John Hill joins the ByteWise team to pull back the curtain on Shadow IT. He kicks off the conversation with a chilling narrative from a hacker's perspective, illustrating how unapproved apps can bypass millions of dollars in security infrastructure. The discussion unpacks what Shadow SaaS is, why well-intentioned employees turn to it, and the significant risks it poses to security, compliance, and even disaster recovery.
However, the episode also explores the flip side: how the presence of Shadow IT can be a valuable warning sign for leadership. It can highlight gaps in your official tech stack, uncover process inefficiencies, and even introduce innovative tools. John provides practical advice for detecting unsanctioned apps and advocates for a modern, partnership-based approach where IT and business units work together to find the best solutions.
Guest Spotlight
-
John Hill: A certified technology resilience, risk management, and cybersecurity expert with over 25 years of experience helping Fortune 500 companies manage and anticipate risks by embedding security into the fabric of business operations.
-
Connect with John: Listeners can connect with John Hill via his LinkedIn Profile.
Key Takeaways
The episode opens with a powerful narrative from a hacker's perspective, reframing the threat of Shadow IT. Instead of complex breaches, hackers can simply create legitimate-looking SaaS tools and wait for employees to willingly hand over sensitive company data. This happens because employees, driven by a need for efficiency, turn to these unapproved applications—or "Shadow SaaS"—when their official tools are clunky or the process to get new software approved is too difficult. The core issue is often not malicious intent, but a desire to get the job done effectively, a motivation that savvy adversaries are all too happy to exploit.
The risks of this practice extend far beyond a simple data breach. John Hill explains how Shadow IT can cripple a company during a crisis. An unknown application embedded in a critical business process can completely derail disaster recovery efforts, leaving IT leaders baffled when systems fail to restore correctly. To get ahead of this, organizations can use several clever detection methods, such as monitoring web traffic with advanced firewalls, analyzing recurring credit card expense reports for small software subscriptions, and conducting a thorough Business Impact Analysis (BIA) to create an accurate map of which tools are truly essential to operations.
Ultimately, the conversation pivots from risk to opportunity. The presence of Shadow IT shouldn't be seen as a failure, but as a valuable feedback mechanism. It provides a clear signal to leadership about where the official tech stack is falling short and can even serve as a source of innovation by revealing highly efficient tools. The episode concludes with a crucial piece of advice for leaders: abandon the adversarial stance. Instead of punishing users, IT should foster a partnership with the business, using the discovery of shadow apps as a starting point for a collaborative conversation to find and implement the best solutions for everyone.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Cardiac Cowboys
The heart was always off-limits to surgeons. Cutting into it spelled instant death for the patient. That is, until a ragtag group of doctors scattered across the Midwest and Texas decided to throw out the rule book. Working in makeshift laboratories and home garages, using medical devices made from scavenged machine parts and beer tubes, these men and women invented the field of open heart surgery. Odds are, someone you know is alive because of them. So why has history left them behind? Presented by Chris Pine, CARDIAC COWBOYS tells the gripping true story behind the birth of heart surgery, and the young, Greatest Generation doctors who made it happen. For years, they competed and feuded, racing to be the first, the best, and the most prolific. Some appeared on the cover of Time Magazine, operated on kings and advised presidents. Others ended up disgraced, penniless, and convicted of felonies. Together, they ignited a revolution in medicine, and changed the world.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.