1. Introduction
Currently, technology is evolving at a tremendous and accelerated pace, it seems as though everyday there is new software that absolutely changes the way that things are made and perceived. On the other hand, every day more and more people are gaining access to smartphones, to the internet and to all the benefits these bring along. Furthermore, innovative information technology (IT) applications and the services offered in the cloud—easily accessible via the internet, either for free or on a flexible pay-per-use basis—are increasing fast [
1,
2,
3]. All of this can and is being used by employees on laptops, tablets and smartphones to work in a more efficient way, from work or at home, to help better accomplish their daily work requirements. However, while these benefits drive the digital transformation being witnessed today, they also motivate users to turn to these solutions without their organization’s approval [
4]. This is called shadow information technology (SIT).
SIT represents all hardware, software, or any other technological solution used by employees inside of the organizational ecosystem, that did not receive any formal IT department approval [
5,
6]. Some examples include Dropbox, Google Drive and WhatsApp, which are applications available on the cloud, which means there is no need to download or install them. While most of these applications are harmless, there is always the possibility of hackers accessing important company data and information [
7].
The constant need of end-users to complete their job and employees’ dissatisfaction with the implemented software are the main reasons behind the rise and development of SIT [
8]. SIT represents one of the biggest threats for organizational IT security [
9], and most of the time SIT is used to complement already-established enterprise resource planning (ERP) systems—the same systems adopted to eradicate and reduce the dependency on SIT.
Some authors suggest that SIT offers an effective and efficient way for users to cope with the insufficiencies of the formal systems and can be used as a solution to an existing problem with the implemented systems [
4,
5,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20]. On the other hand, the negative side of SIT has also been pointed out as it creates the complex challenges experienced by many organizations and IT departments[
5,
7,
8,
11,
13,
21,
22,
23]. In fact, SIT is widely considered as one of the biggest challenges for the chief information officers (CIOs) and the IT departments [
5] of organizations due to the risks it brings. For instance, the loss or leak of data, compliance-related issues or even the loss of investment are all risks for organizations, as most of these devices and applications leave no blueprints behind. This makes it complex to assess the actual risk, undermines the main system of a company and potentially damages organizational information and processes.
SIT is, most of the time, a result of individual behavior, and it is characterized through accessing, acquiring or using the widely available tools, processes or systems that have not received prior formal IT department approval [
9]. Individuals rely on their own knowledge and experience to address their daily tasks in ways that they feel are best fitted to their needs, believing that the delivery of results will surpass the consequence of using SIT. This creates risks in a multitude of ways, which can, unintentionally, negatively affect the company’s dynamics and the employees’ work.
With the current evolution of IT and the increase in its users, organizations should not take this matter lightly as it is already being considered as one of the top concerns of CIOs and IT managers [
22,
24,
25], as employees are already using SIT in a variety of ways for their daily tasks. Furthermore, most of them do not have the necessary know-how to defend themselves in the case of an attack on their devices.
Organizations do not put enough focus on the expected benefits, even though it has been proven that if they are to increase the likelihood of success from their IT investments, they must separate out the different causes of the benefits that they will bring before developing any implementation plan [
26], no matter what the approach is, as the goal for investing in IT should always be to improve performance in order to achieve business goals. According to [
27], research has indicated that management does not comprehend how to identify business benefits, and that is where the need for a benefit dependency network (BDN) comes from, as it allows management to clarify and highlight the change requirements that will be used to analyze the changes needed before advancing with new IT investments. It will help to examine the connection between technologies, processes and people-aiding management in understanding how the blend of technology and business changes will help to deliver the expected benefits. The BDN appears to be the appropriate tool for this level of initial research, acting as a catalyst to start the discussion and examine the data. Thereby, the occurrence of SIT is a phenomenon that has been insufficiently explored, on one hand, and, on the other hand, it is often misinterpreted [
8]. This is a big reason why this subject deserves more attention from both organizations and the scientific world.
This research aimed to propose a BDN for SIT, through SLR and DSR methodologies, to specify the connections and benefits that may arise if companies start looking at SIT as a solution and not as a problem.
This article is structured as follows:
Section 2 presents the related work.
Section 3 describes the research methodology used in this study—adopting design science research.
Section 4 presents the design and development of our artefact.
Section 5 presents the discussion. Finally,
Section 6 presents the conclusion.
4. Design and Development
As we aimed to design, build and evaluate the BDN, the DSR was the appropriate choice, as it seeks to extend the boundaries of human and social capabilities by creating new and innovative artifacts. To improve the access to our research question on the benefits of SIT adoption, a questionnaire was designed to better help us validate and strengthen our proposed BDN, which was conducted in a growing north American Fintech company, which, for confidentiality reasons, will be called ReaLife. A case method fitted this study, since it allowed the exploration of the benefits of SIT adoption in a real-world context and through theory.
