April 21, 2025 • 27 mins
Shadow IT: Identifying and Managing Unauthorized Technology Use
In this episode of 'Off the Wire,' Tanner and Anthony discuss 'Shadow IT' and its implications on organizational security and efficiency. They delve into concrete examples, such as unauthorized software subscriptions and unapproved hardware purchases. Tanner and Anthony provide insights on why users engage in Shadow IT and the risks associated with it. They emphasize the importance of communication and understanding user needs to manage and potentially reduce Shadow IT. They also share practical tips and tools for identifying and mitigating the risks related to unauthorized technology use within an organization.
00:00 Introduction and Welcome
00:49 Understanding Shadow IT
01:36 Real-Life Examples of Shadow IT
03:20 Addressing Shadow IT Concerns
08:48 Risks and Security Implications
11:48 Tools and Strategies to Detect Shadow IT
15:59 Effective Communication and User Engagement
24:33 Final Thoughts and Conclusion
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:16):
And the reason we've had that feeling is because it's absolutely true.
this is something that goes on and.
Almost every environment.
and it's called Shadow it.
so we're gonna talk about that night, kind of break it down, give you some tips and tricks on how you can combat this and protect against it.
but before we jump in, if you're not subscribed to us already, please subscribe in whatever platform you're listening or watching us on.
(00:38):
and if you find something valuable that we're talking about tonight.
share it with someone you know, in your network of friends or colleagues, and, help the show grow.
it's really helpful to us to have people share the episode.
So, Anthony, I think as we get started here, I think most people know what shadow it is.
but maybe there's like five people out there, that aren't sure.
(00:58):
.333333334So in your words, what do you consider shadow it? If there's like a definition, what would you give it? Yeah, really the main thing that I think of is where people are either using unauthorized software or even, have subscription services to software, to like cloud-based software or, are running hardware. 18 00:01:19,118.333333334 --> 00:01:23,588.333333334 that isn't provided by the IT department or isn't authorized by the IT department. 19 00:01:23,958.333333334 --> 00:01:28,638.333333334 I'm sure there's other facets to that, but that's really the main thing that comes to mind with shadow it. 20 00:01:30,618.333333334 --> 00:01:32,148.333333334 Yeah, I, I would agree with you there. 21 00:01:32,198.333333334 --> 00:01:33,793.333333334 I really don't have a thing to add. 22 00:01:34,213.333333334 --> 00:01:35,473.333333334 I think you covered it pretty well. 23 00:01:36,73.333333334 --> 00:01:47,793.33333333 Have you, like, do you have some concrete examples from your past, maybe where you're working now or in the past of like, users that have done this? And so maybe give an example of like, something that you've personally experienced, that's considered shadow it. 24 00:01:49,18.33333333 --> 00:02:02,748.33333333 So, yeah, the one example, and I really was pretty aggravated by it, I probably should not have been, it was just someone using SignUpGenius and, I think that's really, it's benign, but I was like, why aren't they using Formstack? We've got Formstack. 25 00:02:03,18.33333333 --> 00:02:04,128.33333333 It's so easy to use. 26 00:02:04,378.33333333 --> 00:02:05,668.33333333 we could have gathered all this information. 27 00:02:06,433.33333333 --> 00:02:10,198.33333333 And, with, signup genius, like you gotta create your own login and stuff like that. 28 00:02:10,198.33333333 --> 00:02:23,998.33333333 And I'm like, are they gonna start spamming us with that? I don't really think that happens, but, it was, it's a small item, I was like, we've been talking about Formstack, we've had classes about it, like we talk, try to get people to use it and then here's someone, rolls out, sign up. 29 00:02:23,998.33333333 --> 00:02:24,238.33333333 Genius. 30 00:02:25,18.33333333 --> 00:02:29,268.33333333 But I don't think that's really a, one to have big concern about. 31 00:02:29,298.33333333 --> 00:02:32,28.33333333 But that was one that really just kind of sticks out. 32 00:02:33,603.33333333 --> 00:02:34,683.33333333 Over the last couple years. 33 00:02:36,63.33333333 --> 00:02:36,393.33333333 Yeah. 34 00:02:36,393.33333333 --> 00:02:37,523.33333333 I think that's a good one, though. 35 00:02:37,523.33333333 --> 00:02:44,68.33333333 I mean, no matter if they're small or what we consider something large, I think that's a perfect example. 36 00:02:44,68.33333333 --> 00:02:47,893.33333333 I think I've given this example on a prior episode, but if I haven't, I. 37 00:02:48,233.33333333 --> 00:02:52,363.33333333 we did a, we were looking for a project management tool, and we started doing the evaluation. 38 00:02:52,363.33333333 --> 00:02:56,923.33333333 I think I actually talked about it on the project management episode there, but we did an evaluation. 39 00:02:56,923.33333333 --> 00:03:03,683.33333333 We started talking to different departments and come to find out, we already had three project management tools, so people were using, different ones. 40 00:03:03,683.33333333 --> 00:03:05,903.33333333 I've seen, I've seen someone buy a monitor. 41 00:03:05,973.33333333 --> 00:03:12,773.33333333 that was an odd one, they didn't feel like the monitor we gave them was large enough at the time, so, they went and bought their own, so. 42 00:03:13,38.33333333 --> 00:03:20,518.33333333 that one I think might even be more benign, but, basically to your point, you, it's people basically finding their own solution. 43 00:03:20,768.33333333 --> 00:03:31,828.33333333 so I guess initially, and I don't know how you feel about this, but initially I was like, kinda my first reaction to this is to get like really upset and be like, what in the world? this is like our arena. 44 00:03:31,858.33333333 --> 00:03:34,798.33333333 We're the ones managing the technology you should be asking us. 45 00:03:35,348.33333333 --> 00:03:38,618.33333333 but I haven't always thought about this and I think it's something that. 46 00:03:39,503.33333333 --> 00:03:42,203.33333333 We need to maybe ask ourselves first. 47 00:03:42,663.33333333 --> 00:03:59,588.33333333 and that's why would you say users go outside, you know, to use these tools? Like why do they go sign up for these things or buy their own monitor? do you ever ask yourself that? Yeah, actually, I can think of one that's really something you really don't want. 48 00:03:59,643.33333333 --> 00:04:09,833.33333333 I had a user go buy a laptop, and when I found that out, I was talking to her, I was like, well, why did you get the laptop? And she's like, well, I only have a desktop. 49 00:04:09,833.33333333 --> 00:04:14,113.33333333 And like, she works like in the field a lot and needs to have a laptop. 50 00:04:14,113.33333333 --> 00:04:14,623.33333333 And I was like. 51 00:04:15,598.33333333 --> 00:04:22,948.33333333 I was like, you know, I, I, sorry, I don't wanna say her name, but I, I was like, you know, if you would've just let us know that you needed this, like we would a hundred percent. 52 00:04:23,248.33333333 --> 00:04:25,435.83333333 I said, I, we will go get you a laptop right now. 53 00:04:26,348.33333333 --> 00:04:37,478.33333333 it, it really kind of hurt my feelings that she felt this was when I first got to the organization, but it really hurt my feelings that she thought that we wouldn't provide the tools that she needs to do her job. 54 00:04:38,168.33333333 --> 00:04:40,478.33333333 And I know that's the flip side, but that's where. 55 00:04:40,908.33333333 --> 00:04:43,38.33333333 and a lot of people may feel that way and that's why they do it. 56 00:04:43,128.33333333 --> 00:04:44,538.33333333 But that, I don't know. 57 00:04:44,538.33333333 --> 00:04:56,818.33333333 I was really just taken back that she felt so little of us being able to provide her with the equipment that she needs to work, that she went out and got her own self a laptop, And that's quite a bit of money, for someone to buy. 58 00:04:57,586.66666667 --> 00:05:02,586.66666667 Yeah, that would be, that's definitely a little different, I think, than maybe even though some of the other ones we mentioned. 59 00:05:03,246.66666667 --> 00:05:05,916.66666667 But I still, I still think it points to like kind of the why. 60 00:05:05,976.66666667 --> 00:05:06,306.66666667 Right. 61 00:05:06,426.66666667 --> 00:05:09,66.66666667 Do you think there was like, I don't know, there was a. 62 00:05:09,596.66666667 --> 00:05:27,476.66666667 Some sort of, I wanna call it like a prior administration to use like kind of a, a political term, but in the prior administration, prior to you getting there, do you think there was something that kind of led to that kind of behavior? Was there, you know, kind of a, you know, an attitude, did she approach them before or anything like that? I'm not sure. 63 00:05:27,596.66666667 --> 00:05:33,236.66666667 The one thing I have seen, some IT departments do this and this is really what you don't want to have. 64 00:05:33,266.66666667 --> 00:05:40,916.66666667 I've seen some IT departments where they are kind of like the bottleneck or the gatekeeper o of all technology. 65 00:05:41,306.66666667 --> 00:05:46,976.66666667 Like you want a laptop, your manager thinks that you should have a laptop, and it's like, no, we're not doing it. 66 00:05:47,366.66666667 --> 00:05:52,66.66666667 And not really giving justification, just It's really just kind of like they got the power and they use it like that. 67 00:05:52,66.66666667 --> 00:05:55,606.66666667 I haven't seen that very often, but I've definitely seen that. 68 00:05:55,606.66666667 --> 00:05:57,676.66666667 I don't know if this is what the individual felt. 69 00:05:57,946.66666667 --> 00:06:02,126.66666667 Hopefully that wasn't the case, but I've definitely seen that, there must have been something there. 70 00:06:02,756.66666667 --> 00:06:05,206.66666667 Yeah, I think we gotta be careful, right? as. 71 00:06:06,796.66666667 --> 00:06:10,366.66666667 Folks to not, I don't think many of us have that attitude. 72 00:06:10,366.66666667 --> 00:06:14,646.66666667 Well, I hope, let's just say I hope no one has an attitude currently, that's listening to us. 73 00:06:14,886.66666667 --> 00:06:18,636.66666667 But even if you do, I think that's something you really gotta look at. 74 00:06:19,446.66666667 --> 00:06:21,36.66666667 Be introspective and figure out why. 75 00:06:21,346.66666667 --> 00:06:24,676.66666667 'cause we really shouldn't be, we shouldn't be power hungry in that way. 76 00:06:25,66.66666667 --> 00:06:28,36.66666667 And just saying like, well, we decide what goes in here or not. 77 00:06:28,876.66666667 --> 00:06:35,346.66666667 One thing I think, and I've learned, in the past couple weeks, I've been having some discussions with, with different employees about strategy. 78 00:06:35,466.66666667 --> 00:06:43,566.66666667 And one thing that's come up a lot, and I think maybe us as technology professionals aren't as good at and is that, is communication. 79 00:06:43,866.66666667 --> 00:06:47,496.66666667 I think sometimes we will communicate maybe one time, but not enough. 80 00:06:47,736.66666667 --> 00:06:48,186.66666667 Right. 