Skip to main content
Understanding Shadow IT

Understanding Shadow IT

Email Security Insights

For those who’ve been doing IT (information technology) long enough to remember using a green display monitor also remember a time when everything was locked down and centralized. During the early 1980s, Local Area Networks became more popular and with them came decentralization, allowing other internal departments within an organization to take control of their IT requirements directly—and Shadow IT was born!

What is Shadow IT?

“Shadow IT” is the use of IT-related hardware or software products within an organization without the knowledge of the internal IT or security group. It has grown exponentially in recent years, driven by the quality of consumer applications in the cloud such as file sharing apps, social media and collaboration tools. Functional and major lines of business have also taken advantage by deploying enterprise-class SaaS applications.

Email usage has also increased during the same period as the glue that ties all the file sharing apps, social media and collaboration tools together—and therein lies the problem: spam emails and other malicious variants increased dramatically.

DMARC was introduced as a way to reduce the volume of spam and malicious emails that were spoofing legitimate email domains. Adoption rates of the DMARC standard have been increasing rapidly for its demonstrated ability to fight the kind of email fraud that often results in significant financial losses and tarnished trust in an organization’s brand.

In addition to protection from spoofing, DMARC gives organizations visibility over their email domain—the ability to identify and audit all usage by third party platform providers. The IT organization may know and condone some shadow IT platforms that use their email domain as part of the FROM address, but they also may be ignorant of many other platforms that also do.

DMARC can be credited as the mechanism that helped legitimize shadow IT usage of third-party platforms by allowing functional teams or other lines of business to follow best practice usage policies that are set by the organization. Additionally, DMARC provides the benefit of identifying third party platforms that lack appropriate security controls that can then be revoked from usage.

In an era when cybersecurity is always on the agenda at the company board level, DMARC helps eliminate threats such as spoofing while giving visibility on how people in the organization are using third party platforms to better enforce security policies.


Want to continue the conversation? Head over to the dmarcian Forum