Zusammenfassung
Basierend auf einer systematischen und umfangreichen Analyse von Praxisbeiträgen zum Thema Schatten-IT, die zwischen September 2015 und August 2016 erschienen sind, beschreibt der vorliegende Artikel Governance-Aspekte zu diesem Phänomen. Er ergänzt damit vorhergehende akademische Studien. Es zeigt sich, dass unter Praktikern der Eindruck vorherrscht, dass IT-Abteilungen unter zunehmendem Druck stehen, schneller auf sich ändernde Anforderungen aus den Fachbereichen reagieren zu müssen. Können IT-Abteilungen diesen Erwartungen nicht entsprechen, beschaffen sich Fachbereiche und Nutzer selbst Lösungen in Form von Schatten-IT. Als mögliche Antwort darauf kann sich die IT-Abteilung agiler organisieren und die IT-Architektur im Unternehmen modernisieren. Eine weitere Möglichkeit besteht darin, sich das innovative Potenzial von Schatten-IT zunutze zu machen und deren Umsetzung aktiv durch organisatorische und technische Maßnahmen zu unterstützen. IT-Sicherheitsmanagement und technische Schutzmechanismen können helfen, die so entstandenen Lösungen abzusichern und die Risiken zu minimieren. Nach vorherrschender Ansicht entwickelt sich die IT-Abteilung als Konsequenz aus all diesen Maßnahmen zu einem nutzerorientierten, internen Service-Provider und strategischen Partner für die Fachbereiche.
Abstract
Based on a systematic and comprehensive analysis of practitioner articles published between September 2015 and August 2016 about the topic Shadow IT, this paper describes governance aspects to this phenomenon. By doing so, it complements previous academic studies in the field. It turns out that practitioners have the prevailing impression that IT departments are under increasing pressure to respond faster to changing demands from the business units. If IT departments are not able to meet those expectations, business units and end users obtain solutions themselves in the form of Shadow IT. In response, IT departments can transform into a more agile organization and modernize their IT architecture. Another possibility is to leverage the innovative potential of Shadow IT and support its implementation through active organizational and technical measures. IT security management and technical security mechanisms can help to secure the thus created solutions and minimize the risks. According to the prevailing view, as a consequence to these actions the IT department transforms itself to a more user-centric, internal service provider and strategic partner for the business.
Notes
Zur Abgrenzung von Microservices und SOA siehe Pahl und Jamshidi (2016)
Literatur
Cloud Security Alliance (2016) Mitigating risks for cloud adoption. https://pages.bitglass.com/Mitigating-Risk-For-Cloud-Applications.html. Zugegriffen: 22. August 2016
Computacenter (2016) Software defined and hybrid cloud. https://www.computacenter.com/uk/it-agenda/transforming-core-it/software-defined. Zugegriffen: 27. Juli 2016
Dyché J (2015) The new IT; How technology leaders are enabling business strategy in the digital age. McGraw-Hill Education, New York
Earls AR (2015) Building a DevOps environment with microservices and containers. http://searchitoperations.techtarget.com/tip/Building-a-DevOps-environment-with-microservices-and-containers. Zugegriffen: 12. Juli 2016
Earls AR (2016) Build a shadow IT strategy all departments will love. http://searchcloudcomputing.techtarget.com/tip/Build-a-shadow-IT-strategy-all-departments-will-love. Zugegriffen: 21. März 2016
Gartner (2015) Market guide for cloud access security brokers. https://www.gartner.com/doc/3155127/market-guide-cloud-access-security. Zugegriffen: 9. November 2015
Gartner (2016) Gartner says by 2020, a corporate “No-Cloud” policy will be as rare as a “No-Internet” policy is today. http://www.gartner.com/newsroom/id/3354117. Zugegriffen: 12. Juli 2016
Harvey Nash (2015) Harvey Nash CIO survey 2015 - into an age of disruption. http://www.harveynash.com/ciosurvey/the-survey/executive-summary.asp. Zugegriffen: 2. Dezember 2015
Hinchcliffe D (2016) The advent of the citizen developer. http://www.zdnet.com/article/the-advent-of-the-citizen-developer/. Zugegriffen: 17. Mai 2016
Hoff D (2015) How to securely embrace shadow IT in the enterprise. http://www.itproportal.com/2015/12/14/how-to-securely-embrace-shadow-it-in-the-enterprise/. Zugegriffen: 15. Dezember 2015
Intuit (2015) The State of Citizen Development Report September 2015. http://apps.quickbase.intuit.com/the-state-of-citizen-development-report-whitepaper-1. Zugegriffen: 1. Oktober 2015
Kopper A, Westner M (2016a) Deriving a framework for causes, consequences, and governance of shadow IT from literature. Multikonferenz Wirtschaftsinformatik. Bd. 2016. Universitätsverlag Ilmenau, Ilmenau, S 1687–1698
Kopper A, Westner M (2016b) Towards a taxonomy for shadow IT. 22nd Americas Conference on Information Systems, San Diego.
