Shedding Light on Shadow IT: Definition, Related Concepts, and Consequences

  • Gabriela Labres MallmannEmail author
  • Aline de Vargas Pinto
  • Antônio Carlos Gastaud Maçada
Conference paper
Part of the Lecture Notes in Information Systems and Organisation book series (LNISO, volume 31)


The use of Information Technology (IT) without formal approval and support of the IT department, called shadow IT, has challenged organizations to rethink ways of managing IT resources in order to cope with the use of unauthorized technologies in the workplace. We review the literature on shadow IT to shed light on this phenomenon, discussing the conceptual definition and types, the related concepts, and its consequences. This study, then, is an effort to better understand the phenomenon based on the existing literature. We provide contributions by enhancing the emerging body of knowledge on shadow IT, as well as by suggesting research gaps to be addressed in future research in order to advance on the topic.


Shadow IT Workarounds IT consumerization BYOD Literature review 


  1. Alter, S. (2014). Theory of workarounds. Communications of the association for information systems. 34(55), 1041–1066.Google Scholar
  2. Alojairi, A. (2017). The dynamics of IT workaround practices a theoretical concept and an empirical assessment. International Journal of Advanced Computer Science and Applications, 8(7), 527–534.CrossRefGoogle Scholar
  3. Azad, B., & King, N. (2008). Enacting computer workaround practices within a medication dispensing system. European Journal of Information Systems, 17(3), 264–278.CrossRefGoogle Scholar
  4. Azad, B., & King, N. (2012). Institutionalized computer workaround practices in a Mediterranean country: an examination of two organizations. European Journal of Information Systems, 21(4), 358–372.CrossRefGoogle Scholar
  5. Behrens, S., & Sedera, W. (2004). Why do shadow systems exist after an ERP implementation? Lessons from a case study. In Pacific Asia conference on information systems (PACIS).Google Scholar
  6. Dang-Pham, D., & Pittayachawan, S. (2015). Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: A protection motivation theory approach. Computers & Security, 48, 281–297.CrossRefGoogle Scholar
  7. Ferneley, E. H., & Sobreperez, P. (2006). Resist, comply or workaround? An examination of different facets of user engagement with information systems. European Journal of Information Systems, 15(4), 345–356.CrossRefGoogle Scholar
  8. French, A. M., Guo, C., & Shim, J. P. (2014). Current status, issues, and future of bring your own device (BYOD). Communications of the Association for Information Systems, 35(10), 191–197.Google Scholar
  9. Fürstenau, D., & Rothe, H. (2014). Shadow IT systems: discerning the good and the evil. In Twenty-second European conference on information systems, Tel Aviv.Google Scholar
  10. Fürstenau, D., Rothe, H., & Sandner, M. (2017). Shadow systems, risk, and shifting power relations in organizations. Communications of the Association for Information Systems, 41, 43–61.CrossRefGoogle Scholar
  11. Globalscape. (2016). Be afraid of your shadow: What is “shadow IT” and how to reduce it. Disponível em: Acesso em: 05 março 2018.
  12. Gozman, D., & Willcocks, L. (2015). Crocodiles in the regulatory swamp: Navigating the dangers of outsourcing, SaaS and Shadow IT. In Proceedings of the thirty-sixth international conference on information systems, Fort Worth.Google Scholar
  13. Györy, A. A. B., Cleven, A., Uebernickel, F., & Brenner, W. (2012). Exploring the shadows: IT governance approaches to user-driven innovation. In Proceedings of european conference on information systems. Paper 222.Google Scholar
  14. Haag, S., & Eckhardt, A. (2014). Normalizing the shadows–The role of symbolic models for individuals’ shadow IT usage. In Proceedings of the thirty-fifth international conference on information systems, Auckland.Google Scholar
  15. Haag, S. (2015). Appearance of dark clouds?-an empirical analysis of users’ shadow sourcing of cloud services. In Wirtschaftsinformatik (pp. 1438–1452).Google Scholar
  16. Haag, S., & Eckhardt, A. (2015). Justifying shadow IT usage. In Proceedings of the 19th Pacific Asia conference on information systems, Singapore.Google Scholar
  17. Haag, S., Eckhardt, A., & Bozoyan, C. (2015). Are shadow system users the better IS users?–Insights of a lab experiment. In Proceedings of the thirty-sixth international conference on information systems, Fort Worth.Google Scholar
  18. Haag, S., & Eckhardt, A. (2017). Shadow IT. Business & Information Systems Engineering (pp. 1–5).Google Scholar
  19. Harris, J., Ives, B., & Junglas, I. (2012). IT consumerization: When gadgets turn into enterprise IT tools. MIS Quarterly Executive, 11(3).Google Scholar
  20. Huber, M., Zimmermann, S., Rentrop, C., & Felden, C. (2016). The relation of shadow systems and ERP systems—Insights from a multiple-case study. Systems, 4(1), 11. Scholar
  21. Huber, M., Zimmermann, S., Rentrop, C., & Felden, C. (2017). Integration of shadow IT systems with enterprise systems—a literature review. In Proceedings of the twenty-first Pacific Asia conference on information systems, Langkawi.Google Scholar
  22. Jones, D., Behrens, S., Jamieson, K., & Tansley, E. (2004). The rise and fall of a shadow system: Lessons for enterprise system implementation. In ACIS 2004 Proceedings (p. 96).Google Scholar
