: An Agile Release...

What Is Data Masking and How Do We Do It?

24MAY, 2022 by Michiel Mulders. Modified by Eric Goebelbecker.With the cost of data breaches increasing every year, there’s a need for higher security standards. According to IBM’s 2021 security report, the average total cost of a data breach has risen to $4.24...

Test Environments: Why You Need One and How to Set It Up

24MAY, 2022 by Keshav MalikWith the rise of agile development methodologies, the need to quickly test new features is more critical than ever. This is especially true for websites and applications that rely on real-time data and interaction. The only way to ensure...