81 00:06:48,546.66666667 --> 00:06:58,826.66666667 And one thing we're terrible at is communicating why, especially we talked about this a little bit, some prior episodes, but you gotta communicate why someone can't have something. 82 00:06:58,986.66666667 --> 00:07:06,606.66666667 it can't just be, no, you can't have this laptop, which is probably what maybe she was told before, but it has to be like. 83 00:07:07,116.66666667 --> 00:07:13,996.66666667 No, you can't have this laptop because we need to provide one through the business or no, you can't have one because this is like, some sort of risk that it brings up. 84 00:07:14,296.66666667 --> 00:07:18,886.66666667 Maybe that site you talked about with all the ads, there's, potential risk, things like that. 85 00:07:19,336.66666667 --> 00:07:20,416.66666667 But gotta explain the why. 86 00:07:20,626.66666667 --> 00:07:33,106.66666667 and I think something that I've learned at least in the past few years, and I didn't always think this in my career, is when people are looking for a solution, it's because there's a need for a solution. 87 00:07:34,186.66666667 --> 00:07:34,486.66666667 Right. 88 00:07:34,486.66666667 --> 00:07:43,96.66666667 Most of the time I've had very few people ask me for anything, whether that's hardware, software, or otherwise, that they didn't have a pretty good use case for. 89 00:07:43,216.66666667 --> 00:07:44,926.66666667 Have you had that? I mean, I haven't had that. 90 00:07:45,736.66666667 --> 00:07:54,517.66666667 No, and that's one of the things I really try to tell end users, if there's a business use for it, we're likely to provide it. 91 00:07:55,326.66666667 --> 00:07:59,196.66666667 Hopefully, I don't think anyone feels that way, but you're right about the communications. 92 00:07:59,196.66666667 --> 00:08:10,86.66666667 And one thing I take for granted, and I do this quite often, is, I may have had a either a conversation with a small group of people or even with if, with the whole company, but it was three years ago. 93 00:08:10,116.66666667 --> 00:08:15,296.66666667 Well that doesn't mean, all the people that started after that point, know what our stance is on something. 94 00:08:15,796.66666667 --> 00:08:16,276.66666667 so. 95 00:08:17,311.66666667 --> 00:08:22,136.66666667 I definitely think communications is a weak point, and the other thing is you gotta keep repeat repeating the message. 96 00:08:22,833.33333334 --> 00:08:23,553.33333334 Yeah, I would agree with that. 97 00:08:23,553.33333334 --> 00:08:25,83.33333334 we talk about that with new employees. 98 00:08:25,723.33333334 --> 00:08:32,503.33333334 we can train a new employee, on something, but like if we don't train them ever so often, like they're not really getting that reinforcement of it. 99 00:08:33,53.33333334 --> 00:08:33,683.33333334 and that goes for. 100 00:08:34,508.33333334 --> 00:08:41,658.33333334 Not just like their skills, but also what our policy is on things like, what is was the process for getting some sort of new thing. 101 00:08:42,288.33333334 --> 00:08:47,198.33333334 I think we mentioned on it a little bit, but, shadow it, especially on the software side, but hardware too. 102 00:08:47,198.33333334 --> 00:08:48,278.33333334 really it could be either way. 103 00:08:49,18.33333334 --> 00:08:50,878.33333334 there's some risk associated with it. 104 00:08:50,878.33333334 --> 00:08:54,648.33333334 So, I've seen some people, go way down the rabbit hole. 105 00:08:54,648.33333334 --> 00:08:57,438.33333334 Bring your own device, But there are some risks to that. 106 00:08:57,438.33333334 --> 00:09:09,515.66666667 And like in your mind, what are like the biggest risk, for, having these unauthorized different applications and or potentially devices in your environment? just one of the fundamentals of security is the know what's on your network. 107 00:09:09,545.66666667 --> 00:09:13,825.66666667 And my thing is, is you know, we're, we. 108 00:09:14,360.66666667 --> 00:09:20,790.66666667 It people, we kind of have the know-how of, how to dig into things, but you could have a end user. 109 00:09:21,240.66666667 --> 00:09:35,110.66666667 It is not so much a risk with like iOS devices, but say you got Androids or whatever, you know, they, if they jailbreak their phone or something like that, or using, some kind of app where it's, logging your data or anything like that. 110 00:09:35,210.66666667 --> 00:09:39,640.66666667 or maybe they, if they bought hardware, if they got it off to somewhere used, then you know. 111 00:09:40,630.66666667 --> 00:09:46,0.66666667 it was loaded with something previously or something like that there, there's a lot of ways it can bring risk into your network. 112 00:09:46,210.66666667 --> 00:09:57,940.66666667 The big thing is for us, and this is going beyond that, is the reason we tell people we need to know, one of the reasons we need to know is just so we can look at it from a security aspect, whatever it is. 113 00:09:57,970.66666667 --> 00:10:04,30.66666667 And and I tell them, like, we're not looking to say no, like we just want to evaluate it and find out the risk upfront. 114 00:10:04,60.66666667 --> 00:10:06,380.66666667 And two, we need to find out, how we can mitigate or. 115 00:10:06,695.66666667 --> 00:10:08,645.66666667 Get rid of the risk, if at all possible. 116 00:10:09,275.66666667 --> 00:10:15,645.66666667 yeah, to your point, it's not about saying no per se, but it's about applying the right restrictions, applying the rule set, maybe putting it on a network. 117 00:10:16,425.66666667 --> 00:10:17,985.66666667 Got a pretty funny story actually. 118 00:10:18,15.66666667 --> 00:10:26,685.66666667 So, We, we use, a cloud-based, AP product, and we got an alert, we were looking inside of our cloud, inside the interface there. 119 00:10:26,685.66666667 --> 00:10:27,285.66666667 And we got an alert. 120 00:10:27,285.66666667 --> 00:10:35,215.66666667 And when there was like, there was this device, we got a secure alert and then we got alert inside there, and it was contacted China every five minutes. 121 00:10:35,605.66666667 --> 00:10:36,805.66666667 It was reaching out to China. 122 00:10:37,355.66666667 --> 00:10:42,815.66666667 I don't know what it was doing, getting instructions or whatever, and every five minutes, boom, boom, boom, boom, boom. 123 00:10:42,815.66666667 --> 00:10:43,85.66666667 We're like. 124 00:10:43,910.66666667 --> 00:10:44,630.66666667 We've been hacked. 125 00:10:44,660.66666667 --> 00:10:51,920.66666667 You know, we, uh, for sure thought like someone's plugged in something and like, so we started doing like an investigative. 126 00:10:51,920.66666667 --> 00:10:56,280.66666667 I mean, it really turned into, some sort of, I don't know, like a device hunt instead of a manhunt. 127 00:10:56,280.66666667 --> 00:11:04,430.66666667 But, We looked at the ap, we knew it had to be in a certain area and we sent like IT employees and they were going door to door, to knocking on people's offices. 128 00:11:04,430.66666667 --> 00:11:10,850.66666667 Like, what do you have in your office? Do you have any Android phones? Do you have any, like, anything that people were like, I don't know, it was, it was funny. 129 00:11:10,970.66666667 --> 00:11:13,670.66666667 and come to find out it was a picture frame. 130 00:11:14,370.66666667 --> 00:11:17,40.66666667 someone had a picture frame and they had logged in. 131 00:11:17,500.66666667 --> 00:11:21,610.66666667 it was on our guest network, so you know, it was already like sequestered a little bit there. 132 00:11:22,340.66666667 --> 00:11:25,730.66666667 but it was checking in to see if there's new photos basically is what it was doing. 133 00:11:25,730.66666667 --> 00:11:32,920.66666667 And, it was so funny, like people are so nervous, people just typing away and like, someone on your door, like, we're here from it. 134 00:11:33,280.66666667 --> 00:11:41,580.66666667 What have you got in your office? but, but anyway, but yeah, that was an example of that, right? and, a really like, benign use case, right? Just wanna have pictures of their family. 135 00:11:41,940.66666667 --> 00:11:42,600.66666667 But again. 136 00:11:43,275.66666667 --> 00:11:47,35.66666667 sharing that where we can better protect it, I think is really useful. 137 00:11:48,115.66666667 --> 00:12:09,930.66666667 Is there a, is there any like, easy ways in your mind to spot shadow? It is like something that like tips you off to it or, have you, in the past, whenever you have noticed it, like what, what made you notice it? Was it just you kind of happened across it or? In the early days, it was definitely just we would come across it. 138 00:12:09,990.66666667 --> 00:12:14,910.66666667 We're starting to get tools in place that make us aware. 139 00:12:14,910.66666667 --> 00:12:16,980.66666667 We don't look for it to block it. 140 00:12:16,980.66666667 --> 00:12:20,200.66666667 We just look for it to be aware of it, nine times outta 10. 141 00:12:20,200.66666667 --> 00:12:22,60.66666667 It's something that they have to have for work. 142 00:12:22,110.66666667 --> 00:12:26,770.66666667 a lot of times it's where, they're working with another organization and that's how they use tools. 143 00:12:26,840.66666667 --> 00:12:28,215.66666667 I wouldn't say there's no easy way. 144 00:12:28,430.66666667 --> 00:12:39,410.66666667 the things that kind of stick out on how we see things lately, and right now it's really just us documenting and knowing that it's on our network is, uh, we have a, uh, a DNS tool. 145 00:12:40,190.66666667 --> 00:12:49,120.66666667 We were using the Palo Altos for DNS, but we took a stab at DNS filter and, it does a good job of showing applications and stuff that's running. 146 00:12:49,540.66666667 --> 00:12:54,495.66666667 And then another tool that I never really expected to help us with it is Avanan. 147 00:12:54,515.66666667 --> 00:12:57,725.66666667 It's, uh, email filtering tool, email security tool. 148 00:12:58,325.66666667 --> 00:13:04,605.66666667 And, it actually has a shadow IT report and it shows what's, it shows who's using it and what's using it. 149 00:13:05,220.66666667 --> 00:13:12,150.66666667 I think how it gets it is basically, you know, if you use Dropbox, you're gonna get a email, you gotta register with your email, and then you get the email. 150 00:13:12,210.66666667 --> 00:13:17,920.66666667 Well, that's what they're reporting on is, who's received what emails from, what software service and stuff like that. 151 00:13:17,920.66666667 --> 00:13:23,840.66666667 And I know CrowdStrike has, some shadow IT reporting, but for the most part, that's what we're seeing. 152 00:13:23,900.66666667 --> 00:13:31,140.66666667 and definitely just talking with people and, if you got people that don't feel comfortable, if they think you're out to get them. 153 00:13:31,695.66666667 --> 00:13:36,175.66666667 They're not gonna share that information with you saying, Hey, we were using this tool, to do this. 154 00:13:36,265.66666667 --> 00:13:43,445.66666667 And, so I really think it's important to, make sure you're not going at it with a, with a bat, ready to wreck some stuff. 155 00:13:43,475.66666667 --> 00:13:49,805.66666667 You need to be talking to them and, being nice and polite about it, because they, most of the time they legitimately need it. 156 00:13:49,865.66666667 --> 00:13:56,405.66666667 But if you're, uh, you know, being real negative or mean to them about using something, then they're never gonna report it again. 