Shadow IT

The term shadow IT describes information technology systems , processes and organizational units that are located in a company's specialist departments alongside the official IT infrastructure and without the knowledge of the IT department. Shadow IT instances are therefore neither technically nor strategically integrated into the IT service management of the organization, i.e. neither taken into account in (IT asset &) configuration management nor in the IT service portfolio.

Partial aspects

Under the umbrella term shadow IT, various sub-aspects can be distinguished:

The use of social software to enable users to communicate on work-related topics. In some cases, confidential information is also distributed via this channel.
The use of IT services offered by service providers outside the company. This can include webmail services as well as complex offers such as software as a service or cloud services .
The development and operation of applications by specialist departments in-house. This includes, for example, the very common case of a self-developed Excel or Access- based application; Business intelligence applications developed in-house have also been added in recent years .
The integration of hardware that is not included in the official IT catalogs. These include, for example, PCs , printers or routers that the specialist department procures directly from retailers.
The integration of private smartphones and tablet PCs, including the corresponding apps, into the company networks.
Development of your own support structures in the specialist departments, for example if colleagues support each other with hardware and software problems.

causes

Shadow IT generally arises when the services offered by the IT department do not meet the requirements of the specialist departments. The reasons for this gap can be as follows:

Problems in coordinating IT and specialist departments:

Bad organizational coordination between IT and specialist departments: If there are no clear responsibilities for the support of the specialist departments by IT, they see themselves compelled to develop their own solutions.
Inappropriate coordination mechanisms in IT control, such as B. Too rigid budgets or insufficient transparency in IT transfer prices lead to the fact that the official IT is replaced by shadow IT in the specialist departments.
Insufficient formalization of the collaboration between IT and the specialist department can lead to a life of its own in the specialist departments, through which the development of shadow IT emerges. On the other hand, too much formalization can lead to users withdrawing from the rigid processes of demand management and creating their own solutions.
If IT outsourcing is inadequately designed, hidden insourcing can take place through the creation of shadow IT.

Context factors in IT:

Project inquiries from the departments are often postponed due to personnel or financial resource bottlenecks in IT. This also applies in the event that the necessary IT know-how is missing. In these cases, specialist departments often make do with developing their own services.
New information technologies (e.g. cloud computing such as Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Business Process as a Service (BPaaS)) facilitate access to software Applications outside the official IT area.

Context factors in the specialist departments:

A high degree of autonomy in the specialist departments can extend to the area of IT.
Mergers & Acquisitions : Companies with an extensive M&A history often have less organizational cohesion; this means that specialist departments are more willing to act independently of the central IT.
Decentralized forms of organization: A spatially widely distributed organization naturally leads to restrictions in IT support . This promotes the information technology initiative, which can be reflected in shadow IT.
External influences from the corporate environment: Companies can e.g. B. be forced to use third party IT systems by house banks, customers or suppliers. Often this is done solely by the specialist departments without the support of the IT department.
Employees' increasing affinity for technology ( digital natives ) promotes the development of shadow IT.

Effects

There are positive and negative effects associated with shadow IT:

Risks :

Problems with regard to data security , integrity and protection due to an often less professional development.
Compliance conflicts: Shadow IT can lead to the establishment of processes that violate existing compliance rules. In addition, shadow IT itself is a violation of internal company rules.
By definition, shadow IT applications are not supported by IT service management . Since the specialist department does not do this and, from a technological point of view, they are often of poorer quality than professionally developed systems, they therefore have little future viability. Planning of IT architecture and IT capacities is hardly possible.
The low level of professionalism often leads to an economic inefficiency of the processes and systems.
Sourcing decisions are undermined by the creation of shadow IT: Officially selected outsourcing partners are ignored, which harbors a high risk potential with regard to contractual penalties.
Employing employees in the specialist departments with IT topics can have negative effects on the overall performance of the company, since these employees are not concerned with their main tasks.
Other IT services can be disrupted by shadow IT and their availability impaired.
Because shadow IT is not integrated into release management, migrations and other change measures can be hindered.
User satisfaction can also be negatively affected by subsequent problems with the availability and support of the shadow IT.