The Fintech industry, in particular, was selected due to the need to reduce risks and to maximize the potential of SIT in an environment that is highly regulated, extremely competitive and innovative. There is a need for growing Fintech companies to stay in pace with the ever-growing demands of their clients and technological advances, as more and more people are starting to rely on these solutions to reach their financial goals. ReaLife was created in the early 2000s and quickly gained notoriety in the north American market, with its strong tradition of providing platforms and solutions for their clients to manage their fees, statements, financial reports and investments. The company is currently going through an expansion, as they plan to enter the European market by buying an already-established European Fintech, merging both companies into one. This process, so far, has exposed the huge differences in how the business is handled differently on both continents, as there is a feeling that European policies are stricter and more demanding than the ones existing in north America. The merging process is supposed to take over a year, and many gaps have already been identified in the company’s infrastructure and in its system’s integrity when it comes to outside resources that will put the company’s information and data at serious risk if it is not handled properly.
Data were collected from interviews and observations. As shown in
Table 6, we conducted 15 semi-structured interviews, which took place over a two-week period, between October and November 2021. Experts, who were mostly from the IT units of both the European and north American sides of the company, were consulted. Their roles included the COO, team leaders, heads of department, senior analysts, development leads, system architects and solutions analysts. The interviewees’ professional IT experience ranged from 5 to 30 years, and the interviews lasted anywhere between 30 and 45 min. All the interviews were recorded and stored in a case database.
The first step of each interview was to present the definitions of SIT and BDN, and also the five concepts of BDN. Thereafter, the proposed BDN was shown, and the interviewee was asked for their input on the outputs shown on the BDN, e.g., which would they want to add? How would they interconnect (
Appendix A)?
We followed the recommendations of the authors of [
48], related to the interviews and the qualitative research enriching the experts’ viewpoints about a topic, adding valuable information. This approach allowed us to obtain important aspects that we had not been able to identify through our research and that were also useful in helping us validate our BDN. It was also important to form an idea of what the interviewees’ personal experiences with SIT were for the purpose of better understanding how much impact it makes and how big of an issue it really is in the workplace.
Furthermore, we made sure that the interviewees had early access to the definitions, the BDN and the questions to allow them to understand what the topic of the questionnaire would be, and, also, to allow us to clarify any questions they might have had on the subject prior to the interview. Our interviewees’ credibility was additionally confirmed by asking them for specific examples of when they had directly come face-to-face with SIT.
4.1. First Design Science Iteration
Some of the literature provided contradictory findings about SIT, and, while it is generally associated with risks, it is also argued that it could be beneficial to companies [
14]. Most benefits were related to increased creativity, innovation and improved business performance by helping users to interact with systems that meet their particular needs by working around the limitations of existing information systems or processes in an organization [
15]. It supports users to increase their performance and is innovative and flexible [
16]. SIT can be a source of creativity and innovation [
7]. The use of SIT boosts employees’ productivity and enables faster and better collaboration and communication [
17], as it helps the circulation of information more instantaneously, in a way that is faster, and more agile, dynamic and practical, all without the need of formal permission [
12].
Some of the benefits that are connected with the use of SIT are related to the creativity surrounding the systems—the perceived innovativeness of the systems and the stability and order brought about by the system [
9]. This translates into an elevated level of motivation by the employees, which also raises productivity. If employees feel as though they are using the correct tools for their tasks, then they will be more likely to perform at the desired levels. Applications such as Skype, Facebook video calling and Google Talk are the main ones being used by co-workers to collaborate and communicate at work. There is a clear tendency among employees to use mainstream apps, as they are better known, easier to use, have a friendly interface and most of their issues and bugs are well documented on the internet. All these factors contribute to the adoption of SIT as a way to both facilitate tasks and improve performance, with some estimates finding that shadow systems account for more than 80% of the IT systems deployed by the end-users [
9], as they can be very efficient and effective when used in place of the formal and standard systems already present [
19].
Enterprise architecture (EA) can also benefit from SIT when planned accordingly and can have a significant impact if addressed from the correct point of view [
32], as follows:
Current: SIT can beneficially be included to obtain a better global image of inventory and processes.
Change: overlooked SIT systems can have a serious impact on the success and outcome of changes, existing SIT systems can be converted or included in official EA and users can respond to poorly aligned EA by making SIT systems.
Future: several studies suggest that the successful organizations of the future will be the ones that will create opportunities for SIT systems and reduce central control over IT.
