// Blog
The Compass: FinOps officially crosses into ITAM, the CMDB question gets louder, and InvGate raises $35M
Published
Weekly Roundup · April 27, 2026 · 6 min read
One trend, a few category moves, three reads, one thing to do before the end of the week. That's the Compass, weekly.
This week: the FinOps discipline officially crossed the line from cloud-only into ITAM territory, Forrester is publicly calling time of death on the monolithic CMDB, and a Latin American ITAM challenger just raised real money to push into North America. Let's get into it.
The trend: FinOps and ITAM are no longer separate disciplines
For most of the last five years, FinOps has been a cloud thing. The discipline, the tooling, the conferences — all built around managing AWS, Azure, and GCP spending. ITAM, meanwhile, lived in a different building, focused on hardware lifecycles, software licenses, and the unglamorous mechanics of asset records.
That separation is over. In June 2025, the FinOps Foundation and the ITAM Forum announced a formal strategic partnership. The FinOps Framework 2026 explicitly dropped "cloud" from its positioning, expanding the discipline to cover SaaS, licensing, data centers, and AI consumption. The State of FinOps 2026 report shows collaboration between FinOps and ITAM teams up roughly 20% year over year.
The implication for IT teams is straightforward. The same questions FinOps practitioners learned to ask about cloud are now being asked about hardware and software: what are we spending per employee, what's our utilization, where's the waste? If your CFO has been through a cloud FinOps exercise, they already have the mental model — and it's only a matter of time before they turn it on the rest of the IT budget.
// What this means in practice
The team that can produce a cost-per-seat, depreciation-adjusted view of the fleet — with utilization data — is the one that gets the FinOps conversation. The team that produces a spreadsheet with serial numbers and purchase dates is the one that gets bypassed when finance starts asking unit-economics questions.
In the ITAM category this week
A few moves worth noting:
| Vendor | What moved | Why it matters |
|---|---|---|
| InvGate | $35M growth round led by Riverwood Capital; reported 60% YoY growth and an active push into North America. | InvGate is the ITAM vendor most US-based teams haven't heard of. The funding and the Service & Support World 2026 sponsorship are clear signals they're done being a Latin American story. Worth tracking as a credible mid-market option. |
| Flexera | Continues to position Flexera One as a unified ITAM + FinOps platform; named a Leader in Gartner's 2025 Magic Quadrant for Cloud Financial Management Tools. | The strategic pitch is genuinely well-aligned with the FinOps + ITAM trend above. The catch is the same as always: Flexera One is priced for enterprises with 1,000+ seats and a dedicated SAM team. Compelling if that's you. A different solar system if it isn't. |
| ManageEngine | Incremental updates across the suite — CMDB revamp in AssetExplorer, bidirectional UEMS sync, AssetExplorer Cloud + SaaS Manager Plus integration. | No single headline announcement, but the pattern is clear: ManageEngine keeps making the bundle stickier. If you're already in the Zoho ecosystem, the gravitational pull is real. If you're not, none of these moves are reason to switch in. |
| Jamf | JNUC 2025 announcements focused on AI Assistant, Configuration Profiles in Blueprints, and Self Service+. | Jamf is doubling down on Apple MDM, security, and identity — not pushing into full ITAM. If you're Apple-heavy, it's still the gold standard for device management. But if you're looking for procurement, lifecycle, and disposal tracking, you'll still need a separate tool. That hasn't changed. |
| assetcompass | Shipped four new comparison guides this week: Lansweeper, Freshservice, ManageEngine AssetExplorer, and Spreadsheet vs. ITAM. | Our bet: the small-team system of record wins by being honest about which tool fits which job. If you need network discovery at scale, we'll point you at Lansweeper. If you need an ITSM bundle, we'll point you at Freshservice. If you need a focused asset register, you're in the right place. |
Three reads worth your time this week
Pieces that crossed our desk and changed how we think — or at least gave us better data to argue with:
- Forrester — "CMDB is dead, long live the IT management graph." Forrester is publicly calling time of death on the monolithic CMDB and arguing for a graph-based, federated approach where specialized systems hold the primary data and the CMDB becomes a read-only aggregation layer. They've been beating this drum for a while — the companion report is titled "A Federated CMDB Remains Distant, But Start Now" — but the framing is finally breaking through. If you've ever spent a week "cleaning up the CMDB" only to watch it decay in a month, the diagnosis will resonate.
