top of page
Search

Take the SH Out of IT

Take the SH out of IT
Take the SH out of IT

Let’s get one thing straight: IT was supposed to be cool.

It was supposed to be the department that enabled innovation, powered productivity, and helped businesses scale through smart, secure systems. IT was the backbone of modern business—a force for operational efficiency and digital transformation.

But somewhere along the way… things changed.


The Good Old Days (Sort Of)

Back in the 90s and early 2000s, IT was all about control. Every device was provisioned. Every application installed had to go through a ticketing system. Need a CRM? Fill out a request. Need a new reporting tool? Wait three weeks while it gets escalated, evaluated, maybe blessed by InfoSec, and then—just maybe—installed.

It wasn’t exactly agile, but it was structured. There were rules. There was governance. And most importantly: IT knew what was running in their environment.


But as businesses grew and technology evolved, the number of apps exploded. Everyone wanted a better way to do their job—and every department had its own needs. Sales wanted automation. Marketing wanted analytics. Devs wanted speed.

Suddenly, IT found itself saying “no” more than “yes.”

So users started saying “yes” to themselves.


The Install Apocalypse

At first, it was just a few extra apps. A browser extension here. A password manager there. A few rogue installers copied from USB drives. It didn’t seem like much.

But as more people found their own “shortcuts,” IT got buried.

Security patches. Licensing issues. Crashes. Conflicts. Incompatible updates. Endless “it worked yesterday” calls to support.

Workstations turned into Franken-systems. Users had admin rights they didn’t understand. And IT—once seen as builders and enablers—became digital janitors. Cleaning up messes instead of driving innovation.


So the industry reacted. We locked things down.

We removed local admin access. Rolled out software restriction policies. Introduced application whitelisting. We thought we were finally regaining control.

Then SaaS walked in the front door—and took a sledgehammer to all of it.


Enter SaaS: The Cleanest Dirty Workaround

SaaS wasn’t a trickle—it was a tidal wave.

Unlike traditional software, it didn’t require installation or permissions. There was no setup.exe file. No need for a helpdesk ticket. All a user needed was a company email and a Wi-Fi connection.

In minutes, they could start using a tool that hadn’t been vetted, hadn’t been secured, and hadn’t been approved.

And no one told IT.Because they didn’t have to.

SaaS became the cleanest dirty workaround ever invented.


It wasn’t just that it bypassed procurement and security—it made it feel normal. A new AI copywriting tool? Just “sign in with Google.” A CRM dashboard for sales? Just “connect to your calendar.” It was fast. It was frictionless. It was invisible.

And it left IT completely blind.


Shadow IT 2.0: SaaS in the Wild

The term “Shadow IT” used to conjure images of sketchy installers and unapproved hardware.

Today, it’s more dangerous—and harder to detect.

Shadow IT now lives in your browser. It’s:

  • OAuth-connected apps granted access to email, contacts, and calendars

  • AI bots with read/write access to shared drives

  • Tools that users adopt with one click—and forget about by the next quarter

The kicker? These tools don’t leave footprints on a device. They don’t show up in antivirus scans. You can’t uninstall them with RMM tools. They exist entirely in the cloud.

And they often outlive the users who installed them.


Because no one revokes those OAuth tokens. No one audits who still has access. And when that intern leaves or the marketing contractor finishes their project, their accounts remain connected—quietly leaking data into the abyss.

According to a recent IBM report, the average time to identify a breach is still 204 days—plenty of time for SaaS shadow accounts to cause damage (source).


From Gatekeepers to Ghostbusters

So where does that leave modern IT?

In theory, we’ve hardened our environments. We’ve embraced zero trust. We’ve layered on EDR, DLP, CASB, and a dozen acronyms worth of tooling.

But it’s all for nothing if we can’t see the full picture.

SaaS has no perimeter. And the “walls” we spent the last decade building don’t apply to cloud-native services accessed from personal devices, home Wi-Fi, or unmanaged browsers.


We’ve gone from gatekeepers of enterprise tools to ghostbusters chasing phantoms across hundreds of apps.

And every time we find one, it’s the same story:

  • Who signed up for this?

  • What permissions did it request?

  • Is any sensitive data stored here?

  • Is the vendor even compliant?

By the time we get answers, the damage is often already done.


It’s Not Just a Tech Problem—It’s a Trust Problem

Here’s the uncomfortable truth: employees aren’t trying to cause problems. They’re trying to get work done.

They’re tired of waiting for approvals. They want the fastest, best tools available. And if they can sign up for something that solves their problem today? They will.

And that’s the root of the problem.


The gap between what IT controls and what employees actually do has never been wider. And unless we rebuild that trust—unless we meet people where they are—we’ll always be in reaction mode.


In fact, a recent study by Gartner predicts that by 2027, 75% of employees will acquire or develop technology outside IT’s visibility (source).


Taking the SH Out of IT: What Needs to Change

If your IT or security team feels more like a fire brigade than a force multiplier, you’re not alone.

But there’s a better way. It starts with visibility. And continues with automation.

Here’s what modern IT teams need to truly take the “SH” out of IT:

1. Continuous SaaS Discovery

You can’t govern what you can’t see. You need full visibility into:

  • Which apps users have signed up for

  • What permissions have been granted

  • Which tools have access to corporate data

This has to be automatic—not based on surveys, checklists, or hope.


2. Shadow IT Classification

Not all Shadow IT is evil. Some of it just needs review. You need a system that helps you classify:

  • Known and approved apps

  • Tolerated (but not yet vetted) tools

  • High-risk or prohibited services

This triage is how you stop chasing everything and start focusing on what matters.


3. Identity & Account Mapping

OAuth tokens, third-party accounts, forgotten logins—these are the new attack surface.

You need to know:

  • Which identities have access to which apps

  • Whether those identities are still active

  • What data those apps can touch

Without this, you’re one former intern away from a breach.


4. Automated Offboarding

Manual offboarding is the #1 cause of ghost accounts.

When an employee leaves, you need a system that:

  • Detects connected apps

  • Revokes access tokens

  • Deletes unused accounts

This should be automatic, not a post-it note on someone’s checklist.


5. User Education Without Finger-Pointing

Shadow IT isn’t always malicious—it’s often just misunderstood.

Create a culture where users feel comfortable asking for tools. Provide fast approval paths. Educate without condescending. If you make it easier to do things the right way, they will.


A Final Thought

We didn’t lose control of IT because we weren’t smart enough.We lost it because the tech landscape changed faster than our tools could keep up.

But it’s not too late.

It’s time to stop cleaning up messes we didn’t know existed. It’s time to stop pretending SaaS sprawl is just “part of the job.”It’s time to evolve how we see, manage, and secure the apps our teams actually use.

It’s time to take the SH out of IT—and give your team a little dignity back.


Waldo Security: The Visibility Engine for the Modern IT Team

Waldo Security helps IT and security teams find the SH in IT—before it finds you.

Our platform gives you instant visibility into the SaaS tools your users are signing up for, automatically classifies risk, maps user access, and revokes unauthorized apps before they cause damage.


No agents. No blockers. Just real-time SaaS visibility and control where it matters most—OAuth grants, browser-based tools, and the cloud layer everyone forgot about.

Want to see how it works? Check out our free SaaS discovery tool and start cleaning up Shadow IT in minutes—not months.


 
 
 

Comments

bottom of page