Shadow IT and Business-Managed IT: A Conceptual Framework and Empirical Illustration

Shadow IT and Business-Managed IT: A Conceptual Framework and Empirical Illustration

Andreas Kopper, Daniel Fürstenau, Stephan Zimmermann, Stefan Klotz, Christopher Rentrop, Hannes Rothe, Susanne Strahringer, Markus Westner
Copyright: © 2018 |Pages: 19
DOI: 10.4018/IJITBAG.2018070104
(Individual Articles)
No Current Special Offers


Research on Shadow IT is facing a conceptual dilemma in cases where previously “covert” systems developed by business entities are integrated in the organizational IT management. These systems become visible, are thus not “in the shadows” anymore, and subsequently do not fit to existing definitions of Shadow IT. Practice shows that some information systems share characteristics of Shadow IT but are created openly in alignment with the IT organization. This paper proposes the term “Business-managed IT” to describe “overt” information systems developed or managed by business entities and distinguishes it from Shadow IT by illustrating case vignettes. Accordingly, our contribution is to suggest a concept and its delineation against other concepts. In this way, IS researchers interested in IT originated from or maintained by business entities can construct theories with a wider scope of application that are at the same time more specific to practical problems. In addition, the terminology allows to value potentially innovative developments by business entities more adequately.
Article Preview


Shadow IT is a phenomenon that gained popularity in recent years among both academics and practitioners. It includes all software (incl. Software/Platform/Infrastructure as a Service), hardware, or IT service processes which are used or created by business units (BUs) without alignment with or awareness of the IT organization (Zimmermann, Rentrop, & Felden, 2014). The term BU in this context includes all types of business entities (individual users and business workgroups/units/departments/ divisions) and is subsequently used for simplification. With the term IT organization, we refer to all company-internal IT departments, subsuming different design options of the IT department(s) (Winkler & Brown, 2014). Especially trends such as cloud computing, mobile IT, and IT consumerization made it easier for BUs to procure IT by themselves without requiring deep technical expertise (Andriole, 2015; Gregory, Kaganer, Henfridsson, & Ruch, 2018). This allows BUs to become more independent from the IT organization in cases where it is perceived as too slow, too expensive, or too restrictive (Kopper, 2017). This power shift (Fürstenau, Rothe, & Sandner, 2017) undermines the control an IT organization can exert in its organization. Thus, the phenomenon can potentially lead to inefficiencies due to heterogeneous systems and uncoordinated efforts, or security-related risks with a high impact on the organization (Gozman & Willcocks, 2015).

Considering the whole body of knowledge about Shadow IT, it is mostly viewed with a negative connotation, but both researchers and practitioners are increasingly dealing with its potential benefits (Kopper, Westner, & Strahringer, 2017). It can contribute to a company's innovative potential (Silic, Silic, & Oblakovic, 2016), lead to an increased organizational agility (Tambo & Bækgaard, 2013), or simply be a way to deal with shortcomings of corporate IT systems (Alter, 2014; Behrens, 2009). These aspects stand in contrast to the negative connotation of the term Shadow IT. Also, in practice the characteristics of Shadow IT systems can change over time. As soon as the IT organization detects a hidden system it becomes visible and is not “in the shadows” anymore. The IT organization may decide to either take over control of the system completely, leave it as is, or share responsibilities with the affected BU (Zimmermann, Rentrop, & Felden, 2016). Especially a division of responsibilities as described in the latter case does not fit to the definition of Shadow IT anymore due to the involvement of the IT organization.

There is still a lack of understanding of the differences and transition between “hidden” Shadow IT systems and IT systems openly managed by BUs themselves. Behrens (2009) tries to differentiate between “good” and “bad” Shadow IT but does not systematically elaborate on their differences. Haag and Eckhardt (2017) mention “overt” Shadow IT (which is conflicting from a terminology perspective), but primarily convey a compliance perspective. There is also a phenomenon to be observed in practice that IT control is deliberately shifted to BUs. Capgemini (2016) determined that in more than 60 percent of companies, BUs were given direct control for certain IT investments (such as consulting services for pilot projects). Gartner (2017) predicts that “through 2017, 38% of technology purchases will be managed, defined, and controlled by business leaders.”

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 10: 2 Issues (2019)
Volume 9: 2 Issues (2018)
Volume 8: 2 Issues (2017)
Volume 7: 2 Issues (2016)
Volume 6: 2 Issues (2015)
Volume 5: 2 Issues (2014)
Volume 4: 2 Issues (2013)
Volume 3: 2 Issues (2012)
Volume 2: 2 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing