Management Requirement
Shadow-IT is everywhere. Our case studies did not show one single department within the examined organisations that did not use Shadow-IT. In every department we found between 8 and 55 Shadow-IT instances.
Shadow-IT is developed by the end users to improve the processes of their company. Due to the use of the Shadow-IT, organisations are more flexibel and innovations are disseminated more quickly.
Yet very often these systems are developed with low professionalism. This results in intransparency regarding processes and technology, which can lead to risks in compliance and especially in data security and data privacy.
It is not possible to forbid Shadow-IT; users find detours to satisfy their need for information. Because of the existing risks of Shadow-IT, it should not be ignored. The evaluation of our projects shows that more than two thirds of the Shadow-IT instances are medium or even highly relevant. These solutions should be professionalised to reduce the risks that are associated with them. The figure to the right shows the combined distribution of the risks of all our analysed 500 Shadow-IT instances.
A target-oriented management of Shadow-IT realised by Identification, Evaluation and Control of Shadow-IT instances is necessary.
The application of the method, developed by our institute, the kips, reduces risks considerably and improves collaboration of business and IT.