157 00:13:57,655.66666667 --> 00:13:59,275.66666667 Yeah, I totally agree with that. 158 00:13:59,755.66666667 --> 00:14:01,45.66666667 We've seen some things. 159 00:14:01,95.66666667 --> 00:14:02,55.66666667 I like the email idea. 160 00:14:02,55.66666667 --> 00:14:02,955.66666667 That's a pretty neat one. 161 00:14:03,115.66666667 --> 00:14:08,565.66666667 we've done some looking, I heard about a product at a conference and we've done some looking into it. 162 00:14:08,565.66666667 --> 00:14:11,305.66666667 Hadn't decided on, we haven't really fully evaluated it, but. 163 00:14:11,810.66666667 --> 00:14:12,890.66666667 product called Keep Aware. 164 00:14:13,20.66666667 --> 00:14:21,140.66666667 if for anyone out there might not have heard of it, basically in a nutshell, it like, it extends the browser, and basically gives you control over the browser. 165 00:14:21,570.66666667 --> 00:14:24,270.66666667 so you can take like Google Chrome or Edge or whatever. 166 00:14:24,795.66666667 --> 00:14:26,355.66666667 And make it into an enterprise browser. 167 00:14:26,685.66666667 --> 00:14:44,255.66666667 and then based on their controls, you can basically enforce, or just kind of remind people, right? so it knows based on like where people are going, if they're going to, chat, like open AI to do ChatGPT or something like that, it can say, there our policy is, not to allow this AI client. 168 00:14:44,255.66666667 --> 00:14:45,305.66666667 Do you still want to continue. 169 00:14:45,650.66666667 --> 00:14:46,850.66666667 Or you can enforce it. 170 00:14:47,310.66666667 --> 00:14:52,360.66666667 does that all through like logins and different things like that? Obviously, looking at where they're going online. 171 00:14:53,120.66666667 --> 00:15:06,770.66666667 but it has some pretty cool features as well about like if you type in like a social security number into the browser anywhere, it'll basically like say, Hey, this is like PII plus you sure you want to share this with whatever it is, even before you hit enter or something like that. 172 00:15:06,770.66666667 --> 00:15:08,210.66666667 So some pretty neat things. 173 00:15:08,210.66666667 --> 00:15:11,210.66666667 We're looking into that, that haven't purchased it, so I can't say. 174 00:15:11,535.66666667 --> 00:15:15,195.66666667 how well it works or anything, but did hear about that. 175 00:15:15,955.66666667 --> 00:15:21,215.66666667 we've done some stuff, just some blocking of, and really we didn't come at this from a shadow IT perspective. 176 00:15:21,345.66666667 --> 00:15:37,825.66666667 we came at this just from a, exfiltration, we did block some of the clients, just the cloud, cloud like Dropbox, you mentioned Box and some of the other, Google Drive some of the other cloud storage ones, and that's mainly just for data Exfiltration wasn't necessarily for someone not using that. 177 00:15:38,125.66666667 --> 00:15:39,745.66666667 but we have blocked some of those. 178 00:15:40,48.79166667 --> 00:15:42,935.66666667 so I think you mentioned something you said. 179 00:15:43,415.66666667 --> 00:15:49,425.66666667 I think really like we kind of, I don't know this, the title of this episode, stop shadow it with one Easy trick. 180 00:15:49,945.66666667 --> 00:15:51,715.66666667 little bit Click Baitey, I guess, but. 181 00:15:52,645.66666667 --> 00:15:56,65.66666667 You mentioned something, and I think you really got to, you hit the nail on the head. 182 00:15:56,95.66666667 --> 00:15:58,979.41666667 The one easy trick really is you gotta talk to people. 183 00:15:59,465.66666667 --> 00:16:00,605.66666667 that is the number one thing. 184 00:16:01,115.66666667 --> 00:16:14,225.66666667 how do you, like, if you talk to people and understand the issues they're having, you're gonna understand why they might look for a certain solution and you're gonna, if you're gonna, if you know their issues, you're gonna put solutions in place that take care of those issues. 185 00:16:14,225.66666667 --> 00:16:18,315.66666667 So you talked about that like really two-way, discussion that needs to happen. 186 00:16:18,955.66666667 --> 00:16:20,965.66666667 between IT and really all users. 187 00:16:21,155.66666667 --> 00:16:48,470.6666667 so in your environment, how do you do that? I, for the person out there listening that's like been tasked with like, doing all this and hasn't really thought about actually having conversations with the users about what they need, like how do you go about that? Do you have like, any kind of technique? Do you do that like annually or just ad hoc or what? I feel like it takes a lot of different types and not saying we're perfect by no means, but I think a lot of it is just one being approachable. 188 00:16:48,680.6666667 --> 00:16:51,390.6666667 Like if you're not approachable, you're not gonna get anywhere. 189 00:16:51,820.6666667 --> 00:16:53,260.6666667 but there's much more to that one. 190 00:16:53,310.6666667 --> 00:16:58,350.6666667 people may try to get a product because they think you don't have a solution for that. 191 00:16:58,650.6666667 --> 00:17:02,970.6666667 one is just making sure people are knowledgeable of all the solutions that you already have in your environment. 192 00:17:03,480.6666667 --> 00:17:10,530.6666667 And, we do, we do like lunch and learns and we talk about solutions that we have and try to showcase ways that you can use that. 193 00:17:10,980.6666667 --> 00:17:15,910.6666667 I really just think it, it takes a whole lot, of communicating in different ways to get that point across. 194 00:17:15,940.6666667 --> 00:17:21,835.6666667 I don't know that there's a one easy button that's really just to communicate, communicate, communicate is my thing. 195 00:17:23,740.6666667 --> 00:17:29,335.6666667 I think, I guess definitely from the conversation I've been having, and I would say I encourage all the folks listening. 196 00:17:30,155.6666667 --> 00:17:37,695.6666667 if you're not having those conversations, at least on an annual basis, I would say, it's good to have ad hoc conversations, people in the hall, that kind of thing. 197 00:17:38,365.6666667 --> 00:17:43,885.6666667 but I think there's something to be said for just going and meeting someone where they're at, not in a meeting or, something like that. 198 00:17:43,885.6666667 --> 00:17:51,535.6666667 Or not on the way to a meeting, but just actually going out to where the person works or maybe even spending time with 'em in the, in whatever their work area is. 199 00:17:51,535.6666667 --> 00:17:55,315.6666667 Maybe that's the field, maybe that's just at their office out in the district. 200 00:17:55,985.6666667 --> 00:18:05,535.6666667 spending some time with him, getting 'em around the table, buying breakfast, people understand, like come with open arms, And to your point, be readily approachable and just ask 'em. 201 00:18:05,535.6666667 --> 00:18:12,685.6666667 Like, I've had some, I've had some meetings with our front office staff the past, a few weeks and I can't meet with every single employee every year. 202 00:18:12,905.6666667 --> 00:18:15,515.6666667 so what I try to do is meet with different groups each year. 203 00:18:16,65.6666667 --> 00:18:18,555.6666667 like maybe it's a front office, maybe it's our operational staff. 204 00:18:19,125.6666667 --> 00:18:23,775.6666667 Maybe it's our administrative staff, that kind of thing, and people at different levels. 205 00:18:23,775.6666667 --> 00:18:42,65.6666667 But basically going out to them and just saying, what do we do that works? What do we do that doesn't work? What frustrates you about your job? what things could be better? Is there anything, do you have any ideas about technology? I think we put an undue amount of stress on ourselves to be the one that under that knows every single solution. 206 00:18:42,65.6666667 --> 00:18:42,905.6666667 Every possible. 207 00:18:43,205.6666667 --> 00:18:43,625.6666667 Right. 208 00:18:44,525.6666667 --> 00:18:45,845.6666667 Like, we don't have to know everything. 209 00:18:45,845.6666667 --> 00:18:47,795.6666667 There are a lot of good people in our environment. 210 00:18:48,305.6666667 --> 00:18:49,385.6666667 People hear all kinds of things. 211 00:18:49,385.6666667 --> 00:18:50,315.6666667 They hear news stories. 212 00:18:50,555.6666667 --> 00:18:55,365.6666667 Me and you were talking pre-show, you were sharing with me about, a particular story you had heard this week. 213 00:18:55,365.6666667 --> 00:18:56,265.6666667 I had never heard of it. 214 00:18:56,985.6666667 --> 00:18:59,985.6666667 Now, had I just like gone on my own and been like, I'm the solutions architect. 215 00:18:59,985.6666667 --> 00:19:01,875.6666667 I'm, I'm gonna figure out what the solution is. 216 00:19:02,265.6666667 --> 00:19:03,795.6666667 That would be a data point that I never had. 217 00:19:04,275.6666667 --> 00:19:08,865.6666667 So don't be afraid to ask people, even people that are not in technology, like what they've heard. 218 00:19:09,485.6666667 --> 00:19:12,35.6666667 sometimes people in certain areas of your. 219 00:19:12,540.6666667 --> 00:19:14,700.6666667 we think about things from an IT perspective. 220 00:19:14,850.6666667 --> 00:19:22,20.6666667 Well, accountants think about things from an accounting perspective and they go to the conferences about accounting and they talk about solutions that other accountants use. 221 00:19:22,440.6666667 --> 00:19:24,390.6666667 So maybe they've heard something that you haven't heard about. 222 00:19:24,390.6666667 --> 00:19:26,580.6666667 Are you an accountant? You might not have heard of that. 223 00:19:26,580.6666667 --> 00:19:29,850.6666667 So, definitely meet people on their level. 224 00:19:30,70.6666667 --> 00:19:33,10.6666667 and just ask 'em like, what pains you about what you do? And someone. 225 00:19:33,970.6666667 --> 00:19:36,750.6666667 Every single person in your environment is gonna have that list in their brain. 226 00:19:36,750.6666667 --> 00:19:38,10.6666667 They don't have to come prepared. 227 00:19:38,130.6666667 --> 00:19:39,990.6666667 Like they're gonna be able to spout it out right away. 228 00:19:40,380.6666667 --> 00:19:42,760.6666667 And I've heard that, these past couple weeks. 229 00:19:43,100.6666667 --> 00:19:46,790.6666667 and if you ever need a project idea, definitely just ask a user. 230 00:19:46,820.6666667 --> 00:19:49,260.6666667 'cause, they can give you about 25 of 'em right away. 231 00:19:50,260.6666667 --> 00:19:54,260.6666667 One thing just to add onto that, I think one thing I try to do. 232 00:19:55,550.6666667 --> 00:20:03,510.6666667 Well is really just meet all different, all the different types of employees that we have and just knowing that, you know, we're there for them. 233 00:20:03,510.6666667 --> 00:20:05,820.6666667 it is customer service whether you like it or not. 234 00:20:06,330.6666667 --> 00:20:14,80.6666667 And like when it comes to a lineman, like, I make sure, we issue them iPads like, but I make sure you have a good DC charger for your truck. 