Innovation through Shadow IT
Francisco Almeida, Jack Storm, Joana Alegria, Juan Mejia,
Zagreb School of Economics and Management
Table of Contents
Executive Summary.................................................................................. Error! Bookmark not defined.
Introduction ............................................................................................................................................ 2
Methodology........................................................................................................................................... 3
Literature Review .................................................................................................................................... 4
Conclusion ............................................................................................................................................... 8
Works Cited ............................................................................................................................................. 9
Introduction
Shadow IT is hardware and/or software used within a firm but is not supported or
takes corporate security measures in accordance to the company’s IT department. This has
received a negative perception by managers since the technology would not have been
approved by the IT department and employees us it without their acknowledgment. This all
the while, shadow IT is neutral subject and provides companies with opportunity for
innovation. Common shadow technologies include personal smartphones, tablets and USB
thumb drives and common shadow app include Google Docs, instant messaging services
and Skype (Rouse, 2012).
Historically, shadow IT was often the outcome for swift access to hardware, software
or a specific web service deemed necessary by anxious employees and avoiding the
mandatory steps to obtain the technology through corporate channels. In recent years, with
consumer IT and cloud computing, the boundaries have expanded and now includes
personal technology such as smart phones and personal laptop that employees use at work.
As well as, the popularity of outsourced service providers instead of corporate IT (Rouse,
2012).
The usage of shadow IT can introduce security risks of corporate documents and data
as well as
conflicts in the workspace. Compliancy issues could arise as employees store
company information on unsupported hardware and software such as personal USB thumb
drives or cloud accounts. In addition, gadgets that operate without the IT department’s
knowledge can impact bandwidth, affecting user experience of colleagues, and create
conflicting situations between network and software (Rouse, 2012).
There are mixed views and opinions toward shadow IT. Some IT administrators are
scared that end users will create storehouses of data and stop information from circulating
through the company if shadow IT permitted. While other administrators believe in a fastchanging business world, shadow IT department must be embraced as it supplies innovation
and should monitored by creating acceptable use policies (Rouse, 2012).
Methodology
For secondary research we read and analysed several online articles. These articles are
published research analysis and case studies from organizations and education institutions.
The main reason why we constricted our search for information to these two sources is
because they are considered the most reliable and accurate researchers/publishers. Since
we retrieved our secondary research from reliable sources, we are able to make an accurate
conclusion on the topic.
Unfortunately, primary research was unable to be conducted for this paper. We
planned to interview a manager or IT administrator from an innovative organization,
however, we could not find an individual to participate. This would have given us deeper
insight on how a company deals with shadow IT and their unique believes.
Literature Review
Shadow IT presents opportunities for innovation in organizations who choose to use
this new trend for their benefit.
One way of looking at things is that shadow users are threatening information systems
and violating its security policies, even if the intention is good. The risks related to such acts
can be so high that reverses the possible positive effects on innovation. It's a matter of trust
in the new technologies that arrive every day and are put at use by these users. However,
there is a clear link between the use of Shadow IT and the innovation process. This
important source results of illegal activities performed by employees but they are confident
that the benefits will outweigh the risks and believe that this method is more efficient and
effective than the formal and standard systems currently implemented (Silic & Back, 2014;
Silic, 2015; Silic, Silic & Oblakovic, 2016, Silic, 2015b, Silic, Barlow & Back, 2017, Silic, Silic &
Oblakovic, 2016b)
The problem is that the IT department is not innovating and a breakdown is felt in the
communication flow between their solutions and users. This lack of alignment between the
business and IT creates the perfect opportunity for Shadow Users to fill the gap. Shadow IT
studies in the innovation context are scarce but that's the change needed. To focus in a
possible innovation increase is the right step ahead. In order to remain competitive or to
keep a competitive advantage, all organizations need to innovate and this innovation may
come from any direction, not only a specialized department of few people but rather from
anywhere in the organizational structure that can contribute with valuable insights or ideas
(Silic, Silic, & Oblakovic, 2016).
