Journal Website

List of Authors

Fowokemi Ogedengbe , Yurita Yakimin Abdul Talib

Keyword

Shadow IT, Bibliometric Analysis, Literature Review

Abstract

Shadow information technology (SIT) is a social engineering mechanism that causes compromises in organisation information systems (IS), leading to financial and non-financial losses. SIT refers to individuals’ interaction with unapproved information technology mechanisms to initiate and complete organisational tasks. SIT is a double-edged weapon with benefits and risks, whose risks may outrun the initial benefits in the long run. This study uses a literature review and Bibliometric analysis technique to examine SIT literature's past trends and knowledge base. With a specific focus on the Scopus database, 64 studies were available based on the keyword search "Shadow IT". The analysis was carried out using Microsoft Excel and VOS viewer. The findings of this analysis showed that SIT is still in its growth stage. Therefore, it calls for more research. Furthermore, three research questions were formulated, and the findings of the result answered the three questions. These include the benefits of Shadow IT usage, the risks associated with SIT usage, and the factors influencing SIT usage. The factors influencing SIT usage were grouped into personal and organisational aspects. Some of the benefits of SIT include low installation costs, improved organisation value creation, and increased employee innovation and performance. Some of the risks of SIT usage include reduced information credibility, confused IS sources, difficulties in fixing IS problems, data breaches, IS infiltration, and failure of the organisation to harmonise its information systems, among others. It is therefore advised that organisations should implement measures to reduce SIT usage.

Reference

1. M. Abbas and A. Alghail, "The impact of mobile shadow IT usage on knowledge protection: an exploratory study," VINE Journal of Information and Knowledge Management Systems, Vol. 53 No. 4, pp. 830-848, 2021. Available: http://dx.doi.org/10.1108/VJIKMS-08-2020-0155. [Accessed: March 27, 2023].

2. S. Haag, A. Eckhardt, and A. Schwarz, "The Acceptance of Justifications among Shadow IT Users and Nonusers – An Empirical Analysis," Information and Management, vol. 56, no. 5, pp. 731–741, 2019. Available: doi: 10.1016/j.im.2018.11.006. [Accessed: March 27, 2023].

3. N. Castellano, C. Felden, and R. Pinsker, "Shadow IT Behavior of Financial Executives in Germany and Italy as an Antecedent to Internal Data Security Breaches," in 55th Annual Hawaii International Conference on System Sciences, HICSS 2022, B. T.X., Ed., Universita di Pisa, Italy: IEEE Computer Society, 2022, pp. 6312–6322. [Accessed: March 27, 2023].

4. R. Horton, "Offline: COVID-19—bewilderment and candour," The Lancet, vol. 395, no. 10231, p. 1178, 2020. Available: doi: 10.1016/S0140-6736(20)30850-3. [Accessed: March 27, 2023].

5. S. Haag and A. Eckhardt, "Justifying shadow IT usage," in Pacific Asia Conference on Information Systems, PACIS 2015 - Proceedings, Institute of Information Systems, Goethe University Frankfurt, Frankfurt am Main, Germany, Goethe University Frankfurt, Frankfurt am Main, Germany, 2015, p. 241. [Accessed: March 27, 2023].

6. A. de Vargas Pinto, I. Beerepoot, and A. C. G. Maçada, "Encourage autonomy to increase individual work performance: the impact of job characteristics on workaround behaviour and shadow IT usage," Information Technology and Management, 2022. Available: doi: 10.1007/s10799-022-00368-6. [Accessed: March 27, 2023].

7. G. L. Mallmann and A. C. G. Maçada, "Behavioral drivers behind Shadow IT and its outcomes in terms of individual performance," in AMCIS 2016: Surfing the IT Innovation Wave - 22nd Americas Conference on Information Systems, Federal University of Rio Grande do Sul, Brazil, 2016. [Accessed: March 27, 2023].

8. G. L. Mallmann, A. C. G. Maçada, and G. P. Z. Montesdioca, "The social side of shadow IT and its impacts: Investigating the relationship with social influence and social presence.," in 52nd Annual Hawaii International Conference on System Sciences, HICSS 2019, B. T.X., Ed., UFRGS: IEEE Computer Society, 2019, pp. 6460–6469. [Accessed: March 27, 2023].

