{"id":10827,"date":"2017-04-04T10:47:15","date_gmt":"2017-04-04T15:47:15","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=10827"},"modified":"2021-10-14T11:28:21","modified_gmt":"2021-10-14T16:28:21","slug":"5-warning-signs-that-shadow-it-lurks-in-your-company","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2017\/04\/5-warning-signs-that-shadow-it-lurks-in-your-company\/","title":{"rendered":"5 warning signs that Shadow IT lurks in your company"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-725\" alt=\"Education\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2010\/11\/Education.jpg\" width=\"76\" height=\"100\" \/><span style=\"font-size: 14px;\"><em>Summary: A growing trend, \u201cShadow IT\u201d is a term used to describe IT systems and solutions built and\/or used inside organizations without the approval of the IT department. This could include anything from employees emailing spreadsheets back and forth to entire departments licensing third-party, cloud solutions behind IT\u2019s back. The problem: Since Shadow IT usually happens on the sneak, IT departments don\u2019t know where (or how much) it\u2019s happening. Is Shadow IT lurking in your business? Read this article to learn the warning signs. <\/em><\/span><br \/>\n<a name=\"20170403\"><\/a><!--more--><br \/>\nLike it or not, Shadow IT is probably alive and well in your organization. Recent surveys find that it\u2019s not only growing, it\u2019s far more rampant than business leaders realize.<\/p>\n<p>What can you do about it? In past articles, we\u2019ve explored a few ways to address and reduce risks of Shadow IT. We&#8217;ve looked at:<\/p>\n<ul class=\"arrow-list colored\">\n<li><a onclick=\"ga('send', 'event', 'Blog', 'Inside Link', 'Prevent Shadow IT'); \" href=\"https:\/\/www.mrc-productivity.com\/blog\/2017\/02\/7-steps-to-prevent-shadow-it\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red; font-weight: bold;\">Ways to prevent Shadow IT<\/span><\/a>.<\/li>\n<li><a onclick=\"ga('send', 'event', 'Blog', 'Inside Link', 'Reduce Shadow IT Risks'); \" href=\"https:\/\/www.mrc-productivity.com\/blog\/2016\/07\/6-ways-to-reduce-shadow-it-security-risks\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red; font-weight: bold;\">How to reduce security risks of Shadow IT<\/span><\/a>.<\/li>\n<li><a onclick=\"ga('send', 'event', 'Blog', 'Inside Link', 'The benefits of embracing Shadow IT'); \" href=\"https:\/\/www.mrc-productivity.com\/blog\/2016\/01\/4-benefits-of-embracing-shadow-it\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red; font-weight: bold;\">The benefits of embracing Shadow IT<\/span><\/a>.<\/li>\n<\/ul>\n<p>That being said, there\u2019s still a problem: You can\u2019t address Shadow IT if you can\u2019t see it. How do you know whether or not Shadow IT lurks in your company?<\/p>\n<p>It&#8217;s a tricky question. After all, Shadow IT usually happens on the sneak. Generally speaking, IT departments don\u2019t know where (or how much) it\u2019s happening. This means they can\u2019t monitor the spread of company data, and therefore\u2013cannot secure any data involved in Shadow IT.<\/p>\n<p>How can you figure out whether or not Shadow IT exists in your company? What signs should you look for? Today, let\u2019s answer those questions. Here are 5 signs that Shadow IT lurks in your business.<\/p>\n<h3>1. Users talk about it<\/h3>\n<figure id=\"attachment_9851\" aria-describedby=\"caption-attachment-9851\" style=\"width: 266px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2017\/03\/workplace.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9851\" alt=\"photo credit: Unsplash via pixabay cc\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2017\/03\/workplace.jpg\" width=\"266\" height=\"300\" \/><\/a><figcaption id=\"caption-attachment-9851\" class=\"wp-caption-text\">photo credit: <a href=\"https:\/\/pixabay.com\/en\/workplace-team-business-meeting-1245776\/\">Unsplash<\/a> via <a href=\"http:\/\/pixabay.com\/\">pixabay<\/a> <a href=\"http:\/\/creativecommons.org\/publicdomain\/zero\/1.0\/deed.en\">cc<\/a><\/figcaption><\/figure>\n<p>I hesitate to include this point because it seems obvious. But, I feel like it\u2019s common enough (and important enough) to mention. Let me explain:<\/p>\n<p>The fact is, many employees practice \u201cShadow IT\u201d without realizing that it\u2019s wrong. They either aren\u2019t aware of, or don\u2019t understand your corporate policies on the use of unauthorized hardware\/software in the workplace.<\/p>\n<p>Is this a problem in your business? Could users be unaware that they\u2019re practicing Shadow IT. Ask yourself a few questions:<\/p>\n<ul class=\"arrow-list colored\">\n<li>\u201cDo we have a clear Shadow IT policy?\u201d<\/li>\n<li>\u201cHave we communicated that policy to the end users?\u201d<\/li>\n<li>\u201cDoes the IT department have open communication with the business users?\u201d<\/li>\n<\/ul>\n<p>Many businesses struggle in one of these key areas. As a result, users aren\u2019t entirely sure when they are practicing Shadow IT. In some cases, they don\u2019t even know that it\u2019s wrong.