Engaging users in system development will eventually lead to fast adaptations to market changes, with the maximum insight and minimum cost, by creating local engagement, rapid adaptation and inexpensive innovation. This will make SIT too good to pass on, so organizations will eventually have to address it or risk allowing more non-regulated and non-controlled development of systems in order to keep pace with market- driven and rapid innovation requirements [
32]. All this gathered information (
Table 7) allowed us to create a BDN model that was oriented to SIT adoption, as shown in
Figure 1, which was used as a reference to validate this research’s theory.
For the interview process and to help us to better understand and visualize all contributions, a color scheme was selected according to the input received from the interviewees—any new addition would be represented by the color green, any removal would be represented by the color red and any change to a currently existing field would be represented by the color yellow.
In order to validate the contributions and to avoid having artifacts with no correlation whatsoever, after the interviewees gave their opinions on the proposed BDN, they were also asked if they agreed with the input provided by their peers. We assumed that whenever a change was confirmed by more than three people, it would be considered valid and, therefore, would be added to the final artifact.
Figure 2 presents the proposed BDN for SIT adoption.
One of the interviewees suggested only one change, so we considered that contribution invalid. Our first interview was with a project manager (PM), who had over 20 years of experience in IT. They agreed with the proposed BDN, but suggested the following, as displayed in
Figure 3: adding “update IT policies” to the enabling changes column; adding “increased productivity and efficiency” to the investment objectives; merging the fields “analysis of data”—which could not be analyzed previously—and “evidence-based action”; removing ”improve business processes” from the investment objectives column; and removing “prevent fraud” from the investment objectives column.
5. Discussion
SIT is a socio-technical phenomenon [
21], and whether it is good, bad or even neutral is not clear yet, as opinions diverge on what really happens in organizations, on how to handle it or if it is even worth the risk, as many times, in practice, the situation is often more complicated [
12]. Aspects such as company data safety being more important than employee satisfaction or productivity, and profit being the main focus no matter the downside make the behavioral consequences of utilizing shadow IT ambiguous [
37], as employees justify their use on the grounds of better productivity; however, on the other hand, management and IT departments spend a lot of time, effort and capital to ensure that the company system stays up-to-date and protected. There is no clear solution for this dilemma, as both sides have very valid reasons for why they are doing what they are doing, and the differences are sometimes abysmal, with multiple companies finding it difficult and often impossible to fill this gap on their own [
23]. Often, organizations find themselves in an area of conflict, as IT integration might eliminate the benefits that SIT offers [
21].
There is a need to try to find common ground, one where IT departments and employees are on the same page and where both work together towards productivity and dynamism. There is a need for consensus when it comes to SIT because it is not going away, but quite the opposite, there is an increase in its use as big tech companies focus more and more on the cloud and cloud-based services, which are interactive and friendly to the user—even the management use these solutions—which further strengthens the usage of SIT [
23]. This is something that IT departments and management can use to improve the corporate IT landscape accordingly, which may have a positive impact on a company’s progress. To summarize, SIT exists alongside formal enterprise systems and either complements, expands or supplements them [
21].
Despite all the initiatives promoted by companies and IT departments, the rate at which employees still use SIT solutions for their daily tasks is a major concern for companies [
12]. This explains how a lot of management still looks at this reality, as most of the time they see it as a risk, dangerous for system integrity and for the normal functioning of the company. SIT can be used by one individual or by a group of employees, which suggests two levels of use: individual and collective use [
36]. More often than not, SIT is looked at as a liability, and this sometimes incites employees to use it, even though it is unapproved. Using SIT gives a sense of rebellion, and, at the same time, as it helps with tasks and to fulfill professional needs, employees look at it as a win–win situation. There needs to be further research in order to understand how it can be dealt with, so both the management and employees can benefit from this situation, diminish the gap between them and help companies to prosper. As it has been stated many times, SIT is only growing, so it has to be dealt with, instead of being abolished or banned. One of the main issues is that these shadow solutions and devices leave no blueprints behind, making it extremely difficult to assess their actual risk [
19]—it undermines both the main system of a company and causes damages to organizational processes and information. There is still a lack of knowledge, so not many organizations are taking risks and would rather avoid SIT instead of considering embracing it. Often, organizations can solve these inefficiencies by converting SIT into business-managed IT [
21].