Chances :

High IT innovation rate: The examination of the departments with the opportunities of IT and the recognition of additional benefits for their processes leads them to the development of shadow IT under the appropriate framework conditions. For the IT departments, on the other hand, because of their distance from the operative business, problems arise in uncovering this innovation potential. As a result, innovations via shadow IT find their way into the company very quickly.
The shadow IT solutions are very task-oriented and have a strong focus on the internal processes of the specialist department. This can lead to an improvement in the processes.
Due to their proximity to the needs of users, shadow IT solutions lead to growing user satisfaction with IT support in the company as a whole. Because there is no approval process, shadow IT solutions are also flexible and quickly adaptable.
Studies have shown that identification with the products used can be very high, which leads to increased motivation.

literature

Zimmermann, Stephan: Dealing with shadow IT in companies - A method for managing non-transparent information technology, Springer-Verlag, 2018, ISBN 978-3-658-20786-1

Individual evidence

↑ ^a ^b ^c ^d Christopher Rentrop, Oliver van Laak, Marco Mevius: Shadow IT: a topic for internal auditing? In: Revisionspraxis , April 2011
↑ ^a ^b ^c ^d ^e ^f ^g Zimmermann, Stephan; Rentrop, Christopher: Schatten-IT ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (PDF; 4.2 MB)@1@ 2Template: Toter Link / hmd.dpunkt.de ; In: HMD Praxis der Wirtschaftsinformatik 49 (2012), 288, pp. 60–68

↑ ^a ^b Worthen, Ben: User Management - Users Who Know Too Much and the CIOs Who Fear Them . CIO , February 11, 2007

^ Sherman, Rick: Shedding Light on Data Shadow Systems . In: Information Management Online , April 29, 2004.

↑ ^a ^b Raden, Neil: Shadow IT: A Lesson for BI ( Memento of the original from December 11, 2015 in the Internet Archive ) Info: The @1@ 2 archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. . In: BI Review Magazine , October 1, 2005

↑ Zeitler, Nicolas: iPad & Co. at the workplace: Strategy against shadow IT ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. @1@ 2Template: Dead Link / www.cio.de . CIO , November 15, 2010
^ ^A ^b Spafford, George: The Dangers that Lurk Behind Shadow IT . February 4, 2004
^ Schaffner, Mike: IT Needs To Become More Like "Shadow IT" . January 12, 2007
↑ Wolff, Holger: The management of complex corporate architectures . In: Objektspektrum.de , 2010 issue 1
↑ RSA: The Confessions Survey: Office Workers Reveal Everyday Behavior That Places Sensitive Information at Risk ( Memento of the original from November 21, 2008 in the Internet Archive ) Info: The @1@ 2 archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF; 666 kB) . 2007

^ Behrens, Sandy: Shadow Systems: The Good, The Bad and the Ugly . In: Communications of the ACM , 2009 No. 2

[Rentrop-1] Christopher Rentrop, Oliver van Laak, Marco Mevius: Shadow IT: a topic for internal auditing? In: Revisionspraxis , April 2011

[Zimmermann-2] ↑ ^a ^b ^c ^d ^e ^f ^g Zimmermann, Stephan; Rentrop, Christopher: Schatten-IT ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (PDF; 4.2 MB)@1@ 2Template: Toter Link / hmd.dpunkt.de ; In: HMD Praxis der Wirtschaftsinformatik 49 (2012), 288, pp. 60–68

[Worthen-3] Worthen, Ben: User Management - Users Who Know Too Much and the CIOs Who Fear Them . CIO , February 11, 2007

[Sherman-4] Sherman, Rick: Shedding Light on Data Shadow Systems . In: Information Management Online , April 29, 2004.

[Raden-5] Raden, Neil: Shadow IT: A Lesson for BI ( Memento of the original from December 11, 2015 in the Internet Archive ) Info: The @1@ 2 archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. . In: BI Review Magazine , October 1, 2005

[Zeitler-6] Zeitler, Nicolas: iPad & Co. at the workplace: Strategy against shadow IT ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. @1@ 2Template: Dead Link / www.cio.de . CIO , November 15, 2010

[Spafford-7] A ^b Spafford, George: The Dangers that Lurk Behind Shadow IT . February 4, 2004

[Schaffner-8] Schaffner, Mike: IT Needs To Become More Like "Shadow IT" . January 12, 2007

[Wolff-9] Wolff, Holger: The management of complex corporate architectures . In: Objektspektrum.de , 2010 issue 1

[RSA-10] RSA: The Confessions Survey: Office Workers Reveal Everyday Behavior That Places Sensitive Information at Risk ( Memento of the original from November 21, 2008 in the Internet Archive ) Info: The @1@ 2 archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF; 666 kB) . 2007

[Behrens-11] Behrens, Sandy: Shadow Systems: The Good, The Bad and the Ugly . In: Communications of the ACM , 2009 No. 2