<\/p>\n<p>The first sign that Shadow IT lurks in your business is a simple one. Users will tell you about it. Of course, this means that your IT department must have open communication with end users. But, you\u2019ll find that asking users what software they\u2019re using is a great way to uncover Shadow IT.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\u201cA very simple and practical way to discover shadow IT is to go ask the users,\u201d says Oli Thordarson, President, CEO of <a onclick=\"ga('send', 'event', 'Blog', 'Source', 'Alvaka Networks Inc'); \" href=\"http:\/\/www.alvaka.net\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red; font-weight: bold;\">Alvaka Networks, Inc<\/span><\/a>. \u201cThis has the added benefit of getting IT staff out talking to users and learning more about their needs. The IT staff will learn a lot and the users will feel good that they are being asked and listened to.\u201d<\/p><\/blockquote>\n<p>Besides talking to end users, what else should you do? First, create a clear Shadow IT policy. Second, communicate that policy with your employees, but keep the dialogue open. For instance, you could include a survey that asks employees which tools they use and what goals they\u2019re trying to accomplish with those tools. Then you understand how to give employees secure alternatives to meet their needs.<\/p>\n<h3>2. Your help desk receives support requests for unknown software<\/h3>\n<p>As mentioned above, many employees don\u2019t understand that they\u2019re even participating in Shadow IT. Maybe they\u2019re using software suggested by another employee, or maybe their department manager licensed a SaaS solution for his\/her employees without mentioning that it\u2019s an unapproved solution.<\/p>\n<p>If this is the case, what will employees do when they run into an issue with that software? Contact the help desk.<\/p>\n<p>Train your help desk on protocols for reporting Shadow IT. Make sure they keep track of any support requests for software that you don\u2019t support. This is one of the easiest ways to watch for Shadow IT.<\/p>\n<h3>3. The requests\/complaints stop<\/h3>\n<p>If you work in an IT department, you understand that business users make a lot of requests. They ask IT for support, new software, changes to existing software, and much more. In many businesses, the IT department is bombarded with requests.<\/p>\n<p>While that may seem bad, let me ask you a question: What\u2019s worse than constant requests\/complaints from end users?<\/p>\n<p>Silence.<\/p>\n<p>If end users that formerly requested solutions (or complained about their existing solutions) are now silent, that\u2019s a red flag. Or, if your users have solutions that you know they don\u2019t like, but they don\u2019t complain about them anymore&#8230;that\u2019s a red flag. Chances are, they\u2019ve found other options.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\u201cIf a company&#8217;s I.T. department is always busy, always using &#8216;prioritization&#8217; as a euphemism for &#8216;no&#8217; and frequently pushes dates back or delivers lighter versions of what was originally agreed to, it is just a matter of time before innovation finds a way and starts creating shadow or stealth IT,\u201d says Terence Channon, Principal at <a onclick=\"ga('send', 'event', 'Blog', 'Source', 'NewLead LLC'); \" href=\"http:\/\/www.newlead.net\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red; font-weight: bold;\">NewLead, LLC<\/span><\/a>. \u201cIf your organization is enduring any of these challenges, then shadow IT is likely right around the corner. If the &#8216;nos&#8217; and &#8216;re-prioritization&#8217; suddenly stops and the product owners that once fought tooth and nail but were continually put on hold are now quiet, shadow IT is already there.\u201d<\/p><\/blockquote>\n<p>What should you do if you notice this in your business? The answer here isn\u2019t to stomp out unauthorized software use. Rather, give employees the tools needed to perform these common actions. If employees complain, take it seriously. Look at the bright side\u2013at least they\u2019re communicating with you. When they stop communicating, they\u2019ve taken matters into their own hands.<\/p>\n<h3>4. You see new security alerts<\/h3>\n<figure id=\"attachment_9493\" aria-describedby=\"caption-attachment-9493\" style=\"width: 300px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9493\" alt=\"photo credit: JavadR via pixabay cc\" src=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/09\/hack-813290_640-300x168.jpg\" width=\"300\" height=\"168\" srcset=\"https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/09\/hack-813290_640-300x168.jpg 300w, https:\/\/www.mrc-productivity.com\/blog\/wp-content\/uploads\/2015\/09\/hack-813290_640.jpg 640w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption id=\"caption-attachment-9493\" class=\"wp-caption-text\">photo credit: <a href=\"https:\/\/pixabay.com\/en\/hack-hacker-elite-hacking-exploits-813290\/\">JavadR<\/a> via <a href=\"http:\/\/pixabay.com\/\">pixabay<\/a> <a href=\"http:\/\/creativecommons.org\/publicdomain\/zero\/1.0\/deed.en\">cc<\/a><\/figcaption><\/figure>\n<p>When employees purchase and use third-party software without IT\u2019s knowledge, they can (unknowingly) create security risks.