When we have organizations openly adopting Shadow IT they are pioneering new
ways for employees to do their job and freeing them to come up with the best methods of
collaboration with outside clients, the ability to share files and use mobile devices whilst
integrating with our infrastructure anywhere. Accepting Shadow IT and incorporating it in
the organization leads to the promotion of innovation from unexpected places so any
employee may be the key of success. Everyone has a different perspective on the
organization and the tasks done daily as well as they have different approaches and
techniques to adapt and get the job done. Shadow Users may innovate due to their
expertise and knowledge or expecting benefits for themselves such as new and more ways
of efficient communication increasing productivity and getting their jobs done faster (Silic,
Silic, & Oblakovic, 2016).
Even though there is a chance for the company to innovate their structure and
processes, realistically there are complications, Nasuni reported their case study.
The world that we live in is constantly evolving at a very high speed and the main
driver of this evolution is technology. Nowadays, it is almost impossible to find a single
individual that doesn’t carry around a smart phone or/and a tablet. Obviously, this
influences and shapes the business world. More than ever before, employees need and
require access to their work files anywhere and at any time, this means that the files need
to be available in any device. Sometimes, IT is not able to satisfy this need and so,
employees turn to file sharing solutions geared toward consumers, such as Dropbox. This is
an example of what is called “Shadow IT” (Nasuni, 2015).
According to a survey of more than 1,300 corporate IT users conducted in 2012 by
Nasuni, 1 out of every 5 respondents uploads work files to their personal Dropbox accounts,
putting them at risk. While using these types of file sharing tools, employees are storing
important and sometimes confidential files outside of the managed IT infrastructure. For
instance, in case an employee leaves the company, the information he stored in the
Dropbox leaves with him, creating a risk of data loss or exposure. In addition to this,
information stored in the Dropbox will become very attractive to hackers who may try to
access it. Because of the increase usage of smart phones and tablets to access work files,
the usage of file sharing solutions is also increasing as employees use this type of tool to
access work documents everywhere. According to the survey, 3 out of 5 users with a
personal mobile device use it to access this type of files. After e-mail, Dropbox is the most
common tool used in order to access work files on mobile devices (Nasuni, 2015).
In order to face this problem and many others related with these issues, companies
try to implement IT policies. The survey results show that almost half of the respondents are
not aware of the company’s policy, which means that either the company doesn’t have
policies or hasn’t effectively communicated the policy to the employees. When it comes to
the educated employees at the other companies, according to the survey, approximately
half of them don’t follow the company’s IT policies. So, in order for an IT policy to be
effective, it requires education and participation from the employees (Nasuni, 2015).
As explained with Nasuni, there are pros and cons with shadow IT. In addition,
Zimmermann and Rentrop discuss several other potential threats.
The benefits of Shadow IT are numerous and astute leaders recognize that it is often
filling a legitimate local business need. By systematically identifying the rationale
for Shadow IT on a case by case basis has the potential to drive innovation, improve ITbusiness engagement, solve real problems and drive other benefits to the organization as a
whole (Zimmermann & Rentrop, 2012).
Work towards encouraging Shadow IT in a controlled environment where its potential
to add value can be rapidly assessed with known risk and cost. Also, treating the
Information Security as everyone’s responsibility. Adopting a multidisciplinary, enterprisewide approach to data and information security is key. One key aspect is educating
everyone to both the potential benefits and risks of shadow IT. But, one size does not
always fit all. Design and implement enterprise-wide information security policies, processes
and technologies that are granular enough to focus effort where needed and shown to be
effective. In certain instances, a ‘one size fits all’ information security policy may just add
cost, inhibit flexibility and elevate your overall risk. Test underlying assumptions as to their
efficacy and business benefit (Zimmermann & Rentrop, 2012).