- CIS Critical Security Control 1 — Inventory and Control of Enterprise Assets. Not new, but worth re-reading in light of where cyber insurance underwriting is heading. Control 1 exists because, in CIS's words, "enterprises cannot defend what they do not know they have." That sentence is also the entire argument for why your asset inventory is now a security control, not a procurement record. CIS Controls v8.1 (updated March 2025) is the current reference.
- Coalition — 2026 Cyber Claims Report. Coalition's annual claims data is one of the more honest views of what's actually causing cyber losses. The 2026 report flags a 47% surge in ransom demands and notes that 86% of businesses refused to pay. The report is about claims, not underwriting questionnaires — but the implications for asset visibility are obvious. The breaches that turn into claims often start at endpoints nobody was tracking.
A thing to watch: the regulatory penalty floor is rising
A quieter story we've been tracking: as of January 8, 2025, the EPA's maximum civil penalty under RCRA reached $93,058 per day, per violation. The e-Manifest system became mandatory for all Large and Small Quantity Generators on January 22, 2025. Starting January 1, 2026, battery-embedded products joined California's CEW Recycling Program, expanding what counts as covered electronic waste.
We haven't seen specific 2025-2026 enforcement actions targeting enterprise IT disposal in particular, so we're not going to claim a "crackdown." What we'd say with confidence: the cost of getting it wrong went up, and the documentation burden expanded. If your asset records can't show when a device was retired, how it was wiped, and where it went, you're now exposed at higher penalty levels than you were 18 months ago. That's not theoretical risk — that's the regulatory floor moving.
Field test: the asset-as-security-control audit
If the CIS Control 1 framing above resonated, here's a practical exercise that takes about 30 minutes and pays off the next time someone asks why ITAM matters to security.
- Pull a current device inventory. Serial numbers, assigned users, OS versions, and last-seen dates. If you can't pull this in under an hour, that's the gap to close first — everything else is downstream.
- Pull a list of active employees from your SSO. Okta, Google Workspace, or Entra. This is your source of truth for who should have a device.
- Diff the two lists. Devices assigned to people who aren't in SSO are your "ghost asset" candidates — possibly recoverable, definitely a security exposure. People in SSO without an assigned device may be using something that was never recorded. Both directions matter.
- Spot-check OS support status. What percentage of your fleet is on a supported OS? If you can't answer with a number and a date, you're guessing — and that's the kind of guess that becomes a claim denial or an audit finding.
None of this requires a tool. You can do it with exports and a spreadsheet. The point of the exercise isn't the answer — it's discovering how long it takes you to get the answer. If it takes a day, you have a workflow problem. If it takes a week, you have an inventory problem.
Housekeeping
We shipped four new comparison guides this week that pair with the category notes above: Lansweeper Alternative, Freshservice ITAM Alternative, ManageEngine AssetExplorer Alternative, and Spreadsheet vs. ITAM Software. They're opinionated but honest about which tool fits which job.
A correction from a previous edition: we'd referenced specific cyber insurance premium discounts tied to asset inventory maturity. After digging into the underwriting documentation from Coalition, Corvus, and At-Bay, that framing was tighter than the public evidence supports. Carriers do score security posture (MFA, EDR, patching, attack-surface scanning), and asset visibility feeds into those controls indirectly — but no carrier we found publicly scores "hardware inventory maturity" as a named underwriting factor with a stated premium impact. We'll be more careful with claims like that going forward.
The Compass goes out weekly. If this was useful and you want next week's in your inbox, the easiest way to subscribe right now is to start a free trial — we'll add you automatically. No pitch deck, no sales call.
30-day trial · No credit card · Limited founding spots