Logicalis (2015) Logicalis CIO survey 2015: the shadow IT phenomenon. http://www.us.logicalis.com/CIO2015. Zugegriffen: 2. Dezember 2015
Mello C (2015) Shadow IT makes IT departments more, not less, relevant. http://searchcontentmanagement.techtarget.com/opinion/Shadow-IT-makes-IT-departments-more-not-less-relevant. Zugegriffen: 26. Oktober 2015
Mingay S (2014) Embracing and creating value from shadow IT. https://www.gartner.com/doc/2735218/embracing-creating-value-shadow-it. Zugegriffen: 1. Oktober 2015
NTT Communications (2016) The people vs the ministry of no: How shadow IT affects status quo between IT and business. http://www.ministryofno.com/. Zugegriffen: 13. Juni 2016
Pahl C, Jamshidi P (2016) Microservices: a systematic mapping study. 6th International Conference on Cloud Computing and Services Science, S 137–146
Panetta K (2016) Citizen IT aids mobile security. http://www.gartner.com/smarterwithgartner/citizen-it-aids-mobile-security/. Zugegriffen: 6. Juli 2016
Ponemon Institute (2016) The 2016 global cloud data security study. http://www2.gemalto.com/cloud-security-research/. Zugegriffen: 1. August 2016
Du Preez D (2015) Eurostar, Ocado and Eli Lilly want to move from “Shadow IT” to “Citizen Development”. http://diginomica.com/2015/09/18/eurostar-ocado-and-eli-lilly-want-to-move-from-shadow-it-to-citizen-development/. Zugegriffen: 1. Oktober 2015
Rubens P (2016) How can CIOs stay relevant? http://www.cio.com/article/3041504/cio-role/how-can-cios-stay-relevant.html. Zugegriffen: 17. März 2016
Samuels M (2016) Why there’s still a role for the CIO in the age of shadow IT. http://www.zdnet.com/article/why-theres-still-a-role-for-the-cio-in-the-age-of-shadow-it/. Zugegriffen: 6. Juli 2016
Settle M (2016) The world turned upside down: conventional IT is rapidly becoming shadow IT. http://www.cio.com/article/3094830/leadership-management/the-world-turned-upside-down-conventional-it-is-rapidly-becoming-shadow-it.html. Zugegriffen: 27. Juli 2016
Troy S (2015a) Embracing shadow IT: provide IT expertise to the business. http://searchcio.techtarget.com/video/Embracing-shadow-IT-Provide-IT-expertise-to-the-business. Zugegriffen: 18. August 2016
Troy S (2015b) Understanding business processes helps ward off shadow IT. http://searchcio.techtarget.com/video/Understanding-business-processes-helps-ward-off-shadow-IT. Zugegriffen: 18. August 2016
Twentyman J (2016) CIOs start to view ‘shadow IT’ as a catalyst for innovation. http://www.i-cio.com/innovation/consumerization/item/how-cios-start-to-view-shadow-it-as-a-catalyst-for-innovation. Zugegriffen: 6. Juni 2016
Author information
Authors and Affiliations
Corresponding author
Caption Electronic Supplementary Material
Rights and permissions
About this article
Cite this article
Kopper, A., Westner, M. & Strahringer, S. Kontrollierte Nutzung von Schatten-IT. HMD 54, 97–110 (2017). https://doi.org/10.1365/s40702-016-0286-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1365/s40702-016-0286-x