Review individual incentives. Incentives (financial or otherwise) drive leadership and
staff behaviors. In transitioning to a resilient and effective information security aware
organization, it is crucial to ensure that individual incentives are aligned with expected
competencies,
behaviors
and
(Zimmermann & Rentrop, 2012).
business
results and their
individual
contribution
Discussion
With the literature review presented above, we gained a wider perspective on shadow
IT. Initially we had no understanding on the topic and its influence on company and overall
online business environment.
After this research, we believe shadow IT is an inevitable concept of the business
world due to the quick and technological world that we live in today. In addition, companies
should at least acknowledge the concept of shadow IT and its impact.
In addition, shadow IT comes with risks and threats and companies should create
policies and tools in order to mitigate these threats. As well, companies should continue to
develop and update their software and policies order to keep up with rapid growth of
technology.
Overall, it is our belief that shadow IT is not an idea that is inherently good or bad. It is
the manner how organizations and employees use this. It is in the company’s best interest
to constrict and regulate the usage of shadow IT and create the best possible outcomes.
Conclusion
In conclusion, when it comes to innovation, Shadow IT opens doors that may be worth
the risks. So this need to be promoted and encouraged by the organizations so that
employees feel free to not only explore their ideas and innovative processes but also talk
about them and share their insights which may be implemented across the entire
organizational structure if they're useful. There has to be a strong alignment between
different stakeholders and the relationships with the IT department need to be
strengthened, so a win-win situation is created. Employees have their creativity freed and
are empowered but also IT gets more involved with all the processes related to Shadow
practices. It's no longer a question whether organizations should promote, encourage and
implement it but rather how to do it and once organizations decide to take a leap forward,
they just need to find the perfect conditions for this to work.
With the increase usage of smart phones and tablets and the need for file sharing
solutions, it is likely that the growth of Shadow IT will continue. Because policy and
education are not sufficient to solve the problem, companies should try delivering to the
employees tools, supported by IT, that satisfy their needs.
The main treats are the problem of securities and the fact we have every document on
the same database. Even though, companies can attempt to secure as best possible, there is
always a chance and risk to get hacked and loose all of the most important documents.
There are several examples of companies which had to close because all their financial
documents
have
been
hacked
and
exposed.
This is, again, why Shadow IT can be a risk for a company and they must be careful and
aware of those problems.
All being said, we believe that shadow IT should be acknowledged by companies as
something that is neither good nor bad but of its existence and opportunities for innovation.
Works Cited
Nasuni. (2015). Shadow IT in the Enterprise. Nasuni Corporation. Retrieved April 16, 2017, from
http://www6.nasuni.com/rs/nasuni/images/White_Paper-Shadow_IT_in_the_Enterprise.pdf
Rouse, M. (2012, October). shadow IT. Retrieved April 12, 2017, from TechTarget:
http://searchcloudcomputing.techtarget.com/definition/shadow-IT-shadow-informationtechnology
Silic, M., Silic, D., & Oblakovic, G. (2016). Shadow IT: Steroids for Innovation. Zagreb: Institute of
Information Management . Retrieved April 18, 2017, from http://ceur-ws.org/Vol1612/paper15.pdf
Zimmermann, S., & Rentrop, C. (2012). Shadow IT, Management and control of unofficial IT.
Germany. Retrieved 04 2017, from
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.973.3752&rep=rep1&type=pdf
Silic, M., & Back, A. (2014). Shadow IT–A view from behind the curtain. Computers & Security, 45,
274-283.
Silic, M. (2015). Emerging from the Shadows: Survey Evidence of Shadow IT Use from Blissfully
Ignorant Employees. SSRN.
Silic, M., Silic, D., & Oblakovic, G. (2016b). Influence of Shadow IT on Innovation in
Organizations. Complex Systems Informatics and Modeling Quarterly, (8), 68-80.
Silic, M. (2015b). Influence of Shadow IT on Innovation. SSRN.
Silic, M., Barlow, J. B., & Back, A. (2017). A new perspective on neutralization and deterrence:
Predicting shadow IT usage. Information & management.