Qualitative Analysis of Shadow IT Practices in Higher Education to Identify IT Security Needs

Ahmad Aunul Bari Hayiz; Arif Wibisono

doi:10.47065/bulletincsr.v5i3.520

Authors

Ahmad Aunul Bari Hayiz Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia
Arif Wibisono Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia

DOI:

https://doi.org/10.47065/bulletincsr.v5i3.520

Keywords:

Shadow IT; Work System Theory; Open Coding; Qualitative Case Study; Educational Organization

Abstract

The presence of Shadow IT in educational settings often stems from users' attempts to fulfill work needs that are not met by formal systems. These tools, typically accessed outside institutional infrastructure, are preferred due to their practical use in day-to-day activities. However, such informal practices have been observed to trigger a variety of technical and security-related issues that remain undocumented by institutional IT policies. These tools may also pose significant risks to information security and work system reliability. This research aims to examine recurring problems encountered by users and interpret how these issues relate to key components in the work systems such as participants, technologies, information, processes, and products/services. The study employed a qualitative case study and applied the Eisenhardt method (1989) approach involving 35 respondents through interviews and field observations. Data was analyzed using open coding to extract recurring problem patterns. The analysis revealed four primary categories of problems System Error, Slow System Response, Access Limitations and Data Loss. These findings indicate that Shadow IT disrupts the flow of information and affects both technological and human elements within the work system. The study contributes by mapping factual user difficulties to concrete IT security needs that extend beyond formal policies. It suggests that effective IT security must address not only technical safeguards but also user behavior, access reliability, and adaptive policies capable of integrating informal digital practices.

Downloads

Download data is not yet available.

References

G. L. Mallmann and A. C. G. Maçada, “The mediating role of social presence in the relationship between shadow IT usage and individual performance: a social presence theory perspective,” Behav. Inf. Technol., vol. 40, no. 4, pp. 427–441, 2021, doi: 10.1080/0144929X.2019.1702100.

L. Rakovic, T. A. Duc, and V. Vukovic, “Shadow it and ERP: Multiple case study in German and Serbian companies,” J. East Eur. Manag. Stud., vol. 25, no. 4, pp. 730–752, 2020, doi: 10.5771/0949-6181-2020-4-730.

M. Huber, C. Rentrop, S. Zimmermann, and C. Felden, “Decision Making to Integrate Shadow IT and Enterprise Systems,” in Twenty-fifth Pacific Asia Conference on Information Systems, 2021, pp. 1–14. [Online]. Available: https://aisel.aisnet.org/pacis2021/27

D. J. Castanelli, J. M. Weller, E. Molloy, and M. Bearman, “Shadow systems in assessment: how supervisors make progress decisions in practice,” Adv. Heal. Sci. Educ., vol. 25, no. 1, pp. 131–147, 2020, doi: 10.1007/s10459-019-09913-5.

L. Rakovi?, M. Sakal, P. Matkovi?, and M. Mari?, “Shadow IT – A systematic literature review,” Inf. Technol. Control, vol. 49, no. 1, pp. 144–160, 2020, doi: 10.5755/j01.itc.49.1.23801.

G. L. Mallmann, A. de Vargas Pinto, and A. C. Gastaud Maçada, “Shedding light on shadow it: Definition, related concepts, and consequences.,” Atas da Conf. da Assoc. Port. Sist. Inf., vol. 2018-October, 2018, [Online]. Available: https://aisel.aisnet.org/capsi2018/23

A. Kopper, M. Westner, and S. Strahringer, “From Shadow IT to Business-managed IT: a qualitative comparative analysis to determine configurations for successful management of IT by business entities,” Inf. Syst. E-Bus. Manag., vol. 18, no. 2, pp. 209–257, Jun. 2020, doi: 10.1007/s10257-020-00472-6.

T. Nguyen, “Understanding Shadow IT usage intention: a view of the dual-factor model,” Online Inf. Rev., vol. 48, no. 3, pp. 500–522, 2024, doi: 10.1108/OIR-04-2022-0243.

M. I. Kapepo, J. P. Van Belle, and E. Weimann, “Towards a theoretical understanding of workarounds emerging from use of a referral mobile application: A developing country context,” Procedia Comput. Sci., vol. 196, pp. 533–541, 2021, doi: 10.1016/j.procs.2021.12.046.

S. Klotz, A. Kopper, M. Westner, and S. Strahringer, “Causing factors, outcomes, and governance of shadow IT and business-managed IT: A systematic literature review,” Int. J. Inf. Syst. Proj. Manag., vol. 7, no. 1, pp. 15–43, 2019, doi: 10.12821/ijispm070102.

