192:: Additional time and investment could incurred at a corporate level on additional integration and validation and compliance of discovered shadow IT infrastructures. On the other hand, department choosing the solutions with the lowest price-tag for their shadow solutions might not have considered costs for deployment and maintenance. This also results in diminished return on investment in case of insufficient buy-in.
25:
129:(IT) systems deployed by departments other than the central IT department, to bypass limitations and restrictions that have been imposed by central information systems. While it can promote innovation and productivity, shadow IT introduces security risks and compliance concerns, especially when such systems are not aligned with corporate governance.
205:
Established shadow solutions might prevent overall implementation of more efficient processes due to widespread use or inadequate documentation. The shadow system might also be beyond the capacity of the centralized IT department for integration and maintenance, especially when it becomes "too big to
137:
Information systems in large organizations can be a source of frustration for their users. In order to bypass limitations of solutions provided by a centralized IT department, as well as restrictions that are deemed detrimental to individual productivity, non-IT departments might develop independent
198:
As shadowed technical solutions might beyond centralized version control, they might deviate from standardized methodologies or calculations. Multiple, coexisting shadow infrastructures also introduces a heavily fragmented application landscape. This also makes centralized configuration management
336:
Within an organization, the amount of shadow IT activity is by definition unknown, especially since departments often hide their shadow IT activities as a preventive measure to ensure their ongoing operations. Even when figures are known, organizations are reluctant to voluntarily admit their
146:
Although often perceived as attempts to undermine corporate governance, the existence of shadow IT often is an indicator of needs from individual departments not being satisfied from a centrally managed information ecosystem. Thus the immediate benefits of shadow IT are as follows:
138:
IT resources and for the specific or urgent need or requirements. In some cases, IT specialists could be recruited or software solutions procured outside of the centralized IT department, sometimes without the knowledge, or approval of corporate governance channels.
668:
161:
Shadow solutions are customized to the needs of the individual departments and thus allows the individuals involve to be more effectively. A study confirms that 35% of employees feel they need to work around a security measure or protocol to work
337:
existence. As a notable exception, The Boeing
Company has published an experience report describing the number of shadow applications which various departments have introduced to work around the limitations of their official information system.
154:
Shadow IT could be seen as sandbox for potential or prototype solutions in response to evolution of changing business requirements. Also, alignment between departments can be avoided or enhanced dependent on the constraints within the broader
282:
215:
Shadow IT increases the likelihood of uncontrolled data flows, making it more difficult to comply with various legislations, regulations or sets of best practices. These include, but are not limited to:
240:
275:
247:
254:
296:
303:
503:"From Shadow IT to Business-managed IT: a qualitative comparative analysis to determine configurations for successful management of IT by business entities"
340:
According to
Gartner, by 2015, 35 percent of enterprise IT expenditures for most organizations will be managed outside the central IT department's budget.
289:
577:
324:
261:
579:
RSA,November 2007,The
Confessions Survey: Office Workers Reveal Everyday Behavior That Places Sensitive Information at Risk,available from
561:
310:
108:
418:. Security risks arise when data or applications move outside protected systems, networks, physical location, or security domains.
268:
438:
Handel, Mark J.; Poltrock, Steven (2011). "Working around official applications: experiences from a large engineering project".
317:
640:
485:
46:
761:
89:
61:
172:, reduces direct hardware and software costs, while allowing localized support decreases overhead for IT departments.
741:
42:
692:
35:
68:
415:
586:
75:
721:
233:
126:
169:
57:
736:
627:"The Impact of Shadow IT Systems on Perceived Information Credibility and Managerial Decision Making"
182:
451:
220:
746:
626:
611:
557:
534:
481:
475:
524:
514:
443:
407:
480:. Agile Information Systems: Conceptualization, Construction, and Management. p. 163.
411:
387:
440:
CSCW '11: Proceedings of the ACM 2011 conference on
Computer supported cooperative work
82:
625:
Myers, Noah; Starliper, Matthew W.; Sumers, Scott L.; Wood, David A. (March 8, 2016).