<\/p>\n<p>For example, they might choose software that isn\u2019t secure. Or, they might store company data in places that are easily accessible to hackers. Or, maybe they just have bad password habits. Whatever the reason, the use of Shadow IT can open up your company to new security risks.<\/p>\n<p>If Shadow IT is running rampant in your company, you\u2019ll probably notice new threats or security alerts in your security software. Keep a close eye on new security threats&#8211;as they can be a sign that Shadow IT exists in your business.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\u201cYou seem to have inexplicable alerts on viruses and malware that many times, you have not seen before,\u201d says <a onclick=\"ga('send', 'event', 'Blog', 'Source', 'Anthony Howard'); \" href=\"http:\/\/anthonyrhoward.org\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red; font-weight: bold;\">Anthony R. Howard<\/span><\/a>, Bestselling Author and IT Consultant. \u201cYou get hit with ransomware (where a hacker seizes and encrypts your data so you can not access it, then charges you an enormous fee to get access to it again. It causes issues with downtime as shadow IT usually does not get backed up reliably so if there is a large failure, data is lost with no way of recovering it.\u201d<\/p><\/blockquote>\n<h3>5. You notice changes in expense reports and departmental budgets<\/h3>\n<p>Most SaaS providers offer free versions of their software, which accounts for the large majority of Shadow IT use. However, as Shadow IT grows within a company, money comes into play. When single employees use outside, paid services, they\u2019ll likely expense the cost. Keep an eye out for software charges on expense reports.<\/p>\n<p>However, when whole departments practice Shadow IT on a large scale, you\u2019ll find significant shifts in budget. After all, some of those services come with high price tags, and these departments must get creative with their budgets to make things work. You\u2019ll find that periodic reviews of departmental budgets will uncover areas that are being used to finance Shadow IT.<\/p>\n<blockquote style=\"line-height: 1.7em; background-image: none; margin-left: 0; padding-left: 18px; height: auto;\"><p>\n&#8220;Businesses can choose to audit the operational expenditure of various departments with the aim of identifying potential \u201cShadow IT\u201d items,&#8221; explains Nic Grange, CTO of <a onclick=\"ga('send', 'event', 'Blog', 'Source', 'Retriever Communications'); \" href=\"http:\/\/retrievercommunications.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"color: red; font-weight: bold;\">Retriever Communications<\/span><\/a>. &#8220;These can come in the form of SaaS charges which are usually per user per month.&#8221;<\/p><\/blockquote>\n<h3>Summary<\/h3>\n<p>While the list could certainly be longer, these are just 5 signs that Shadow IT exists in your business. Would you add anything to this list? If you would like to add anything to this list, I\u2019d love to hear it. Feel free to share in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: A growing trend, \u201cShadow IT\u201d is a term used to describe IT systems and solutions built and\/or used inside organizations without the approval of the IT department. This could include anything from employees emailing spreadsheets back and forth to entire departments licensing third-party, cloud solutions behind IT\u2019s back. The problem: Since Shadow IT usually &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.mrc-productivity.com\/blog\/2017\/04\/5-warning-signs-that-shadow-it-lurks-in-your-company\/\"> <span class=\"screen-reader-text\">5 warning signs that Shadow IT lurks in your company<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"5 warning signs that Shadow IT lurks in your company - mrc&#039;s Cup of Joe Blog","description":"Summary: A growing trend, \u201cShadow IT\u201d is a term used to describe IT systems and solutions built and\/or used inside organizations without the approval of the IT"},"footnotes":""},"categories":[8],"tags":[77],"class_list":["post-10827","post","type-post","status-publish","format-standard","hentry","category-education","tag-shadow-it"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=10827"}],"version-history":[{"count":12,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10827\/revisions"}],"predecessor-version":[{"id":13135,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/10827\/revisions\/13135"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=10827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=10827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=10827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}