235 00:20:14,80.6666667 --> 00:20:16,480.6666667 Do you got cables? And I, I keep like I. 236 00:20:17,215.6666667 --> 00:20:26,655.6666667 That stuff, it doesn't cost a whole lot, but just having good charging equipment, for them, like they know that they can come to it if they have something that they need. 237 00:20:26,965.6666667 --> 00:20:36,615.6666667 when I go into member services, I look at it like, is there any way, we could do anything better with it? Like, is there anything you guys need, you know, to help you do your job? And I think. 238 00:20:37,680.6666667 --> 00:20:41,430.6666667 Like you said, just, meeting with people, like it definitely helps out. 239 00:20:41,430.6666667 --> 00:20:47,570.6666667 And I try to really do it with, I do it with the VPs, like, is there anything you guys need for, I mean at least do it annually. 240 00:20:47,600.6666667 --> 00:20:51,360.6666667 'cause I'm like, is there anything you guys need from us, for next year's budget and stuff like that. 241 00:20:51,360.6666667 --> 00:20:55,700.6666667 But also try to meet just with the normal employees and just make sure that they have anything that they need. 242 00:20:56,240.6666667 --> 00:21:00,990.6666667 And really, if you're providing good equipment and they know what your rotation is. 243 00:21:01,590.6666667 --> 00:21:06,790.6666667 You know that, everyone knows that they're gonna get a new iPad or a new laptop or desktop after so many years. 244 00:21:06,790.6666667 --> 00:21:08,650.6666667 'cause we communicate, what our rotation is. 245 00:21:09,100.6666667 --> 00:21:10,990.6666667 They really don't ask for a whole lot. 246 00:21:10,990.6666667 --> 00:21:12,730.6666667 And, when they do, it's, it's really needed. 247 00:21:13,150.6666667 --> 00:21:20,310.6666667 And then the other part I would say is you gotta, for every person that will ask for something, you're gonna have two or three that are afraid to ask. 248 00:21:20,910.6666667 --> 00:21:25,55.6666667 And, one, I talked about on a previous episode, I was out with the stakers. 249 00:21:25,385.6666667 --> 00:21:30,925.6666667 With their iPads and they're out, they're with maps out on their iPad and we were getting 'em regular iPads. 250 00:21:31,398.1666667 --> 00:21:35,635.6666667 And I looked at it and I was like, how can you see this? Like, I can't see anything on this map. 251 00:21:36,25.6666667 --> 00:21:38,125.6666667 And, 'cause it was, you know, a bright daylight out. 252 00:21:38,545.6666667 --> 00:21:55,955.6666667 And, uh, anyways, we went and it cost money, but we went and got them iPad pros and the, but the lit or the knit, brightness was twice as much and it was, you could clearly see the screen, switching out those iPads, to go from a $400 iPad to a thousand dollars iPad is quite a jump, but they're using that for five years. 253 00:21:55,985.6666667 --> 00:21:59,985.6666667 Like, so I don't think it's, if you break that down per year, it's not a whole lot to ask. 254 00:22:00,15.6666667 --> 00:22:06,255.6666667 it's for people to do their jobs and anyways, that's one thing I really try to be good at and spend some time at. 255 00:22:07,650.6666667 --> 00:22:08,760.6666667 Yeah, that's a great point. 256 00:22:08,810.6666667 --> 00:22:13,920.6666667 I had a mentor, previous boss, doing in my position that I'm in now and. 257 00:22:14,460.6666667 --> 00:22:19,620.6666667 I guess I was always thinking like cost consciousness, and I'm not saying go blow money. 258 00:22:19,870.6666667 --> 00:22:24,10.6666667 some people will have different, there's different levels of budget and what you're allowed to do and what you're not. 259 00:22:24,10.6666667 --> 00:22:39,880.6666667 But he, I was always pretty cost conscious, like, do we really need a third monitor for this person? Do we really need a second monitor for this person? And one thing he told me is he said, the cost of whatever that is will be made up in the productivity before you can even think about it. 260 00:22:39,940.6666667 --> 00:22:42,490.6666667 Basically, like if we have that second monitor. 261 00:22:42,895.6666667 --> 00:22:55,735.6666667 It's what, $200, $300? Like if you can get them to do things, if you can get 10 minutes a day of productivity outta that person, then that cost of that monitor is gonna be of no consequence in a few months. 262 00:22:56,225.6666667 --> 00:22:59,265.6666667 so I think that's something to think about too, is. 263 00:23:01,30.6666667 --> 00:23:09,155.6666667 a solution that might have a little bit of a cost, can it provide a lot of value? Can it provide productivity savings? Then it really maybe doesn't have as much cost as you think. 264 00:23:09,305.6666667 --> 00:23:18,705.6666667 one thing I know, and you, it kind of goes through the communication thing you mentioned earlier, and something that I've in the past few years has been something I've experienced a lot. 265 00:23:18,818.1666667 --> 00:23:22,85.6666667 and that is basically making sure we're involving others. 266 00:23:22,635.6666667 --> 00:23:25,725.6666667 in the projects that we do, there are many projects. 267 00:23:25,725.6666667 --> 00:23:32,985.6666667 A lot of projects maybe you think they're an IT only project, but they might not be obviously and making sure that everyone is involved. 268 00:23:33,135.6666667 --> 00:23:38,415.6666667 So you might be thinking to yourself, well what does I have to do with shadow it? Right? that is like actual it, not shadow it. 269 00:23:39,415.6666667 --> 00:23:45,775.6666667 but what I'll say is when you involve others in your projects, they are very likely to involve you in theirs. 270 00:23:45,955.6666667 --> 00:23:46,585.6666667 and. 271 00:23:47,410.6666667 --> 00:23:52,930.6666667 Whenever they do need that solution, whenever they do need that, they're gonna look at you as like a trusted advisor. 272 00:23:53,500.6666667 --> 00:24:03,920.6666667 and because you were there and you looked at them as a trusted advisor in a particular area, so I know sometimes we, a lot of life comes back to simple things, the whole golden rule. 273 00:24:03,920.6666667 --> 00:24:06,590.6666667 Treat others like you would like to be treated, involve others. 274 00:24:06,680.6666667 --> 00:24:07,520.6666667 They will involve you. 275 00:24:08,160.6666667 --> 00:24:09,300.6666667 and that's really the best trick. 276 00:24:09,300.6666667 --> 00:24:16,140.6666667 Obviously you want to have some of those things we talked about earlier, those technology things to, to monitor things, versus block them. 277 00:24:16,140.6666667 --> 00:24:21,460.6666667 I think monitoring's the better solution there, so that you can really have a conversation with that person. 278 00:24:21,770.6666667 --> 00:24:32,665.6666667 but yeah, you can have those things, but ultimately having that good relationship with that person so that they're gonna actually come to you when they need something, is really, where it's at. 279 00:24:32,965.6666667 --> 00:24:33,255.6666667 Okay. 280 00:24:34,255.6666667 --> 00:24:42,435.6666667 Anthony, any final words or tips for the listeners, with Shadow it? I think it's a complex problem that maybe has simple answers. 281 00:24:42,915.6666667 --> 00:24:54,810.6666667 anything, any kind of final words you wanna leave them with? Yeah, just you know, from a IT perspective, just remember we're there to make all the end users better and more efficient at their job. 282 00:24:54,810.6666667 --> 00:24:57,630.6666667 We're there to be enablers, not disablers, not. 283 00:24:58,290.6666667 --> 00:24:58,860.6666667 You can't do it. 284 00:24:58,860.6666667 --> 00:25:04,796.9166667 And granted, we gotta protect our networks and stuff like that, if your default answer is no, like you need to change that. 285 00:25:04,880.6666667 --> 00:25:09,790.6666667 And, talk about those little things like the Chargers and, you talk about having, third monitor and stuff like that. 286 00:25:09,790.6666667 --> 00:25:32,390.6666667 If you look at what even, one of your lowest paid people, if you look at what they're paid plus their benefits and stuff like that, what is a two or $300 monitor really, What is that gonna cost you versus what you're gonna gain outta that person, you know, over the lifetime of that device? I think if you have good customer service, folks aren't gonna really go behind your back and try to buy new hardware or, buy their own equipment and stuff like that. 287 00:25:32,390.6666667 --> 00:25:37,800.6666667 I've heard definitely at organizations where, like engineering is buying equipment because it won't provide it. 288 00:25:37,850.6666667 --> 00:25:39,560.6666667 you definitely don't wanna be in that scenario. 289 00:25:39,950.6666667 --> 00:25:44,270.6666667 So if you got good customer service, you know you're gonna find that you're gonna have a lot less shadow it. 290 00:25:44,270.6666667 --> 00:25:46,490.6666667 I know it's out there, I know it exists. 291 00:25:46,570.6666667 --> 00:25:48,100.6666667 but I think you can make your. 292 00:25:48,565.6666667 --> 00:25:50,155.6666667 I think you can make it much worse. 293 00:25:50,185.6666667 --> 00:25:53,395.6666667 if you're very restrictive and you know your default answer is no to everything. 294 00:25:54,745.6666667 --> 00:25:57,135.6666667 Yeah, I've I guess I'm gonna leave, I'll leave everyone with this. 295 00:25:57,185.6666667 --> 00:25:57,845.6666667 I have a thing. 296 00:25:57,845.6666667 --> 00:26:07,35.6666667 I, I try to encourage disagreement with me because I feel like a lot of leaders, they want to be seen as the one that comes up with the right answer and the right idea. 297 00:26:07,425.6666667 --> 00:26:07,875.6666667 and. 298 00:26:08,295.6666667 --> 00:26:11,325.6666667 Sometimes I will come up with the best idea, but a lot of times I won't. 299 00:26:11,325.6666667 --> 00:26:12,465.6666667 Maybe most times I won't. 300 00:26:12,739.4166667 --> 00:26:14,695.6666667 so I encourage people to disagree with me. 301 00:26:14,695.6666667 --> 00:26:20,935.6666667 Like I'm always gonna throw out an idea, but one thing I always tell them is you can't just say no. 302 00:26:21,565.6666667 --> 00:26:25,975.6666667 you have to say, you can say no, but then you have to actually come up with a solution on your own. 303 00:26:26,575.6666667 --> 00:26:27,25.6666667 So. 304 00:26:27,700.6666667 --> 00:26:29,950.6666667 When we're talking with users, we can't just say no. 305 00:26:30,190.6666667 --> 00:26:41,830.6666667 we have to say no and then come up with a solution to help them with or otherwise that they're gonna do exactly what you're talking about and they're gonna go behind your back because there is a legitimate business need, and that's why they've even thought about it to begin with. 306 00:26:41,890.6666667 --> 00:26:46,90.6666667 So, all right, well that's another episode of Off the Wire. 307 00:26:46,90.6666667 --> 00:26:47,740.6666667 Hope everyone enjoyed it again. 308 00:26:47,770.6666667 --> 00:26:48,820.6666667 share this with someone. 309 00:26:48,880.6666667 --> 00:26:53,620.6666667 if you feel like you got some value out of it, share it with someone you think could also get some value, maybe a colleague. 310 00:26:54,100.6666667 --> 00:26:55,120.6666667 And help us grow. 311 00:26:55,490.6666667 --> 00:26:58,40.6666667 some new, some awesome ideas coming up. 312 00:26:58,90.6666667 --> 00:27:01,240.6666667 we got some, uh, some things in the hopper, some really big plans. 313 00:27:01,240.6666667 --> 00:27:02,810.6666667 So, stay tuned with that. 314 00:27:03,110.6666667 --> 00:27:04,760.6666667 And until next time, this is off the wire.
