What’s lurking in the shadows?
How you can shine a light on the tricky problem of shadow IT
A recent study by digital ops company PagerDuty has highlighted how stressful life is for IT professionals. This is a very real problem facing HR teams and senior IT execs about how to manage the work/life balance of IT employees that not only have to keep systems running for hundreds of colleagues across multiple regions, but then leave the office only to remain ‘on call’. Add the increasing concern of shadow IT to the mix, and your IT bods are facing burn out.
From BYOD, to the IoT and Shadow IT, the number of pressures on IT teams continue to intensify. Employees bringing their own devices into the corporate environment, or the dawn of internet-connected devices, are a positive progression of technology in the workplace; shadow IT however, is one that needs to be examined and brought into the light.
What is shadow IT?
If you have nothing to do with managing IT systems in your business, you probably won’t even have heard of shadow IT. But it’s keeping your IT teams up at night, and it’s probably not doing your business any favours.
Shadow IT can refer to anything that is brought onto the corporate network without the knowledge of IT — from installing new web browsers or adding Slack to communicate more quickly with international colleagues, all done in the name of improving productivity but ultimately without the blessing of IT. Similarly, marketing teams may seek out bulk email systems that can offer more granularity on responses and better marketing automation. So where’s the harm in employees trying to make the business more efficient?
Uncovering your stealth systems
Once employees feel that their IT teams are failing to respond to the pace of the business and not delivering on their requirements they will turn look to try and get the job done another way. In most cases, employees aren’t trying to circumvent IT but are simply trying to meet their own deadlines and alleviate their own job pressures and so fall into the shady area of shadow IT deployment.
These stealth systems are not sanctioned by IT and can pose a huge risk to an organisation — they aren’t monitored by IT, so updates, security patches and general management isn’t undertaken and many remain outside the corporate firewalls.
Here’s a worrying example of when shadow IT backfires on the employee. If you were one of the users that had a Dropbox account in 2012, happily storing mountains of confidential corporate information in a bid to streamline data storage for your department, you’d be having to fess up to your IT team in 2016 when Dropbox actually announced the four-year old hack. Your harmless oversight of using unauthorised programs may have resulted in significant data theft.
Renegade marketers
And so for marketers, my kin, the concerns around using third party email providers to send out emails on behalf of their organisation isn’t immediately apparent. It’s normal industry practice to use third party organisations to eliminate the otherwise time-intensive task of sending and managing email campaigns. But quite quickly you can end up in a situation where, due to legacy systems in place and employee turnover, nobody in the company knows exactly who is sending out emails on behalf of the organisation.
And you know those deliverability problems that afflict your marketing campaigns? The ones that no matter how much you tweak the email content still don’t get the deliverability and open rates you hope for? Well that shadow IT may be to blame as, the email service providers running your campaigns may not be compliant with sender regulations meaning your carefully worded emails might not even be reaching your customers.
Easily authenticate your email service providers
Email protocols that can uncover and authenticate email senders is an often overlooked option for IT teams who want to eliminate shadow IT practice and give marketing teams the freedom to communicate by email, in a way that won’t compromise security. Implementing the email protocol DMARC uncovers all the email services sending email from your domain, whether you officially know about them, or not.
Matt Towell, group senior IT engineer at ADS Group faced shadow IT concerns within his organisation. Once DMARC had been implemented, the landscape changed: “Using [the DMARC reports] has helped with several routing and delivery issues we had relating to SPF and DKIM records and authorised senders.”
So not only does DMARC show you exactly who’s sending emails from your domains but it eliminates phishing attacks originating from your domain. And for those marketing teams worried about their email campaigns it’s gives a failsafe on email deliverability, ensuring your brand reputation stays intact and the recipients of your emails receive legitimate emails.
Banish the shadows
Sometimes the solution to a problem can be found in the most unlikely of places, and as we’ve shown here, that’s certainly true when it comes to shadow IT and DMARC. For those on the IT side of the fence they can begin to take back control and secure the systems in use throughout the organisation. And for those in marketing, when your IT team knows about the services you’re using, they can help you fine tune them and get your marketing machine running smoothly.
If you’re unsure whether your organisation is DMARC protected, have a conversation with your IT team and show them our DMARC checker. Or, get in their good books by taking them a brew and a copy of our OnDMARC buyer’s guide.
