--- title: "Shadow IT in the Hybrid Workplace: Hidden Risks Beyond Email | DMARC Report" description: "Work looks different now, doesn’t it? Employees are the reason. Recent research from Gallup shows that six in ten employees prefer a hybrid work arrangement." image: "https://dmarcreport.com/og/blog/shadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email.png" canonical: "https://dmarcreport.com/blog/shadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email/" --- Quick Answer Work looks different now, doesn’t it? Employees are the reason. Recent research from Gallup shows that six in ten employees prefer a \[hybrid work\](https://www.webex.com/what-is-hybrid-work.html) arrangement. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fshadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Shadow%20IT%20in%20the%20Hybrid%20Workplace%3A%20Hidden%20Risks%20Beyond%20Email&url=undefined%2Fblog%2Fshadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fshadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fshadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email%2F&title=Shadow%20IT%20in%20the%20Hybrid%20Workplace%3A%20Hidden%20Risks%20Beyond%20Email "Share on Reddit") [ ](mailto:?subject=Shadow%20IT%20in%20the%20Hybrid%20Workplace%3A%20Hidden%20Risks%20Beyond%20Email&body=Check out this article: undefined%2Fblog%2Fshadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email%2F "Share via Email") ![Shadow IT in the Hybrid Workplace: Hidden Risks Beyond Email](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) Work looks different now, doesn’t it? Employees are the reason. Recent research from \*\*Gallup shows that six in ten employees prefer a [hybrid work](https://www.webex.com/what-is-hybrid-work.html) arrangement. > Email authentication isn’t just about preventing spoofing - it’s about trust, says Vasile Diaconu, Operations Lead at DuoCircle. Every email your organization sends either builds trust or erodes it. SPF, DKIM, and DMARC are the foundation of that trust. Without them, receivers have no way to distinguish your legitimate email from an attacker’s. The three core email authentication standards - SPF ([RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208)), DKIM ([RFC 6376](https://datatracker.ietf.org/doc/html/rfc6376)), and DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) - work together to verify that an email genuinely originates from the domain it claims to represent. No wonder the offices are now spread out, and so is the control IT once had. That makes it much harder to keep everyone secure. This shift has amplified a longstanding but often overlooked threat, and that is, [shadow IT](https://www.ibm.com/think/topics/shadow-it). This refers to the use of unauthorized software, applications, devices, or [cloud services](https://www.uscloud.com/microsoft-support-glossary/cloud-services/) by employees without \*\*IT department approval or oversight. Shadow IT isn’t new, but hybrid work makes it worse. _When official tools are slow or difficult to access from home, employees turn to personal apps such as WhatsApp, Dropbox, or Google Drive._ This creates security risks that go far beyond simple [email threats](https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/email-threat-landscape-report-evolving-threats-in-email-based-attacks). Below, we’ll walk you through the risks of shadow IT that extend beyond email in the **hybrid workplace**. ![Dmarc record](https://media.mailhop.org/dmarcreport/images/2026/03/dmarc-record-3201.jpg) ## 1 The Rise of the Citizen Integrator Not long ago, connecting two business applications required a developer, and probably a few tense meetings about [application programming interface (API)](https://www.cloudflare.com/learning/security/api/what-is-an-api/) documentation. But [low-code and no-code (LCNC) platforms](https://www.techtarget.com/searchsoftwarequality/definition/low-code-no-code-development-platform) have handed that power to virtually anyone with a browser and an hour to spare. The result is a new kind of **workplace persona**, which is the [citizen integrator](https://www.integrate.io/blog/what-is-a-citizen-integrator/). In **hybrid setups**, where teams are scattered and [collaboration tools](https://en.wikipedia.org/wiki/Collaboration%5Ftool) are king, citizen integrators thrive. They solve immediate pain points, but often create ungoverned integrations that handle [sensitive data](https://www.aljazeera.com/news/2025/6/6/us-supreme-court-grants-doge-access-to-sensitive-social-security-data) without security controls . ![What is dmarc](https://media.mailhop.org/dmarcreport/images/2026/03/what-is-dmarc-3460.jpg) The trend is exploding. Research from 2025 shows that about **65%** of companies are letting regular employees (non-tech staff) build their own [software tools](https://www.goodfirms.co/technology-glossary/software-tools) to address unfinished IT work. Risks go beyond inefficiency. Unmanaged integrations can [leak data](https://www.ndtv.com/world-news/chinas-top-general-under-probe-over-nuclear-data-leak-claims-to-us-report-10885118) across apps or create compliance gaps, such as under the [General Data Protection Regulation](https://www.investopedia.com/terms/g/general-data-protection-regulation-gdpr.asp) (GDPR). _The fix isn’t to ban no-code tools. That ship has sailed. The smarter approach is governance by design._ You must establish an approved list of [integration platforms](https://www.alumio.com/blog/4-essential-integration-platforms), require business **justification for new automations**, and build lightweight review processes that don’t take weeks. ## 2\. Hardware Shadowing and the Internet of Things (IoT) Gap ![Dmarc analyzer](https://media.mailhop.org/dmarcreport/images/2026/03/dmarc-analyzer-6307.jpg) Shadow IT isn’t just software; it also includes hardware. Employees bring in personal laptops, smart home devices synced to work accounts, or