9. J. Magunduni and W. Chigona, "Revisiting shadow IT research: What we already know, what we still need to know, and how do we get there?," in 2018 Conference on Information Communications Technology and Society, ICTAS 2018 - Proceedings, Department of Information Systems, University of Cape Town, Cape Town, South Africa, 2018, pp. 1–6. Available: doi:10.1109/ICTAS.2018.8368735. [Accessed: March 27, 2023].

10. A. Kopper et al., "Shadow IT and Business-Managed IT: A Conceptual Framework and Empirical Illustration," International Journal of IT/Business Alignment and Governance, vol. 9, no. 2, pp. 53–71, 2018. [Accessed: March 27, 2023].

11. A. Kopper, M. Westner, and S. Strahringer, "From Shadow IT to Business-managed IT: a qualitative comparative analysis to determine configurations for successful management of IT by business entities," Information Systems and e-Business Management, vol. 18, no. 2, pp. 209–257, 2020. Available: doi: 10.1007/s10257-020-00472-6. [Accessed: March 27, 2023].

12. C. E. H. Chua, V. C. Storey, and L. Chen, "Central IT or Shadow IT? Factors shaping users' decision to go rogue with IT," in 35th International Conference on Information Systems "Building a Better World Through Information Systems", ICIS 2014, University of Auckland, New Zealand, New Zealand, 2014. [Accessed: March 27, 2023].

13. L. Raković, M. Sakal, P. Matković, and M. Marić, "Shadow it – A systematic literature review," Information Technology and Control, vol. 49, no. 1, pp. 144–160, 2020. Available: doi:0.5755/j01.itc.49.1.23801. [Accessed: March 27, 2023].

14. G. L. Mallmann, A. C. G. Maçada, and M. Oliveira, "The influence of shadow IT usage on knowledge sharing: An exploratory study with IT users," Business Information Review, vol. 35, no. 1, pp. 17–28, Mar. 2018. Available: doi:10.1177/0266382118760143. [Accessed: March 27, 2023].

15. G. L. Mallmann, A. C. G. Maçada, and M. Oliveira, "Can shadow IT facilitate knowledge sharing in organisations? An exploratory study," in Proceedings of the European Conference on Knowledge Management, ECKM, School of Management, Federal University of Rio Grande do Sul, Brazil, Federal University of Rio Grande do Sul, Brazil, 2016, pp. 550–558. [Accessed: March 27, 2023].

16. S. Klotz, A. Kopper, M. Westner, and S. Strahringer, "Causing factors, outcomes, and governance of Shadow IT and business- managed IT: a systematic literature review," SciKA-Association for Promotion and Dissemination of Scientific Knowledge, 2019. [Accessed: March 27, 2023].

17. S. Haag and A. Eckhardt, “Shadow IT,” Business and Information Systems Engineering, vol. 59, no. 6, pp. 469–473, 2017. Available: doi:10.1007/s12599-017-0497-x. [Accessed: March 27, 2023].

18. D. Gozman and L. Willcocks, "Crocodiles in the regulatory swamp: Navigating the dangers of outsourcing, SaaS and shadow IT," in 2015 International Conference on Information Systems: Exploring the Information Frontier, ICIS 2015, Henley Business School, Whiteknights, Reading, United Kingdom, 2015. [Accessed: March 27, 2023].

19. M. Silic, J. B. Barlow, and A. Back, "A new perspective on neutralisation and deterrence: Predicting shadow IT usage," I Information and Management, vol. 54, no. 8, pp. 1023–1037, 2017, Available: doi:10.1016/j.im.2017.02.007. [Accessed: March 27, 2023].

20. R. Lemos, "Shadow Cloud IT Keeps Rising With Cloud App Adoption, Netskope Finds Modernizing Enterprise IT : Motivators and Challenges Securing Your Organisation' s Network on a Shoestring," Netskope, 2019. Available: https://www.eweek.com/security/shadow-cloud-it-keeps-rising-with-cloud-app-adoption-netskope-finds/ [Accessed: March 27, 2023].