And the reason we've had that feeling is because it's absolutely true.
this is something that goes on and.
Almost every environment.
and it's called Shadow it.
so we're gonna talk about that night, kind of break it down, give you some tips and tricks on how you can combat this and protect against it.
but before we jump in, if you're not subscribed to us already, please subscribe in whatever platform you're listening or watching us on.
(00:38):
and if you find something valuable that we're talking about tonight.
share it with someone you know, in your network of friends or colleagues, and, help the show grow.
it's really helpful to us to have people share the episode.
So, Anthony, I think as we get started here, I think most people know what shadow it is.
but maybe there's like five people out there, that aren't sure.
(00:58):
.333333334So in your words, what do you consider shadow it? If there's like a definition, what would you give it? Yeah, really the main thing that I think of is where people are either using unauthorized software or even, have subscription services to software, to like cloud-based software or, are running hardware. 18 00:01:19,118.333333334 --> 00:01:23,588.333333334 that isn't provided by the IT department or isn't authorized by the IT department. 19 00:01:23,958.333333334 --> 00:01:28,638.333333334 I'm sure there's other facets to that, but that's really the main thing that comes to mind with shadow it. 20 00:01:30,618.333333334 --> 00:01:32,148.333333334 Yeah, I, I would agree with you there. 21 00:01:32,198.333333334 --> 00:01:33,793.333333334 I really don't have a thing to add. 22 00:01:34,213.333333334 --> 00:01:35,473.333333334 I think you covered it pretty well. 23 00:01:36,73.333333334 --> 00:01:47,793.33333333 Have you, like, do you have some concrete examples from your past, maybe where you're working now or in the past of like, users that have done this? And so maybe give an example of like, something that you've personally experienced, that's considered shadow it. 24 00:01:49,18.33333333 --> 00:02:02,748.33333333 So, yeah, the one example, and I really was pretty aggravated by it, I probably should not have been, it was just someone using SignUpGenius and, I think that's really, it's benign, but I was like, why aren't they using Formstack? We've got Formstack. 25 00:02:03,18.33333333 --> 00:02:04,128.33333333 It's so easy to use. 26 00:02:04,378.33333333 --> 00:02:05,668.33333333 we could have gathered all this information. 27 00:02:06,433.33333333 --> 00:02:10,198.33333333 And, with, signup genius, like you gotta create your own login and stuff like that. 28 00:02:10,198.33333333 --> 00:02:23,998.33333333 And I'm like, are they gonna start spamming us with that? I don't really think that happens, but, it was, it's a small item, I was like, we've been talking about Formstack, we've had classes about it, like we talk, try to get people to use it and then here's someone, rolls out, sign up. 29 00:02:23,998.33333333 --> 00:02:24,238.33333333 Genius. 30 00:02:25,18.33333333 --> 00:02:29,268.33333333 But I don't think that's really a, one to have big concern about. 31 00:02:29,298.33333333 --> 00:02:32,28.33333333 But that was one that really just kind of sticks out. 32 00:02:33,603.33333333 --> 00:02:34,683.33333333 Over the last couple years. 33 00:02:36,63.33333333 --> 00:02:36,393.33333333 Yeah. 34 00:02:36,393.33333333 --> 00:02:37,523.33333333 I think that's a good one, though. 35 00:02:37,523.33333333 --> 00:02:44,68.33333333 I mean, no matter if they're small or what we consider something large, I think that's a perfect example. 36 00:02:44,68.33333333 --> 00:02:47,893.33333333 I think I've given this example on a prior episode, but if I haven't, I. 37 00:02:48,233.33333333 --> 00:02:52,363.33333333 we did a, we were looking for a project management tool, and we started doing the evaluation. 38 00:02:52,363.33333333 --> 00:02:56,923.33333333 I think I actually talked about it on the project management episode there, but we did an evaluation. 39 00:02:56,923.33333333 --> 00:03:03,683.33333333 We started talking to different departments and come to find out, we already had three project management tools, so people were using, different ones. 40 00:03:03,683.33333333 --> 00:03:05,903.33333333 I've seen, I've seen someone buy a monitor. 41 00:03:05,973.33333333 --> 00:03:12,773.33333333 that was an odd one, they didn't feel like the monitor we gave them was large enough at the time, so, they went and bought their own, so. 42 00:03:13,38.33333333 --> 00:03:20,518.33333333 that one I think might even be more benign, but, basically to your point, you, it's people basically finding their own solution. 43 00:03:20,768.33333333 --> 00:03:31,828.33333333 so I guess initially, and I don't know how you feel about this, but initially I was like, kinda my first reaction to this is to get like really upset and be like, what in the world? this is like our arena. 44 00:03:31,858.33333333 --> 00:03:34,798.33333333 We're the ones managing the technology you should be asking us. 45 00:03:35,348.33333333 --> 00:03:38,618.33333333 but I haven't always thought about this and I think it's something that. 46 00:03:39,503.33333333 --> 00:03:42,203.33333333 We need to maybe ask ourselves first. 47 00:03:42,663.33333333 --> 00:03:59,588.33333333 and that's why would you say users go outside, you know, to use these tools? Like why do they go sign up for these things or buy their own monitor? do you ever ask yourself that? Yeah, actually, I can think of one that's really something you really don't want. 48 00:03:59,643.33333333 --> 00:04:09,833.33333333 I had a user go buy a laptop, and when I found that out, I was talking to her, I was like, well, why did you get the laptop? And she's like, well, I only have a desktop. 49 00:04:09,833.33333333 --> 00:04:14,113.33333333 And like, she works like in the field a lot and needs to have a laptop. 50 00:04:14,113.33333333 --> 00:04:14,623.33333333 And I was like. 51 00:04:15,598.33333333 --> 00:04:22,948.33333333 I was like, you know, I, I, sorry, I don't wanna say her name, but I, I was like, you know, if you would've just let us know that you needed this, like we would a hundred percent. 52 00:04:23,248.33333333 --> 00:04:25,435.83333333 I said, I, we will go get you a laptop right now. 53 00:04:26,348.33333333 --> 00:04:37,478.33333333 it, it really kind of hurt my feelings that she felt this was when I first got to the organization, but it really hurt my feelings that she thought that we wouldn't provide the tools that she needs to do her job. 54 00:04:38,168.33333333 --> 00:04:40,478.33333333 And I know that's the flip side, but that's where. 55 00:04:40,908.33333333 --> 00:04:43,38.33333333 and a lot of people may feel that way and that's why they do it. 56 00:04:43,128.33333333 --> 00:04:44,538.33333333 But that, I don't know. 57 00:04:44,538.33333333 --> 00:04:56,818.33333333 I was really just taken back that she felt so little of us being able to provide her with the equipment that she needs to work, that she went out and got her own self a laptop, And that's quite a bit of money, for someone to buy. 58 00:04:57,586.66666667 --> 00:05:02,586.66666667 Yeah, that would be, that's definitely a little different, I think, than maybe even though some of the other ones we mentioned. 59 00:05:03,246.66666667 --> 00:05:05,916.66666667 But I still, I still think it points to like kind of the why. 60 00:05:05,976.66666667 --> 00:05:06,306.66666667 Right. 61 00:05:06,426.66666667 --> 00:05:09,66.66666667 Do you think there was like, I don't know, there was a. 62 00:05:09,596.66666667 --> 00:05:27,476.66666667 Some sort of, I wanna call it like a prior administration to use like kind of a, a political term, but in the prior administration, prior to you getting there, do you think there was something that kind of led to that kind of behavior? Was there, you know, kind of a, you know, an attitude, did she approach them before or anything like that? I'm not sure. 63 00:05:27,596.66666667 --> 00:05:33,236.66666667 The one thing I have seen, some IT departments do this and this is really what you don't want to have. 64 00:05:33,266.66666667 --> 00:05:40,916.66666667 I've seen some IT departments where they are kind of like the bottleneck or the gatekeeper o of all technology. 65 00:05:41,306.66666667 --> 00:05:46,976.66666667 Like you want a laptop, your manager thinks that you should have a laptop, and it's like, no, we're not doing it. 66 00:05:47,366.66666667 --> 00:05:52,66.66666667 And not really giving justification, just It's really just kind of like they got the power and they use it like that. 67 00:05:52,66.66666667 --> 00:05:55,606.66666667 I haven't seen that very often, but I've definitely seen that. 68 00:05:55,606.66666667 --> 00:05:57,676.66666667 I don't know if this is what the individual felt. 69 00:05:57,946.66666667 --> 00:06:02,126.66666667 Hopefully that wasn't the case, but I've definitely seen that, there must have been something there. 70 00:06:02,756.66666667 --> 00:06:05,206.66666667 Yeah, I think we gotta be careful, right? as. 71 00:06:06,796.66666667 --> 00:06:10,366.66666667 Folks to not, I don't think many of us have that attitude. 72 00:06:10,366.66666667 --> 00:06:14,646.66666667 Well, I hope, let's just say I hope no one has an attitude currently, that's listening to us. 73 00:06:14,886.66666667 --> 00:06:18,636.66666667 But even if you do, I think that's something you really gotta look at. 74 00:06:19,446.66666667 --> 00:06:21,36.66666667 Be introspective and figure out why. 75 00:06:21,346.66666667 --> 00:06:24,676.66666667 'cause we really shouldn't be, we shouldn't be power hungry in that way. 76 00:06:25,66.66666667 --> 00:06:28,36.66666667 And just saying like, well, we decide what goes in here or not. 77 00:06:28,876.66666667 --> 00:06:35,346.66666667 One thing I think, and I've learned, in the past couple weeks, I've been having some discussions with, with different employees about strategy. 78 00:06:35,466.66666667 --> 00:06:43,566.66666667 And one thing that's come up a lot, and I think maybe us as technology professionals aren't as good at and is that, is communication. 79 00:06:43,866.66666667 --> 00:06:47,496.66666667 I think sometimes we will communicate maybe one time, but not enough. 80 00:06:47,736.66666667 --> 00:06:48,186.66666667 Right. 81 00:06:48,546.66666667 --> 00:06:58,826.66666667 And one thing we're terrible at is communicating why, especially we talked about this a little bit, some prior episodes, but you gotta communicate why someone can't have something. 82 00:06:58,986.66666667 --> 00:07:06,606.66666667 it can't just be, no, you can't have this laptop, which is probably what maybe she was told before, but it has to be like. 83 00:07:07,116.66666667 --> 00:07:13,996.66666667 No, you can't have this laptop because we need to provide one through the business or no, you can't have one because this is like, some sort of risk that it brings up. 84 00:07:14,296.66666667 --> 00:07:18,886.66666667 Maybe that site you talked about with all the ads, there's, potential risk, things like that. 85 00:07:19,336.66666667 --> 00:07:20,416.66666667 But gotta explain the why. 86 00:07:20,626.66666667 --> 00:07:33,106.66666667 and I think something that I've learned at least in the past few years, and I didn't always think this in my career, is when people are looking for a solution, it's because there's a need for a solution. 87 00:07:34,186.66666667 --> 00:07:34,486.66666667 Right. 88 00:07:34,486.66666667 --> 00:07:43,96.66666667 Most of the time I've had very few people ask me for anything, whether that's hardware, software, or otherwise, that they didn't have a pretty good use case for. 89 00:07:43,216.66666667 --> 00:07:44,926.66666667 Have you had that? I mean, I haven't had that. 90 00:07:45,736.66666667 --> 00:07:54,517.66666667 No, and that's one of the things I really try to tell end users, if there's a business use for it, we're likely to provide it. 91 00:07:55,326.66666667 --> 00:07:59,196.66666667 Hopefully, I don't think anyone feels that way, but you're right about the communications. 92 00:07:59,196.66666667 --> 00:08:10,86.66666667 And one thing I take for granted, and I do this quite often, is, I may have had a either a conversation with a small group of people or even with if, with the whole company, but it was three years ago. 93 00:08:10,116.66666667 --> 00:08:15,296.66666667 Well that doesn't mean, all the people that started after that point, know what our stance is on something. 94 00:08:15,796.66666667 --> 00:08:16,276.66666667 so. 95 00:08:17,311.66666667 --> 00:08:22,136.66666667 I definitely think communications is a weak point, and the other thing is you gotta keep repeat repeating the message. 96 00:08:22,833.33333334 --> 00:08:23,553.33333334 Yeah, I would agree with that. 97 00:08:23,553.33333334 --> 00:08:25,83.33333334 we talk about that with new employees. 98 00:08:25,723.33333334 --> 00:08:32,503.33333334 we can train a new employee, on something, but like if we don't train them ever so often, like they're not really getting that reinforcement of it. 99 00:08:33,53.33333334 --> 00:08:33,683.33333334 and that goes for. 100 00:08:34,508.33333334 --> 00:08:41,658.33333334 Not just like their skills, but also what our policy is on things like, what is was the process for getting some sort of new thing. 101 00:08:42,288.33333334 --> 00:08:47,198.33333334 I think we mentioned on it a little bit, but, shadow it, especially on the software side, but hardware too. 102 00:08:47,198.33333334 --> 00:08:48,278.33333334 really it could be either way. 103 00:08:49,18.33333334 --> 00:08:50,878.33333334 there's some risk associated with it. 104 00:08:50,878.33333334 --> 00:08:54,648.33333334 So, I've seen some people, go way down the rabbit hole. 105 00:08:54,648.33333334 --> 00:08:57,438.33333334 Bring your own device, But there are some risks to that. 106 00:08:57,438.33333334 --> 00:09:09,515.66666667 And like in your mind, what are like the biggest risk, for, having these unauthorized different applications and or potentially devices in your environment? just one of the fundamentals of security is the know what's on your network. 107 00:09:09,545.66666667 --> 00:09:13,825.66666667 And my thing is, is you know, we're, we. 108 00:09:14,360.66666667 --> 00:09:20,790.66666667 It people, we kind of have the know-how of, how to dig into things, but you could have a end user. 109 00:09:21,240.66666667 --> 00:09:35,110.66666667 It is not so much a risk with like iOS devices, but say you got Androids or whatever, you know, they, if they jailbreak their phone or something like that, or using, some kind of app where it's, logging your data or anything like that. 110 00:09:35,210.66666667 --> 00:09:39,640.66666667 or maybe they, if they bought hardware, if they got it off to somewhere used, then you know. 111 00:09:40,630.66666667 --> 00:09:46,0.66666667 it was loaded with something previously or something like that there, there's a lot of ways it can bring risk into your network. 112 00:09:46,210.66666667 --> 00:09:57,940.66666667 The big thing is for us, and this is going beyond that, is the reason we tell people we need to know, one of the reasons we need to know is just so we can look at it from a security aspect, whatever it is. 113 00:09:57,970.66666667 --> 00:10:04,30.66666667 And and I tell them, like, we're not looking to say no, like we just want to evaluate it and find out the risk upfront. 114 00:10:04,60.66666667 --> 00:10:06,380.66666667 And two, we need to find out, how we can mitigate or. 115 00:10:06,695.66666667 --> 00:10:08,645.66666667 Get rid of the risk, if at all possible. 116 00:10:09,275.66666667 --> 00:10:15,645.66666667 yeah, to your point, it's not about saying no per se, but it's about applying the right restrictions, applying the rule set, maybe putting it on a network. 117 00:10:16,425.66666667 --> 00:10:17,985.66666667 Got a pretty funny story actually. 118 00:10:18,15.66666667 --> 00:10:26,685.66666667 So, We, we use, a cloud-based, AP product, and we got an alert, we were looking inside of our cloud, inside the interface there. 119 00:10:26,685.66666667 --> 00:10:27,285.66666667 And we got an alert. 120 00:10:27,285.66666667 --> 00:10:35,215.66666667 And when there was like, there was this device, we got a secure alert and then we got alert inside there, and it was contacted China every five minutes. 121 00:10:35,605.66666667 --> 00:10:36,805.66666667 It was reaching out to China. 122 00:10:37,355.66666667 --> 00:10:42,815.66666667 I don't know what it was doing, getting instructions or whatever, and every five minutes, boom, boom, boom, boom, boom. 123 00:10:42,815.66666667 --> 00:10:43,85.66666667 We're like. 124 00:10:43,910.66666667 --> 00:10:44,630.66666667 We've been hacked. 125 00:10:44,660.66666667 --> 00:10:51,920.66666667 You know, we, uh, for sure thought like someone's plugged in something and like, so we started doing like an investigative. 126 00:10:51,920.66666667 --> 00:10:56,280.66666667 I mean, it really turned into, some sort of, I don't know, like a device hunt instead of a manhunt. 127 00:10:56,280.66666667 --> 00:11:04,430.66666667 But, We looked at the ap, we knew it had to be in a certain area and we sent like IT employees and they were going door to door, to knocking on people's offices. 128 00:11:04,430.66666667 --> 00:11:10,850.66666667 Like, what do you have in your office? Do you have any Android phones? Do you have any, like, anything that people were like, I don't know, it was, it was funny. 129 00:11:10,970.66666667 --> 00:11:13,670.66666667 and come to find out it was a picture frame. 130 00:11:14,370.66666667 --> 00:11:17,40.66666667 someone had a picture frame and they had logged in. 131 00:11:17,500.66666667 --> 00:11:21,610.66666667 it was on our guest network, so you know, it was already like sequestered a little bit there. 132 00:11:22,340.66666667 --> 00:11:25,730.66666667 but it was checking in to see if there's new photos basically is what it was doing. 133 00:11:25,730.66666667 --> 00:11:32,920.66666667 And, it was so funny, like people are so nervous, people just typing away and like, someone on your door, like, we're here from it. 134 00:11:33,280.66666667 --> 00:11:41,580.66666667 What have you got in your office? but, but anyway, but yeah, that was an example of that, right? and, a really like, benign use case, right? Just wanna have pictures of their family. 135 00:11:41,940.66666667 --> 00:11:42,600.66666667 But again. 136 00:11:43,275.66666667 --> 00:11:47,35.66666667 sharing that where we can better protect it, I think is really useful. 137 00:11:48,115.66666667 --> 00:12:09,930.66666667 Is there a, is there any like, easy ways in your mind to spot shadow? It is like something that like tips you off to it or, have you, in the past, whenever you have noticed it, like what, what made you notice it? Was it just you kind of happened across it or? In the early days, it was definitely just we would come across it. 138 00:12:09,990.66666667 --> 00:12:14,910.66666667 We're starting to get tools in place that make us aware. 139 00:12:14,910.66666667 --> 00:12:16,980.66666667 We don't look for it to block it. 140 00:12:16,980.66666667 --> 00:12:20,200.66666667 We just look for it to be aware of it, nine times outta 10. 141 00:12:20,200.66666667 --> 00:12:22,60.66666667 It's something that they have to have for work. 142 00:12:22,110.66666667 --> 00:12:26,770.66666667 a lot of times it's where, they're working with another organization and that's how they use tools. 143 00:12:26,840.66666667 --> 00:12:28,215.66666667 I wouldn't say there's no easy way. 144 00:12:28,430.66666667 --> 00:12:39,410.66666667 the things that kind of stick out on how we see things lately, and right now it's really just us documenting and knowing that it's on our network is, uh, we have a, uh, a DNS tool. 145 00:12:40,190.66666667 --> 00:12:49,120.66666667 We were using the Palo Altos for DNS, but we took a stab at DNS filter and, it does a good job of showing applications and stuff that's running. 146 00:12:49,540.66666667 --> 00:12:54,495.66666667 And then another tool that I never really expected to help us with it is Avanan. 147 00:12:54,515.66666667 --> 00:12:57,725.66666667 It's, uh, email filtering tool, email security tool. 148 00:12:58,325.66666667 --> 00:13:04,605.66666667 And, it actually has a shadow IT report and it shows what's, it shows who's using it and what's using it. 149 00:13:05,220.66666667 --> 00:13:12,150.66666667 I think how it gets it is basically, you know, if you use Dropbox, you're gonna get a email, you gotta register with your email, and then you get the email. 150 00:13:12,210.66666667 --> 00:13:17,920.66666667 Well, that's what they're reporting on is, who's received what emails from, what software service and stuff like that. 151 00:13:17,920.66666667 --> 00:13:23,840.66666667 And I know CrowdStrike has, some shadow IT reporting, but for the most part, that's what we're seeing. 152 00:13:23,900.66666667 --> 00:13:31,140.66666667 and definitely just talking with people and, if you got people that don't feel comfortable, if they think you're out to get them. 153 00:13:31,695.66666667 --> 00:13:36,175.66666667 They're not gonna share that information with you saying, Hey, we were using this tool, to do this. 154 00:13:36,265.66666667 --> 00:13:43,445.66666667 And, so I really think it's important to, make sure you're not going at it with a, with a bat, ready to wreck some stuff. 155 00:13:43,475.66666667 --> 00:13:49,805.66666667 You need to be talking to them and, being nice and polite about it, because they, most of the time they legitimately need it. 156 00:13:49,865.66666667 --> 00:13:56,405.66666667 But if you're, uh, you know, being real negative or mean to them about using something, then they're never gonna report it again. 157 00:13:57,655.66666667 --> 00:13:59,275.66666667 Yeah, I totally agree with that. 158 00:13:59,755.66666667 --> 00:14:01,45.66666667 We've seen some things. 159 00:14:01,95.66666667 --> 00:14:02,55.66666667 I like the email idea. 160 00:14:02,55.66666667 --> 00:14:02,955.66666667 That's a pretty neat one. 161 00:14:03,115.66666667 --> 00:14:08,565.66666667 we've done some looking, I heard about a product at a conference and we've done some looking into it. 162 00:14:08,565.66666667 --> 00:14:11,305.66666667 Hadn't decided on, we haven't really fully evaluated it, but. 163 00:14:11,810.66666667 --> 00:14:12,890.66666667 product called Keep Aware. 