unauthorized [IoT](https://www.networkworld.com/article/963923/what-is-iot-the-internet-of-things-explained.html) gadgets like **smart plugs**. The line between home and work blurs in the hybrid workplace. Someone might plug a personal router extender into their home setup for better [Zoom calls](https://outlet.beddinginn.com/favorite-finds/the-complete-guide-to-zoom-phone-call-everything-you-need-to-know/), or connect a \*\*smart thermostat that logs into corporate cloud services. This creates a security blind spot. Since the IT team doesn’t know these devices exist, they can’t protect them. That gives hackers an easy backdoor to access the **company’s network**. One of the most overlooked risks in this IoT gap is the home printer. Unmanaged peripherals often lack the robust \*\*encryption found in [office environments](https://www.office-environments.com/our-work). However, implementing wireless remote printing can ensure all data stays within a managed, encrypted tunnel.[eCopier Solutions](https://worldvectorlogo.com/blog/ecopier-solutions-branding-case-study/) explains that services like eZeep and PaperCut Mobility Print facilitate wireless remote printing. These cloud services use encryption to \*\*keep data safe and offer management features all without the hassle of a [VPN](https://www.fortinet.com/resources/cyberglossary/how-does-vpn-work). That means you can safely [print from your phone](https://www.ecopiersolutions.com/blog/complete-guide-to-remote-and-mobile-printing-solutions) or personal laptop while maintaining a full audit trail for the IT department. ## 3\. Proliferation of SaaS Sprawl ![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2026/03/dmarc-record-generator-3395.jpg) [SaaS sprawl](https://veza.com/blog/what-is-saas-sprawl/) is the ultimate shadow IT multiplier. Employees sign up for tools like Notion, [Slack alternatives](https://www.chanty.com/blog/using-slack-alternatives/), or \*\*niche project apps without the IT department’s knowledge. This sprawl happens fast in hybrid work, where teams need instant collaboration. This leads to significant **identity fragmentation**. Employees often reuse passwords or fail to enable [multi-factor authentication](https://www.onelogin.com/learn/what-is-mfa). This makes credential theft a high-value target for attackers. Many unmanaged apps use [Open Authorization](https://www.techtarget.com/searchapparchitecture/definition/OAuth) (OAuth) tokens to integrate with sanctioned enterprise tools like **Salesforce or Slack**. This creates a fourth-party risk, where a breach in a seemingly minor, unmanaged tool can provide an attacker with a pathway into the organization’s most sensitive data. In late 2025, a major supply chain attack exploited stolen OAuth tokens from a single integration to access customer environments across more than **700 organizations**. To mitigate this, you must hunt for [zombie accounts](https://www.grip.security/glossary/zombie-accounts). These are basically abandoned subscriptions that hold legacy data long after a project ends. These dormant apps remain unmonitored backdoors unless mapped through [SaaS management platforms (SMPs)](https://www.bettercloud.com/monitor/what-is-a-saas-management-platform/) to \*\*centralize visibility and automate offboarding. ![Dmarc check](https://media.mailhop.org/dmarcreport/images/2026/03/dmarc-check-2977.jpg) This ensures that access to sensitive data is revoked immediately when an employee leaves. This is a critical step in \*\*preventing breaches caused by orphaned accounts. Shadow IT in the hybrid workplace introduces hidden risks beyond traditional [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/), making it essential to \*\*strengthen protections like [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://dmarcreport.com/what-is-spf/) to safeguard sensitive data and prevent unauthorized access . ## Turning Risks into Managed Innovation Shadow IT in the hybrid workplace goes way beyond email. It’s an invisible ecosystem of SaaS sprawl, citizen integrator, and unmanaged IoT. Once you acknowledge these risks, you can begin to build a [security posture](https://safe.security/resources/insights/what-is-cyber-security-posture/) that is as \*\*flexible and dynamic as the workforce it protects. Keep in mind, though, that shadow IT will never be fully eliminated nor should it be. The goal is to shrink the shadow by expanding what is trusted, sanctioned, and understood. That’s not just \*\*good security practice in the hybrid workspace, but good management. ## Sources - [RFC 7208 - Sender Policy Framework (SPF)](https://datatracker.ietf.org/doc/html/rfc7208) - [RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)](https://datatracker.ietf.org/doc/html/rfc7489) ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 8m 10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 12m 10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[ Foundational 12m 10 Reasons SPF Filtering Is Critical For Email Security Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Shadow IT in the Hybrid Workplace: Hidden Risks Beyond Email","description":"Work looks different now, doesn’t it? Employees are the reason. Recent research from Gallup shows that six in ten employees prefer a hybrid work arrangement.","url":"https://dmarcreport.com/blog/shadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email/","datePublished":"2026-03-24T10:48:15.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2026-03-24T10:48:15.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/shadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":908,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Shadow IT in the Hybrid Workplace: Hidden Risks Beyond Email","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Shadow IT in the Hybrid Workplace: Hidden Risks Beyond Email","item":"https://dmarcreport.com/blog/shadow-it-in-the-hybrid-workplace-hidden-risks-beyond-email/"}]} ```