755:
343:
A 2012 French survey of 129 IT managers revealed some examples of shadow IT :
455:
720:
RESULTATS DE L’ENQUETE SUR LE PHENOMENE DU "SHADOW IT" par Thomas
Chejfec :
554:
Integrated
Information Management: Applying Successful Industrial Concepts in IT
395:
24:
519:
700:
693:"Predictions Show IT Budgets Are Moving Out of the Control of IT Departments"
538:
502:
447:
226:
529:
460:
722:
http://chejfec.com/2012/12/18/resultats-complets-de-lenquete-shadow-it/
501:
Kopper, Andreas; Westner, Markus; Strahringer, Susanne (2020-06-01).
390:
or other portable data storage devices, instant messaging software,
477:
Clumsy
Information Systems: A Critical Review of Enterprise Systems
399:
391:
283:
Health
Information Technology for Economic and Clinical Health Act
406:
software—and other less straightforward products: self-developed
403:
18:
654:
241:
Control
Objectives for Information and related Technology
276:
Health
Insurance Portability and Accountability Act
248:
Federal Information Security Management Act of 2002
49:. Unsourced material may be challenged and removed.
185:risks, some of the implications of shadow IT are:
255:Defense Federal Acquisition Regulation Supplement
386:Examples of these unofficial data flows include
743:Industry's First Cloud Adoption and Risk Report
474:Newell, Sue; Wagner, Eric; David, Gary (2006).
612:"Shadow IT in the New IT Management Triangle"
507:Information Systems and e-Business Management
433:
431:
297:Information Technology Infrastructure Library
8:
552:Zarnekow, R; Brenner, W; Pilgram, U (2006).
469:
467:
304:Payment Card Industry Data Security Standard
748:Shadow IT in the New IT Management Triangle
290:International Financial Reporting Standards
528:
518:
325:New York Department of Financial Services
109:Learn how and when to remove this message
262:Generally Accepted Accounting Principles
427:
16:Type of information technology systems
398:or other online document sharing and
229:(International Standards for Banking)
7:
47:adding citations to reliable sources
311:General Data Protection Regulation
14:
394:or other online e-mail services,
269:System and Organization Controls
23:
318:California Consumer Privacy Act
34:needs additional citations for
168:Some shadow policies, such as
1:
410:databases and self-developed
738:Discussion on Tech Republic
778:
520:10.1007/s10257-020-00472-6
203:Operating inefficiencies:
641:"Gramm-Leach-Bliley Act"
159:Individual productivity:
448:10.1145/1958824.1958870
166:Reduced internal costs:
610:Tamás, Fábián (2022).
234:Gramm-Leach-Bliley Act
127:information technology
655:"Under Construction"
592:on February 11, 2012
442:. pp. 309–312.
374:Shadow IT project 3%
371:Shadow IT support 5%
183:information security
43:improve this article
762:Information systems
353:Cloud solutions 16%
221:Sarbanes-Oxley Act
121:In organizations,
414:spreadsheets and
119:
118:
111:
93:
769:
724:
718:
712:
711:
709:
708:
703:on June 29, 2013
699:. Archived from
689:
683:
682:
680:
679:
673:govt.westlaw.com
665:
659:
658:
651:
645:
644:
637:
631:
630:
622:
616:
615:
607:
601:
600:
599:
597:
591:
585:, archived from
584:
574:
568:
567:
549:
543:
542:
532:
522:
498:
492:
491:
471:
462:
459:
435:
402:or other online
388:USB flash drives
114:
107:
103:
100:
94:
92:
51:
27:
19:
777:
776:
772:
771:
770:
768:
767:
766:
752:
751:
733:
728:
727:
719:
715:
706:
704:
691:
690:
686:
677:
675:
667:
666:
662:
653:
652:
648:
639:
638:
634:
624:
623:
619:
609:
608:
604:
595:
593:
589:
582:
576:
575:
571:
564:
551:
550:
546:
500:
499:
495:
488:
473:
472:
465:
437:
436:
429:
424:
384:
347:Excel macro 19%
334:
213:
199:more difficult.
