<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1475371445887078&amp;ev=PageView&amp;noscript=1">

Unsanctioned IT (also known as shadow IT) is a phrase on the minds of many a corporate executive today - as it should be. Recent research from the Everest Group shows that unsanctioned IT can comprise up to 50% of corporate IT spending. If your business is spending that much on something you can’t identify, it’s high time you start paying attention.

Some quick searches will show you that shadow IT is definitely a hot topic, but the main focus is prevention. Of course it’s important to keep it from happening in the first place, and companies must put practices in place to safeguard against it. But shadow IT is already happening. So how do you find it when it’s already there?

Given that unsanctioned IT is unknown to the business, it isn’t going to be easy to find - and you might not catch it all on the first pass. But, you can use some existing resources to locate its’ sources. Here are our 3 tips for casting a wide net across your organization to find unsanctioned IT.

Related: The #1 Biggest Risk to CIOs

Leverage Your First Line of Defense

Your IT department gathers a virtual treasure trove of employee activity. When looking for unsanctioned SaaS and IT purchases, start by reaching out to your IT support staff. They are fielding inquiries from across the business, and they may be receiving requests for tools outside approved IT processes.

This doesn’t mean you have to sit in the IT office for days to find out what’s going on. Ask to take a look at their ticketing or helpdesk system. Maybe you can export a list of requests for the past 3 months to start. Make sure you know the definitions of all types of ticket status, and find out which one would match up to inquiries that were reviewed but not resolved. Unresolved inquiries may give you clues to unsanctioned IT. 

If your IT ticketing system supports keyword searches, you might be able to find unapproved IT tools by name. And don’t forget about your IT leaders - they may be pushing requests back to specific departments, in the absence of approved IT. Talk to them to find out about off-the-record conversations and which department heads and managers were included, so you can follow up on unsanctioned IT purchases.

Related: The Changing Role of SAM: On-Premise to the Cloud

Review Transaction Data to Find Unauthorized IT Purchases

3 Ways To Zero in on Unsanctioned ITNow that you’ve checked in with IT, turn your research efforts to a different area of the business: finance. Your finance team may have several areas to look, like employee expense reports or platforms for specific lines of credit. Or it might be as straightforward as logging into an enterprise resource planning (ERP) system and running a transaction report.

Whatever the case, the more tagging and sorting your finance team does, the easier it will be to find shadow IT purchases. However, don’t assume that those tags are always correct. It may be safer the first time around to include all transactions (regardless of any tagging data) and sort them by the transaction name sent back by the vendor. 

Those transaction names can be misleading and/or have zero indication of the vendor’s name. Sorting them by name will allow you batch each name together and find out where they come from, so you can match them up to your approved list of IT vendors.

And one last thing to remember here: employees could be using a combination of corporate cards AND their own personal cards for unapproved purchases. Make sure you capture both types when you review transaction data.

Ask Employees to Help You Bring Shadow IT into the Light

Between your IT and finance departments, you will likely find a lot of clues on unsanctioned IT. However, there may be scenarios outside IT and finance’s purview that you could never predict. In order to capture those edge cases (and reinforce approved methods going forward), you’ll need to enlist the help of employees.

The key here is to let employees know that your goal is to identify unauthorized IT purchases in order to protect the business - NOT to punish any specific employee or department. Make it clear that you understand the need to try out new SaaS tools, and you’ve developed (or are developing) policies to make these types of purchases easier.

This process can be as simple or as complex as you’d like. Share your message at a company meeting, with a follow-up email and an easy form for reporting unapproved IT. Or maybe have employees report purchases to their manager, and then follow-up with those individuals. Ask executives about other similar types of inquiries, and what’s work best in the past.

Related: Get a Handle on Unsanctioned SaaS with These 6 Tactics


Finding unsanctioned SaaS and shadow IT amongst a sea of IT support requests and transaction data will take time - even with employee input. However, there are ways to automate the process using SaaS management tools. Learn how Meta SaaS’s suite of tools can identify shadow IT for your business.

Click Here To Discover Meta SaaS

Did you enjoy this free article? If so, please share it:

Read Other Articles About: Security