Dealing Effectively with Shadow IT by Managing Both Cybersecurity and User Needs

Authors

Steffi Haag
Andreas Eckhardt

Abstract

“Shadow IT”—information technology that is not endorsed by a company’s cybersecurity policies—is proliferating. Shadow IT typically arises when employees either create their own IT or use unapproved third-party solutions. While shadow IT may be effective in helping workers tackle various challenges, the unsanctioned nature of shadow IT can also pose significant cybersecurity risks for organizations. This article identifies four archetypal practices for managing cybersecurity and user needs that encourage, or discourage, employees to use shadow IT. From these archetypes, we propose 10 recommendations to help IT leaders deal effectively with shadow IT—by both reducing associated cybersecurity threats and improving the user experience for workers.

Recommended Citation

Haag, Steffi and Eckhardt, Andreas (2024) "Dealing Effectively with Shadow IT by Managing Both Cybersecurity and User Needs," MIS Quarterly Executive: Vol. 23: Iss. 4, Article 5.
Available at: https://aisel.aisnet.org/misqe/vol23/iss4/5