  23. Khalil, S., Winkler, T. J., & Xiao, X. (2017). Two Tales of Technology: Business and IT Managers’ Technological Frames Related to Cloud Computing.Google Scholar
  24. Laumer, S., Maier, C., & Weitzel, T. (2017). Information quality, user satisfaction, and the manifestation of workarounds: a qualitative and quantitative study of enterprise content management system users. European Journal of Information Systems, 26(4), 333–360.CrossRefGoogle Scholar
  25. Lis, T., & Paula, B. (2015). The use of cloud computing by students from technical university-The current state and perspectives. Procedia Computer Science, 65, 1075–1084.CrossRefGoogle Scholar
  26. Lund-Jensen, R., Azaria, C., Permien, F. H., Sawari, J., & Bækgaard, L. (2016). Feral information systems, shadow systems, and workarounds–A drift in IS terminology. Procedia Computer Science, 100, 1056–1063.CrossRefGoogle Scholar
  27. Mallmann, G. L., Maçada, A. C. G., & Oliveira, M. (2018a). The influence of shadow IT usage on knowledge sharing: An exploratory study with IT users. Business Information Review, 35(1), 17–28.CrossRefGoogle Scholar
  28. Mallmann, G. L., Maçada, A. C. G., Eckhardt, A. (2018b). We are Social: a social influence perspective to investigate shadow IT usage. In Proceedings of European conference on information systems, Portsmouth, UK.Google Scholar
  29. Malaurent, J., & Avison, D. (2015). From an apparent failure to a success story: ERP in China—Post implementation. International Journal of Information Management, 35(5), 643–646.CrossRefGoogle Scholar
  30. Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. Disponível em
  31. Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. It Professional, 14(5), 53–55.CrossRefGoogle Scholar
  32. Müller, S. D., Holm, S. R., & Søndergaard, J. (2015). Benefits of cloud computing: Literature review in a maturity model perspective. CAIS, 37, 42.CrossRefGoogle Scholar
  33. Park, S. C., & Ryoo, S. Y. (2013). An empirical investigation of end-users’ switching toward cloud computing: A two factor theory perspective. Computers in Human Behavior, 29(1), 160–170.CrossRefGoogle Scholar
  34. Raden, N. (2005). Shedding light on shadow IT: Is excel running your business. DSSResources. com, 26.Google Scholar
  35. Rentrop, C., & Zimmermann, S. (2012). Shadow IT-management and control of unofficial IT. In Proceedings of the 6th international conference on digital society (pp. 98–102).Google Scholar
  36. Silic, M., & Back, A. (2014). Shadow IT–A view from behind the curtain. Computers & Security, 45, 274–283.CrossRefGoogle Scholar
  37. Silic, M., Barlow, J. B., & Back, A. (2017). A new perspective on neutralization and deterrence: Predicting shadow IT usage. Information & management, (in press), 1–15.
  38. Singh, H. (2015). Emergence and consequences of drift in organizational information systems. In Proceedings of the Asia conference on information systems (PACIS). Paper 202.Google Scholar
  39. Shin, D. (2015). Beyond user experience of cloud service: Implication for value sensitive approach. Telematics and Informatics, 32(1), 33–44.CrossRefGoogle Scholar
  40. Shumarova, E., & Swatman, P. A. (2008). Informal ecollaboration channels: Shedding light on “shadow cit”. In Proceedings of LED 2008, Bled, Slovenia.Google Scholar
  41. Steinhüser, M., Waizenegger, L., Vodanovich, V. & Richter, A. (2017). Knowledge management without management—Shadow IT in knowledge-intense manufacturing practices. In Proceedings of the 25th European conference on information systems, Guimarães, Portugal.Google Scholar
  42. Turner, A. (2015). Generation Z: Technology and social interest. The Journal of Individual Psychology, 71(2), 103–113.CrossRefGoogle Scholar
  43. Turkle, S. (2011). Alone together: Why we expect more from technology and less from each other. New York: Basic Books.Google Scholar
  44. Vogus, T. J., & Hilligoss, B. (2016). The underappreciated role of habit in highly reliable healthcare. BMJ Quality & Safety 25(3), 141–146.CrossRefGoogle Scholar
  45. Walterbusch, M., Fietz, A., & Teuteberg, F. (2017). Missing cloud security awareness: investigating risk exposure in shadow IT. Journal of Enterprise Information Management, 30(4), 644–665.CrossRefGoogle Scholar
  46. Walters, R. (2013). Bringing IT out of the shadows. Network Security, 2013(4), 5–11.CrossRefGoogle Scholar
  47. Webster, J. & Watson, R. T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, 26, xiii–xxiii.Google Scholar
  48. Weiss, F., & Leimeister, J. M. (2012). IT innovations from the consumer market as a challenge for corporate IT. Business & Information Systems Engineering, 6, 363–366.CrossRefGoogle Scholar
  49. Zimmermann, S., Rentrop, C., & Felden, C. (2014). Managing shadow IT instances–a method to control autonomous IT solutions in the business departments. In Proceedings of the Twentieth Americas Conference on Information Systems, Savannah.Google Scholar
  50. Zimmermann, S., & Rentrop, C. (2014). On the emergence of shadow IT-a transaction cost-based approach. In Proceedings of the Twenty Second European Conference on Information Systems, Tel Aviv.Google Scholar
  51. Zimmermann, S., Rentrop, C., & Felden, C. (2017). A multiple case study on the nature and management of shadow information technology. Journal of Information Systems, 31(1), 79–101.CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.UFRGSPorto AlegreBrazil

Personalised recommendations