Additionally, the fact that employees depend on their own knowledge and experience to address their daily tasks in a way they feel best fits their needs, while believing that the delivery of results will surpass the consequences of using SIT [
9], is one of the biggest reasons why it is spreading so fast. Often, employees view IT departments as holding them back and not as an entity that can help, as some in-house built solutions are not as interactive or user friendly as some of the solutions being used in the “shadow”. Even when the in-house solutions meet the employees’ needs, issues such as bugs, FAQs and updates will still exist. As most employees still rely on the IT department to help resolve these issues, when they cannot access that help right away, they will resort back to the solutions they know best, so companies and their data then face the same risks and liabilities when it comes to SIT. Communication and politics play a role in all of this, as they play a critical part in the overall success of SIT and the organization, in general. Disagreements between departments or a lack of communication between the staff can all lead to a company failing to implement possible solutions to SIT. Some believe that the reason for this is because of social factors—for instance, the social presence—have a profound influence on the ways in which individuals perceive and use this technology [
12].
The challenge for CIOs and IT departments is to identify the employee needs that are being filled by these solutions, and to find a way to adapt their company’s policy so that they can be used without risk to employees or to the company itself. Being strict should not be a solution anymore as, eventually, employees find a way around the implemented systems and measures—especially against integrating systems, resistance to change or technical incompatibility [
21]. Part of the solution must be understanding SIT fully in order to embrace it and adapt to it, instead of treating it as a liability. SIT requires not to be treated as the problem, but as part of the solution. In this respect, the research suggests that this is almost non-existent, even though some researchers already chose to see the positives in it and the positive outcomes it might bring for organizations when properly embraced.
Thereby, the occurrence of SIT is a phenomenon that has been insufficiently explored on one hand, and, on the other hand, one that is often misinterpreted [
8]. This is a big reason why this subject deserves more attention from both organizations and the scientific world.
Regarding enterprise mobility today, BYOD is one of the most dangerous sources of shadow IT. Using a personal device for work always implies system interaction with unlicensed software, unwanted applications and possible malware.
However, the results of this study show that shadow IT can have a positive or a negative impact, depending on the organization. In the present study, the organization was a Fintech, and the context in which the company operates due to its culture of freedom to use different devices and to work with personal devices has benefits.
6. Conclusions
There is not a considerable amount of research currently being conducted at an individual level when it comes to the benefits of SIT and the reasons behind why employees choose to or do not choose to embrace it, and to what organizations should do about this ever-growing phenomenon. While the literature on SIT has increased over the last two years, the current knowledge is still severely limited. Past studies have put more focus on the consequences and the governance side of SIT in an organizational context, shedding no light on the antecedents, precedents, reasons and motivations behind the use of SIT adoption at multiple levels within organizations. This creates a big gap in understanding what works and what does not, or of what are the benefits and the risks when it comes to approaching the existence of SIT in organizations.
As SIT studies within an innovational context are also limited, in this research we wanted to bring attention to the world of possibilities and solutions that it has to offer and to their motivations and benefits, to give a better understanding of this phenomenon. We identified that most opinions about SIT were neutral or focused on its negative impact, instead of analyzing the potential and intangibles that it has. There is a rising need for organizations and IT departments, worldwide, to adapt to new trends and advances in IT, especially one that has the ability to motivate and improve productivity and creativity within their ranks.
Organizational focus should be on how to integrate, incorporate, explain, understand and encourage SIT in order to unleash employees’ potential and to improve their production and their ability to deliver, instead of ignoring or fighting against its growth. This is what we wanted to achieve with this research, by shedding a light on the benefits of SIT in order to allow a clear analysis of what SIT is about and what it entails.
There are still some academics and IT professionals who believe that SIT is “undesirable” due to its risks, although more recent studies have stated that SIT “may be just what an organization needs”. In times of constant change and digital transformation, organizations need to have agile procedures to support facts and proper adaptation. However, without a minimum of control, such solutions can be disastrous.
There will continue to be contradicting opinions when it comes to a topic such as SIT, but in a world that is constantly evolving, it is important that organizations and management have in mind that not everything that is new or unknown will bring more harm than good. The focus must be to maximize its potential in order to achieve success, and sometimes, on taking calculated risks because, even though SIT has its negatives, the benefits of SIT adoption are numerous and there will still be a need for end-users to complete their jobs.
This study was limited by the interviews only being made in one company and by the fact that many people of interest were not available for an interview. Any future work with a bigger and broader focus in doing more interviews should be encouraged.
Therefore, this research concludes that there is a lot of potential and an upside to SIT adoption. In order to reach its benefits, there needs to be knowledge on what the system landscape of the company entails and a clear understanding of what the investment objectives are, as that is the starting point whenever taking a BDN approach in considering SIT adoption.
Limitations and Future Research
This research had some limitations. Firstly, the collected data were limited to one firm. Secondly, regarding the method used for data collection, in which in-depth interviews were adopted—other methods, such as a Delphi survey, could also be useful for this context. A longitudinal case study would also be interesting to analyze over a longer time-period, as well as in other types of industries. Further in-depth studies are also necessary to strengthen the outcomes for each benefit.