21. Netskope, "Netskope Report Reveals 75 Percent of Cloud Apps Not Ready for EU General Data Protection Regulation - Netskope," pp. 1–3, 2016. Available: https://www.netskope.com/press- releases/netskope-report-reveals-75-percent-cloud-apps-not-ready-eu- general-data-protection-regulation [Accessed: March 27, 2023].

22. A. Kopper and M. Westner, "Deriving a framework for causes, consequences, and governance of shadow it from literature," MKWI 2016 Proc., pp. 1687–1698, 2016. Available: https://www.researchgate.net/publication/297698668_Deriving_a_Fra mework_for_Causes_Consequences_and_Governance_of_Shadow_I T_from_Literature [Accessed: March 27, 2023].

23. G. L. Mallmann, A. C. G. Maçada, and M. Oliveira, "The influence of shadow IT usage on knowledge sharing: An exploratory study with IT users," Business Information Review, vol. 35, no. 1, pp. 17–28, Mar. 2018. Available: doi: 10.1177/0266382118760143. [Accessed: March 27, 2023].

24. M. A. C. Hulsebosch, "Cloud Strife: an analysis of cloud-based shadow IT and a framework for managing its risks and opportunities." University of Twente, 2016. Available: https://essay.utwente.nl/69236/. [Accessed: March 27, 2023].

25. G. L. Mallmann, A. C. G. C. G. Maçada, and A. Eckhardt, "We are social: a social influence perspective to investigate shadow IT usage.," in Proceedings of the Twenty-Sixth European Conference on Information Systems (ECIS2018), Portsmouth, UK, 2018, pp. 23–28. [Accessed: March 27, 2023].

26. S. Haag and A. Eckhardt, "Justifying shadow IT usage," in Pacific Asia Conference on Information Systems, PACIS 2015 - Proceedings, Institute of Information Systems, Goethe University Frankfurt, Frankfurt am Main, Germany, 2015. [Accessed: March 27, 2023].

27. F. Born and J. Krönung, "Deviant cloud usage in public institutions - A matter of personal innovativeness?," in 24th European Conference on Information Systems, ECIS 2016, Goethe University Frankfurt, Frankfurt, Germany, Frankfurt, Germany, 2016. [Accessed: March 27, 2023].

28. S. Klotz, "Shadow IT and business-managed IT: Where is the theory?," in 21st IEEE Conference on Business Informatics, CBI 2019, B. J. and N. D., Eds., Faculty of Business and Economics, TU Dresden, Dresden, Germany: Institute of Electrical and Electronics Engineers Inc., 2019, pp. 286–295. Available: doi:10.1109/CBI.2019.00039. [Accessed: March 27, 2023].

29. C. Preimesberger, "Why Shadow IT Must Be Considered in Securing an Enterprise.," eWeek, pp. 3–7, Jul. 2018. [online], Available: https://www.eweek.com/security/why-shadow-it-must-be-considered- in-securing-an-enterprise/ [Accessed: March 27, 2023].

30. C. Preimesberger, "Forcepoint Fights Shadow IT with Cybersecurity Analytics Functions.," eWeek. QuinStreet, Inc., p. 1, May 26, 2017. [online], Available: https://www.eweek.com/enterprise-apps/forcepoint-fights-shadow-it-with-cybersecurity-analytics- functions/ [Accessed: March 27, 2023].

31. D. Fürstenau, H. Rothe, and M. Sandner, "Leaving the Shadow: A Configurational Approach to Explain Post-identification Outcomes of Shadow IT Systems," Business and Information Systems Engineering., vol. 63, no. 2, pp. 97–111, 2021. Available: doi:10.1007/s12599-020-00635-2. [Accessed: March 27, 2023].

32. G. L. Mallmann and A. C. G. Maçada, "The Mediating Role of Social Presence in the Relationship between Shadow IT Usage and Individual Performance: A Social Presence Theory Perspective.," EnADI 2017. Available: https://doi.org/10.1080/0144929X. 2019.1702100 no. May 2017.