Shadow IT Assessment Workshop (Remote)

Summary: Shadow IT encompasses all technology within an organization that is not formally recognized or managed by the IT department or business officers. Managing Shadow IT is important because uncontrolled data and services may create security and privacy vulnerabilities and undermine policy consistency and infrastructure control. Challenges in managing Shadow IT can arise from both deviance and insubordination. The workshop drives participants to structure and prioritize research questions about how to encourage the articulation and operationalization of policy and guidance to access and deploy technologies that increase performance and how to identify and avoid technologies and practices that may be incommensurable, insecure, or reduce performance. These research questions will be used by participants as the basis for the creation of a research community on Shadow IT.

Objectives: Participants gain a basic understanding of Shadow IT, its importance, its implications, and its characteristics. Participants also originate an initial set of research questions for studying Shadow IT. These questions should be suitable as the base for a broader research community.

A Remote Shadow IT Workshop.

Introduction: Recent research studies show that advancements in communication technologies created new types of technologies available for organizations, some of which became completely decentralized in the past two decades, such as email and office suites. As a consequence, users are increasingly becoming a significant source of technology and IT expenses.

Introduction to Shadow IT

Although the increasing spread of cloud computing resources implies centralized control and the coordination of a different set of decision-making processes, it may be the case that users will still apply free cloud-based services without the approval or the awareness of the organization's senior management team. Under these conditions, this work has as its goals, first, to show how shadow IT is present even in online courses in which students use the Learning Management Systems; second, to reveal the concerns from instructors about what students are doing in different environments; and third, to argue that the dimensions of shadow IT might differ in online courses and may jeopardize education systems in institutions. In light of these concerns, by especially using the gamification approach, this work also proposes different strategies to encourage collaboration among students in online courses, taking advantage of the positive use of IT environments even without the complete control of them. The spread of IT environments, with diverse resources and applications in organizations, has allowed end users to make their own decisions about what IT tools to use in order to accomplish required tasks.

In this context, IT consumerization has appeared, as an increasing number of both individuals and organizations have sought to integrate personal and organizational solutions. However, this trend has been seriously concerning for organizations because the use of cloud resources may imply security, reliability, and compatibility risks. Its unauthorized use has been labeled shadow IT, which has been analyzed in research in private and public organizations. Although the increasing spread of cloud computing resources implies centralized control and the coordination of a different set of decision-making processes, it may be the case that users will still apply free cloud-based services without the approval or the awareness of the organization's senior management team. Organizations are not ready to provide, for example, reduced response times to changes or the ability to meet acceptable security standards, which means the appeal of shadow IT resources assigned to users.

Challenges and Risks of Shadow IT in Online Environments

The rapidly evolving technologies and the large digital volumes used in online learning have encouraged instructors and students to independently adopt and use individualized and personalized online tools for learning needs. These applications, software, and devices used without the knowledge and approval of the institution's IT, driven by the ease of use and immediate availability, are known as Shadow IT. Shadow IT use ranges from individual and isolated to organizational or group use. Despite the numerous reported benefits of Shadow IT, its use is not encouraged by institutions due to potential security risks, legal compliance, instructional design, support and maintenance issues, and institutional confusion related to understanding or expanding IT teaching support. The institutional learning management system guarantees that the institution's enterprise-level systems meet pedagogical agreement requirements, institutional security constraints, and user-driven managed content.

The permission of Shadow IT poses many challenges for institutions, in particular, regarding what educational applications are already known and used, who is using them, and in what context they are using them. This paper aims to overcome these challenges by:

1. discussing the definition of Shadow IT and its benefits and risks;
2. presenting a strategy and recommendations that institutions can develop to assess and manage the use of Shadow IT, and to promote good relations with their users;
3. conducting an evaluation that collected and summarized Brazilian higher education institutions actions related to Shadow IT. The evaluation presented important insights to consolidate the Shadow IT management strategy in a model for Brazilian institutions, thus promoting pedagogical intelligence and institutional innovation for digital teaching and learning environments.

Methods and Tools for Assessing Shadow IT

In the last few years, the concept of "Shadow IT" has re-emerged. These new developments revolve around the fact that users and business units are able to circumvent the traditional IT and telecommunication organizations in order to seek out and buy what they believe to be more reliable and fault-tolerant services from external vendors, providers, auditors, and consultants. Consequently, in some organizations, IT decision power is no longer held in a central position. Here, we do not concentrate on the definition of Shadow IT and the underlying power struggles; here, we concentrate on identifying and measuring "Shadow IT-enabling" activities that are related to those "Shadow powers." By having access to such information that can provide a sort of "trip wire" to the IT organizations, one can measure the soon wealth of the snowballing "Shadow IT-enabling" activities.

To this effect, we briefly lay out some methods and tools for automated web surfing and logfile analysis. The popularity, feasibility, vulnerabilities, and scrutiny concerning external, internal, high, and low trust attitudes of all sorts of online transaction processing and the consequences of such facilitated Shadow IT activities are followed up by the study results, a reliability analysis, and the respective conclusions.

Best Practices for Managing and Mitigating Shadow IT Risks

The development of strategies for assessing and managing shadow IT in online environments will be essential for ensuring a secure computing environment in the future. The following are strategies for addressing the different risks associated with shadow IT. These strategies may help improve computing experiences for faculty, reduce computing support costs, prevent university information from leaking outside of the university, and support faculty in managing professional reputations.

1. Engage in the conversation: The best way to manage and mitigate the risks associated with shadow IT is to create a culture of openness and honesty about available IT resources. Knowing what university-provided services are available will help faculty make choices that enhance IT security for the entire institution.
2. Consider a rethinking of unavailable IT services: The primary reason that users deploy and use shadow IT is that these services are faster to obtain and more secure than those provided by the university. Consider what university IT services are needed and could be provided well, and partner with faculty to create them if they do not exist.
3. Deliver secure services: The primary reason that faculty and students use university-provided services is that they are faster to obtain and more secure than shadow IT. Even when faculty are not willing to use enterprise-provided services, you can deliver secure services for investigational use, such as significant improvements in analytic processing by providing high-performance computing pools in a cloud environment.
4. Create formal policies: Existing service agreements and policies need to be expanded or modified to include information about and control over faculty's use of the internet during work or professional activities. Specifically, the use of emerging technologies such as shadow IT requires the release of updates and technical support. University IT organizations understand the compromises in security that are necessary for managing shadow IT, whereas the faculty using it may not.