181:In addition to
179:
144:
135:
115:
104:
98:
95:
52:
50:
40:
28:
17:
12:
11:
5:
775:
773:
765:
764:
754:
753:
750:
749:
744:
739:
732:
731:External links
729:
726:
725:
713:
684:
669:"23 NYCRR 500"
660:
646:
632:
617:
602:
569:
563:978-3540323068
562:
544:
513:(2): 209–257.
493:
486:
463:
426:
425:
423:
420:
383:
380:
379:
378:
375:
372:
369:
366:
363:
360:
357:
354:
351:
348:
333:
330:
329:
328:
321:
314:
307:
300:
293:
286:
279:
272:
265:
258:
251:
244:
237:
230:
224:
212:
209:
208:
207:
200:
193:
178:
175:
174:
173:
163:
156:
143:
140:
134:
131:
117:
116:
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
774:
763:
760:
759:
757:
747:
745:
742:
740:
737:
735:
734:
730:
723:
717:
714:
702:
698:
694:
688:
685:
674:
670:
664:
661:
656:
650:
647:
642:
636:
633:
628:
621:
618:
613:
606:
603:
596:September 15,
588:
581:
580:
573:
570:
565:
559:
555:
548:
545:
540:
536:
531:
526:
521:
516:
512:
508:
504:
497:
494:
489:
483:
479:
478:
470:
468:
464:
461:
457:
453:
449:
445:
441:
434:
432:
428:
421:
419:
417:
413:
409:
405:
401:
397:
393:
389:
381:
376:
373:
370:
367:
364:
361:
359:BI systems 9%
358:
355:
352:
349:
346:
345:
344:
341:
338:
331:
326:
322:
319:
315:
312:
308:
305:
301:
298:
294:
291:
287:
284:
280:
277:
273:
270:
266:
263:
259:
256:
252:
249:
245:
242:
238:
235:
231:
228:
225:
222:
219:
218:
217:
210:
204:
201:
197:
194:
191:
188:
187:
186:
184:
176:
171:
167:
164:
160:
157:
153:
150:
149:
148:
141:
139:
132:
130:
128:
124:
113:
110:
102:
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: –
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
716:
705:. Retrieved
701:the original
696:
687:
676:. Retrieved
672:
663:
649:
635:
620:
605:
594:, retrieved
587:the original
578:
572:
553:
547:
530:10419/288329
510:
506:
496:
476:
439:
385:
350:Software 17%
342:
339:
335:
214:
202:
196:Consistency:
195:
189:
180:
165:
162:efficiently.
158:
151:
145:
136:
122:
120:
105:
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
396:Google Docs
365:Hardware 6%
362:Websites 8%
152:Innovation:
99:August 2023
58:"Shadow IT"
707:2012-04-25
678:2019-10-17
487:1136430482
422:References
332:Prevalence
211:Compliance
125:refers to
69:newspapers
539:1617-9854
302:PCI DSS (
177:Drawbacks
155:business.
123:shadow IT
756:Category
382:Examples
377:BYOD 3%.
281:HITECH (
227:Basel II
142:Benefits
697:Gartner
456:2038883
368:VoIP 5%
356:ERP 12%
323:NYDFS (
274:HIPAA (
253:DFARS (
246:FISMA (
239:COBIT (
133:Origins
83:scholar
560:
537:
484:
454:
416:macros
408:Access
316:CCPA (
309:GDPR (
295:ITIL (
288:IFRS (
260:GAAP (
232:GLBA (
206:fail".
85:
78:
71:
64:
56:
590:(PDF)
583:(PDF)
452:S2CID
412:Excel
400:Skype
392:Gmail
267:SOC (
190:Costs
90:JSTOR
76:books
598:2017
558:ISBN
535:ISSN
482:ISBN
404:VOIP
223:(US)
170:BYOD
62:news
525:hdl
515:doi
444:doi
45:by
758::
695:.
671:.
556:.
533:.
523:.
511:18
509:.
505:.
466:^
450:.
430:^
327:)
313:),
236:),
710:.
681:.
657:.
643:.
629:.
614:.
566:.
541:.
527::
517::
490:.
458:.
446::
320:)
306:)
299:)
292:)
285:)
278:)
271:)
264:)
257:)
250:)
243:)
112:)
106:(
101:)
97:(
87:·
80:·
73:·
66:·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