164 00:14:13,20.66666667 --> 00:14:21,140.66666667 if for anyone out there might not have heard of it, basically in a nutshell, it like, it extends the browser, and basically gives you control over the browser. 165 00:14:21,570.66666667 --> 00:14:24,270.66666667 so you can take like Google Chrome or Edge or whatever. 166 00:14:24,795.66666667 --> 00:14:26,355.66666667 And make it into an enterprise browser. 167 00:14:26,685.66666667 --> 00:14:44,255.66666667 and then based on their controls, you can basically enforce, or just kind of remind people, right? so it knows based on like where people are going, if they're going to, chat, like open AI to do ChatGPT or something like that, it can say, there our policy is, not to allow this AI client. 168 00:14:44,255.66666667 --> 00:14:45,305.66666667 Do you still want to continue. 169 00:14:45,650.66666667 --> 00:14:46,850.66666667 Or you can enforce it. 170 00:14:47,310.66666667 --> 00:14:52,360.66666667 does that all through like logins and different things like that? Obviously, looking at where they're going online. 171 00:14:53,120.66666667 --> 00:15:06,770.66666667 but it has some pretty cool features as well about like if you type in like a social security number into the browser anywhere, it'll basically like say, Hey, this is like PII plus you sure you want to share this with whatever it is, even before you hit enter or something like that. 172 00:15:06,770.66666667 --> 00:15:08,210.66666667 So some pretty neat things. 173 00:15:08,210.66666667 --> 00:15:11,210.66666667 We're looking into that, that haven't purchased it, so I can't say. 174 00:15:11,535.66666667 --> 00:15:15,195.66666667 how well it works or anything, but did hear about that. 175 00:15:15,955.66666667 --> 00:15:21,215.66666667 we've done some stuff, just some blocking of, and really we didn't come at this from a shadow IT perspective. 176 00:15:21,345.66666667 --> 00:15:37,825.66666667 we came at this just from a, exfiltration, we did block some of the clients, just the cloud, cloud like Dropbox, you mentioned Box and some of the other, Google Drive some of the other cloud storage ones, and that's mainly just for data Exfiltration wasn't necessarily for someone not using that. 177 00:15:38,125.66666667 --> 00:15:39,745.66666667 but we have blocked some of those. 178 00:15:40,48.79166667 --> 00:15:42,935.66666667 so I think you mentioned something you said. 179 00:15:43,415.66666667 --> 00:15:49,425.66666667 I think really like we kind of, I don't know this, the title of this episode, stop shadow it with one Easy trick. 180 00:15:49,945.66666667 --> 00:15:51,715.66666667 little bit Click Baitey, I guess, but. 181 00:15:52,645.66666667 --> 00:15:56,65.66666667 You mentioned something, and I think you really got to, you hit the nail on the head. 182 00:15:56,95.66666667 --> 00:15:58,979.41666667 The one easy trick really is you gotta talk to people. 183 00:15:59,465.66666667 --> 00:16:00,605.66666667 that is the number one thing. 184 00:16:01,115.66666667 --> 00:16:14,225.66666667 how do you, like, if you talk to people and understand the issues they're having, you're gonna understand why they might look for a certain solution and you're gonna, if you're gonna, if you know their issues, you're gonna put solutions in place that take care of those issues. 185 00:16:14,225.66666667 --> 00:16:18,315.66666667 So you talked about that like really two-way, discussion that needs to happen. 186 00:16:18,955.66666667 --> 00:16:20,965.66666667 between IT and really all users. 187 00:16:21,155.66666667 --> 00:16:48,470.6666667 so in your environment, how do you do that? I, for the person out there listening that's like been tasked with like, doing all this and hasn't really thought about actually having conversations with the users about what they need, like how do you go about that? Do you have like, any kind of technique? Do you do that like annually or just ad hoc or what? I feel like it takes a lot of different types and not saying we're perfect by no means, but I think a lot of it is just one being approachable. 188 00:16:48,680.6666667 --> 00:16:51,390.6666667 Like if you're not approachable, you're not gonna get anywhere. 189 00:16:51,820.6666667 --> 00:16:53,260.6666667 but there's much more to that one. 190 00:16:53,310.6666667 --> 00:16:58,350.6666667 people may try to get a product because they think you don't have a solution for that. 191 00:16:58,650.6666667 --> 00:17:02,970.6666667 one is just making sure people are knowledgeable of all the solutions that you already have in your environment. 192 00:17:03,480.6666667 --> 00:17:10,530.6666667 And, we do, we do like lunch and learns and we talk about solutions that we have and try to showcase ways that you can use that. 193 00:17:10,980.6666667 --> 00:17:15,910.6666667 I really just think it, it takes a whole lot, of communicating in different ways to get that point across. 194 00:17:15,940.6666667 --> 00:17:21,835.6666667 I don't know that there's a one easy button that's really just to communicate, communicate, communicate is my thing. 195 00:17:23,740.6666667 --> 00:17:29,335.6666667 I think, I guess definitely from the conversation I've been having, and I would say I encourage all the folks listening. 196 00:17:30,155.6666667 --> 00:17:37,695.6666667 if you're not having those conversations, at least on an annual basis, I would say, it's good to have ad hoc conversations, people in the hall, that kind of thing. 197 00:17:38,365.6666667 --> 00:17:43,885.6666667 but I think there's something to be said for just going and meeting someone where they're at, not in a meeting or, something like that. 198 00:17:43,885.6666667 --> 00:17:51,535.6666667 Or not on the way to a meeting, but just actually going out to where the person works or maybe even spending time with 'em in the, in whatever their work area is. 199 00:17:51,535.6666667 --> 00:17:55,315.6666667 Maybe that's the field, maybe that's just at their office out in the district. 200 00:17:55,985.6666667 --> 00:18:05,535.6666667 spending some time with him, getting 'em around the table, buying breakfast, people understand, like come with open arms, And to your point, be readily approachable and just ask 'em. 201 00:18:05,535.6666667 --> 00:18:12,685.6666667 Like, I've had some, I've had some meetings with our front office staff the past, a few weeks and I can't meet with every single employee every year. 202 00:18:12,905.6666667 --> 00:18:15,515.6666667 so what I try to do is meet with different groups each year. 203 00:18:16,65.6666667 --> 00:18:18,555.6666667 like maybe it's a front office, maybe it's our operational staff. 204 00:18:19,125.6666667 --> 00:18:23,775.6666667 Maybe it's our administrative staff, that kind of thing, and people at different levels. 205 00:18:23,775.6666667 --> 00:18:42,65.6666667 But basically going out to them and just saying, what do we do that works? What do we do that doesn't work? What frustrates you about your job? what things could be better? Is there anything, do you have any ideas about technology? I think we put an undue amount of stress on ourselves to be the one that under that knows every single solution. 206 00:18:42,65.6666667 --> 00:18:42,905.6666667 Every possible. 207 00:18:43,205.6666667 --> 00:18:43,625.6666667 Right. 208 00:18:44,525.6666667 --> 00:18:45,845.6666667 Like, we don't have to know everything. 209 00:18:45,845.6666667 --> 00:18:47,795.6666667 There are a lot of good people in our environment. 210 00:18:48,305.6666667 --> 00:18:49,385.6666667 People hear all kinds of things. 211 00:18:49,385.6666667 --> 00:18:50,315.6666667 They hear news stories. 212 00:18:50,555.6666667 --> 00:18:55,365.6666667 Me and you were talking pre-show, you were sharing with me about, a particular story you had heard this week. 213 00:18:55,365.6666667 --> 00:18:56,265.6666667 I had never heard of it. 214 00:18:56,985.6666667 --> 00:18:59,985.6666667 Now, had I just like gone on my own and been like, I'm the solutions architect. 215 00:18:59,985.6666667 --> 00:19:01,875.6666667 I'm, I'm gonna figure out what the solution is. 216 00:19:02,265.6666667 --> 00:19:03,795.6666667 That would be a data point that I never had. 217 00:19:04,275.6666667 --> 00:19:08,865.6666667 So don't be afraid to ask people, even people that are not in technology, like what they've heard. 218 00:19:09,485.6666667 --> 00:19:12,35.6666667 sometimes people in certain areas of your. 219 00:19:12,540.6666667 --> 00:19:14,700.6666667 we think about things from an IT perspective. 220 00:19:14,850.6666667 --> 00:19:22,20.6666667 Well, accountants think about things from an accounting perspective and they go to the conferences about accounting and they talk about solutions that other accountants use. 221 00:19:22,440.6666667 --> 00:19:24,390.6666667 So maybe they've heard something that you haven't heard about. 222 00:19:24,390.6666667 --> 00:19:26,580.6666667 Are you an accountant? You might not have heard of that. 223 00:19:26,580.6666667 --> 00:19:29,850.6666667 So, definitely meet people on their level. 224 00:19:30,70.6666667 --> 00:19:33,10.6666667 and just ask 'em like, what pains you about what you do? And someone. 225 00:19:33,970.6666667 --> 00:19:36,750.6666667 Every single person in your environment is gonna have that list in their brain. 226 00:19:36,750.6666667 --> 00:19:38,10.6666667 They don't have to come prepared. 227 00:19:38,130.6666667 --> 00:19:39,990.6666667 Like they're gonna be able to spout it out right away. 228 00:19:40,380.6666667 --> 00:19:42,760.6666667 And I've heard that, these past couple weeks. 229 00:19:43,100.6666667 --> 00:19:46,790.6666667 and if you ever need a project idea, definitely just ask a user. 230 00:19:46,820.6666667 --> 00:19:49,260.6666667 'cause, they can give you about 25 of 'em right away. 231 00:19:50,260.6666667 --> 00:19:54,260.6666667 One thing just to add onto that, I think one thing I try to do. 232 00:19:55,550.6666667 --> 00:20:03,510.6666667 Well is really just meet all different, all the different types of employees that we have and just knowing that, you know, we're there for them. 233 00:20:03,510.6666667 --> 00:20:05,820.6666667 it is customer service whether you like it or not. 234 00:20:06,330.6666667 --> 00:20:14,80.6666667 And like when it comes to a lineman, like, I make sure, we issue them iPads like, but I make sure you have a good DC charger for your truck. 235 00:20:14,80.6666667 --> 00:20:16,480.6666667 Do you got cables? And I, I keep like I. 236 00:20:17,215.6666667 --> 00:20:26,655.6666667 That stuff, it doesn't cost a whole lot, but just having good charging equipment, for them, like they know that they can come to it if they have something that they need. 237 00:20:26,965.6666667 --> 00:20:36,615.6666667 when I go into member services, I look at it like, is there any way, we could do anything better with it? Like, is there anything you guys need, you know, to help you do your job? And I think. 238 00:20:37,680.6666667 --> 00:20:41,430.6666667 Like you said, just, meeting with people, like it definitely helps out. 239 00:20:41,430.6666667 --> 00:20:47,570.6666667 And I try to really do it with, I do it with the VPs, like, is there anything you guys need for, I mean at least do it annually. 240 00:20:47,600.6666667 --> 00:20:51,360.6666667 'cause I'm like, is there anything you guys need from us, for next year's budget and stuff like that. 241 00:20:51,360.6666667 --> 00:20:55,700.6666667 But also try to meet just with the normal employees and just make sure that they have anything that they need. 242 00:20:56,240.6666667 --> 00:21:00,990.6666667 And really, if you're providing good equipment and they know what your rotation is. 243 00:21:01,590.6666667 --> 00:21:06,790.6666667 You know that, everyone knows that they're gonna get a new iPad or a new laptop or desktop after so many years. 244 00:21:06,790.6666667 --> 00:21:08,650.6666667 'cause we communicate, what our rotation is. 245 00:21:09,100.6666667 --> 00:21:10,990.6666667 They really don't ask for a whole lot. 246 00:21:10,990.6666667 --> 00:21:12,730.6666667 And, when they do, it's, it's really needed. 247 00:21:13,150.6666667 --> 00:21:20,310.6666667 And then the other part I would say is you gotta, for every person that will ask for something, you're gonna have two or three that are afraid to ask. 248 00:21:20,910.6666667 --> 00:21:25,55.6666667 And, one, I talked about on a previous episode, I was out with the stakers. 249 00:21:25,385.6666667 --> 00:21:30,925.6666667 With their iPads and they're out, they're with maps out on their iPad and we were getting 'em regular iPads. 250 00:21:31,398.1666667 --> 00:21:35,635.6666667 And I looked at it and I was like, how can you see this? Like, I can't see anything on this map. 251 00:21:36,25.6666667 --> 00:21:38,125.6666667 And, 'cause it was, you know, a bright daylight out. 252 00:21:38,545.6666667 --> 00:21:55,955.6666667 And, uh, anyways, we went and it cost money, but we went and got them iPad pros and the, but the lit or the knit, brightness was twice as much and it was, you could clearly see the screen, switching out those iPads, to go from a $400 iPad to a thousand dollars iPad is quite a jump, but they're using that for five years. 253 00:21:55,985.6666667 --> 00:21:59,985.6666667 Like, so I don't think it's, if you break that down per year, it's not a whole lot to ask. 254 00:22:00,15.6666667 --> 00:22:06,255.6666667 it's for people to do their jobs and anyways, that's one thing I really try to be good at and spend some time at. 255 00:22:07,650.6666667 --> 00:22:08,760.6666667 Yeah, that's a great point. 256 00:22:08,810.6666667 --> 00:22:13,920.6666667 I had a mentor, previous boss, doing in my position that I'm in now and. 257 00:22:14,460.6666667 --> 00:22:19,620.6666667 I guess I was always thinking like cost consciousness, and I'm not saying go blow money. 258 00:22:19,870.6666667 --> 00:22:24,10.6666667 some people will have different, there's different levels of budget and what you're allowed to do and what you're not. 259 00:22:24,10.6666667 --> 00:22:39,880.6666667 But he, I was always pretty cost conscious, like, do we really need a third monitor for this person? Do we really need a second monitor for this person? And one thing he told me is he said, the cost of whatever that is will be made up in the productivity before you can even think about it. 260 00:22:39,940.6666667 --> 00:22:42,490.6666667 Basically, like if we have that second monitor. 261 00:22:42,895.6666667 --> 00:22:55,735.6666667 It's what, $200, $300? Like if you can get them to do things, if you can get 10 minutes a day of productivity outta that person, then that cost of that monitor is gonna be of no consequence in a few months. 262 00:22:56,225.6666667 --> 00:22:59,265.6666667 so I think that's something to think about too, is. 263 00:23:01,30.6666667 --> 00:23:09,155.6666667 a solution that might have a little bit of a cost, can it provide a lot of value? Can it provide productivity savings? Then it really maybe doesn't have as much cost as you think. 264 00:23:09,305.6666667 --> 00:23:18,705.6666667 one thing I know, and you, it kind of goes through the communication thing you mentioned earlier, and something that I've in the past few years has been something I've experienced a lot. 265 00:23:18,818.1666667 --> 00:23:22,85.6666667 and that is basically making sure we're involving others. 266 00:23:22,635.6666667 --> 00:23:25,725.6666667 in the projects that we do, there are many projects. 267 00:23:25,725.6666667 --> 00:23:32,985.6666667 A lot of projects maybe you think they're an IT only project, but they might not be obviously and making sure that everyone is involved. 268 00:23:33,135.6666667 --> 00:23:38,415.6666667 So you might be thinking to yourself, well what does I have to do with shadow it? Right? that is like actual it, not shadow it. 269 00:23:39,415.6666667 --> 00:23:45,775.6666667 but what I'll say is when you involve others in your projects, they are very likely to involve you in theirs. 270 00:23:45,955.6666667 --> 00:23:46,585.6666667 and. 271 00:23:47,410.6666667 --> 00:23:52,930.6666667 Whenever they do need that solution, whenever they do need that, they're gonna look at you as like a trusted advisor. 272 00:23:53,500.6666667 --> 00:24:03,920.6666667 and because you were there and you looked at them as a trusted advisor in a particular area, so I know sometimes we, a lot of life comes back to simple things, the whole golden rule. 273 00:24:03,920.6666667 --> 00:24:06,590.6666667 Treat others like you would like to be treated, involve others. 274 00:24:06,680.6666667 --> 00:24:07,520.6666667 They will involve you. 275 00:24:08,160.6666667 --> 00:24:09,300.6666667 and that's really the best trick. 276 00:24:09,300.6666667 --> 00:24:16,140.6666667 Obviously you want to have some of those things we talked about earlier, those technology things to, to monitor things, versus block them. 277 00:24:16,140.6666667 --> 00:24:21,460.6666667 I think monitoring's the better solution there, so that you can really have a conversation with that person. 278 00:24:21,770.6666667 --> 00:24:32,665.6666667 but yeah, you can have those things, but ultimately having that good relationship with that person so that they're gonna actually come to you when they need something, is really, where it's at. 279 00:24:32,965.6666667 --> 00:24:33,255.6666667 Okay. 280 00:24:34,255.6666667 --> 00:24:42,435.6666667 Anthony, any final words or tips for the listeners, with Shadow it? I think it's a complex problem that maybe has simple answers. 281 00:24:42,915.6666667 --> 00:24:54,810.6666667 anything, any kind of final words you wanna leave them with? Yeah, just you know, from a IT perspective, just remember we're there to make all the end users better and more efficient at their job. 282 00:24:54,810.6666667 --> 00:24:57,630.6666667 We're there to be enablers, not disablers, not. 283 00:24:58,290.6666667 --> 00:24:58,860.6666667 You can't do it. 284 00:24:58,860.6666667 --> 00:25:04,796.9166667 And granted, we gotta protect our networks and stuff like that, if your default answer is no, like you need to change that. 285 00:25:04,880.6666667 --> 00:25:09,790.6666667 And, talk about those little things like the Chargers and, you talk about having, third monitor and stuff like that. 286 00:25:09,790.6666667 --> 00:25:32,390.6666667 If you look at what even, one of your lowest paid people, if you look at what they're paid plus their benefits and stuff like that, what is a two or $300 monitor really, What is that gonna cost you versus what you're gonna gain outta that person, you know, over the lifetime of that device? I think if you have good customer service, folks aren't gonna really go behind your back and try to buy new hardware or, buy their own equipment and stuff like that. 287 00:25:32,390.6666667 --> 00:25:37,800.6666667 I've heard definitely at organizations where, like engineering is buying equipment because it won't provide it. 288 00:25:37,850.6666667 --> 00:25:39,560.6666667 you definitely don't wanna be in that scenario. 289 00:25:39,950.6666667 --> 00:25:44,270.6666667 So if you got good customer service, you know you're gonna find that you're gonna have a lot less shadow it. 290 00:25:44,270.6666667 --> 00:25:46,490.6666667 I know it's out there, I know it exists. 291 00:25:46,570.6666667 --> 00:25:48,100.6666667 but I think you can make your. 292 00:25:48,565.6666667 --> 00:25:50,155.6666667 I think you can make it much worse. 293 00:25:50,185.6666667 --> 00:25:53,395.6666667 if you're very restrictive and you know your default answer is no to everything. 294 00:25:54,745.6666667 --> 00:25:57,135.6666667 Yeah, I've I guess I'm gonna leave, I'll leave everyone with this. 295 00:25:57,185.6666667 --> 00:25:57,845.6666667 I have a thing. 296 00:25:57,845.6666667 --> 00:26:07,35.6666667 I, I try to encourage disagreement with me because I feel like a lot of leaders, they want to be seen as the one that comes up with the right answer and the right idea. 297 00:26:07,425.6666667 --> 00:26:07,875.6666667 and. 298 00:26:08,295.6666667 --> 00:26:11,325.6666667 Sometimes I will come up with the best idea, but a lot of times I won't. 299 00:26:11,325.6666667 --> 00:26:12,465.6666667 Maybe most times I won't. 300 00:26:12,739.4166667 --> 00:26:14,695.6666667 so I encourage people to disagree with me. 301 00:26:14,695.6666667 --> 00:26:20,935.6666667 Like I'm always gonna throw out an idea, but one thing I always tell them is you can't just say no. 302 00:26:21,565.6666667 --> 00:26:25,975.6666667 you have to say, you can say no, but then you have to actually come up with a solution on your own. 303 00:26:26,575.6666667 --> 00:26:27,25.6666667 So. 304 00:26:27,700.6666667 --> 00:26:29,950.6666667 When we're talking with users, we can't just say no. 305 00:26:30,190.6666667 --> 00:26:41,830.6666667 we have to say no and then come up with a solution to help them with or otherwise that they're gonna do exactly what you're talking about and they're gonna go behind your back because there is a legitimate business need, and that's why they've even thought about it to begin with. 306 00:26:41,890.6666667 --> 00:26:46,90.6666667 So, all right, well that's another episode of Off the Wire. 307 00:26:46,90.6666667 --> 00:26:47,740.6666667 Hope everyone enjoyed it again. 308 00:26:47,770.6666667 --> 00:26:48,820.6666667 share this with someone. 309 00:26:48,880.6666667 --> 00:26:53,620.6666667 if you feel like you got some value out of it, share it with someone you think could also get some value, maybe a colleague. 310 00:26:54,100.6666667 --> 00:26:55,120.6666667 And help us grow. 311 00:26:55,490.6666667 --> 00:26:58,40.6666667 some new, some awesome ideas coming up. 312 00:26:58,90.6666667 --> 00:27:01,240.6666667 we got some, uh, some things in the hopper, some really big plans. 313 00:27:01,240.6666667 --> 00:27:02,810.6666667 So, stay tuned with that. 314 00:27:03,110.6666667 --> 00:27:04,760.6666667 And until next time, this is off the wire.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!