D. Y?lmaz Börekçi, S. Büyüksaatç? Kiri?, and S. Batmaca, “Analysis of enterprise resource planning (ERP) system workarounds with a resilience perspective,” Contin. Resil. Rev., vol. 2, no. 2, pp. 131–148, 2020, doi: 10.1108/crr-06-2020-0022.

A. Kopper and M. Westner, “Towards a taxonomy for Shadow IT,” in AMCIS 2016: Surfing the IT Innovation Wave - 22nd Americas Conference on Information Systems, 2016, pp. 1–10. [Online]. Available: https://aisel.aisnet.org/amcis2016/EndUser/Presentations/3

V. Chauhan, C. Arora, H. Khalajzadeh, and J. Grundy, “How do software practitioners perceive human-centric defects?,” Inf. Softw. Technol., vol. 176, p. 107549, 2024, doi: https://doi.org/10.1016/j.infsof.2024.107549.

D. Fürstenau, H. Rothe, and M. Sandner, “Leaving the Shadow: A Configurational Approach to Explain Post-identification Outcomes of Shadow IT Systems,” Bus. Inf. Syst. Eng., vol. 63, no. 2, pp. 97–111, 2021, doi: 10.1007/s12599-020-00635-2.

D. Fürstenau, M. Sandner, and D. Anapliotis, “Why do shadow systems fail? An expert study on determinants of discontinuation,” in 24th European Conference on Information Systems, ECIS 2016, 2016, p. ResearchPaper157. [Online]. Available: https://aisel.aisnet.org/ecis2016_rp/157

F. Mörike, H. L. Spiehl, and M. A. Feufel, “Workarounds in the Shadow System: An Ethnographic Study of Requirements for Documentation and Cooperation in a Clinical Advisory Center,” Hum. Factors, vol. 66, no. 3, pp. 636–646, 2024, doi: 10.1177/00187208221087013.

M. Silic, D. Silic, and G. Oblakovic, “Influence of Shadow IT on Innovation in Organizations,” Complex Syst. Informatics Model. Q., no. 8, pp. 68–80, 2016, doi: 10.7250/csimq.2016-8.06.

A. de Vargas Pinto, I. Beerepoot, and A. C. G. Maçada, “Encourage autonomy to increase individual work performance: the impact of job characteristics on workaround behavior and shadow IT usage,” Inf. Technol. Manag., vol. 24, no. 3, pp. 233–246, 2023, doi: 10.1007/s10799-022-00368-6.

F. A. Ogedengbe, Y. Y. Abdul Talib, and F. H. Rusly, “Influence of structural factors on employee cloud shadow IT usage during COVID-19 lockdown: a strain theory perspective,” Cogn. Technol. Work, vol. 26, no. 1, pp. 63–81, 2024, doi: 10.1007/s10111-023-00748-0.

A. Györy, A. Cleven, F. Uebernickel, and W. Brenner, “Exploring the shadows: IT Governance approaches to user-driven innovation,” ECIS 2012 - Proc. 20th Eur. Conf. Inf. Syst., 2012, [Online]. Available: https://aisel.aisnet.org/ecis2012/222

M. Silic, J. B. Barlow, and A. Back, “A new perspective on neutralization and deterrence: Predicting shadow IT usage,” Inf. Manag., vol. 54, no. 8, pp. 1023–1037, 2017, doi: 10.1016/j.im.2017.02.007.

H. H. Huang and J. W. Lin, “Inconsistencies Between Information Security Policy Compliance and Shadow IT Usage,” J. Comput. Inf. Syst., vol. 64, no. 4, pp. 554–564, 2024, doi: 10.1080/08874417.2023.2234318.

S. Haag, A. Eckhardt, and A. Schwarz, “The Acceptance of Justifications among Shadow IT Users and Nonusers – An Empirical Analysis,” Inf. Manag., vol. 56, no. 5, pp. 731–741, Jul. 2019, doi: 10.1016/j.im.2018.11.006.

G. L. Mallmann, A. C. G. Maçada, and G. P. Z. Montesdioca, “The social side of shadow IT and its impacts: Investigating the relationship with social influence and social presence.,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., vol. 2019-Janua, pp. 6460–6469, 2019, doi: 10.24251/hicss.2019.776.

S. Alter, “Work system theory: Overview of core concepts, extensions, and challenges for the future,” J. Assoc. Inf. Syst., vol. 14, no. 2, pp. 72–121, 2013, doi: 10.17705/1jais.00323.

K. M. Eisenhardt, “Building Theories from Case Study Research,” Acad. Manag. Rev., vol. 14, no. 4, pp. 532–550, 1989, doi: 10.5465/amr.1989.4308385.

K. M. Eisenhardt, “What is the Eisenhardt Method, really?,” Strateg. Organ., vol. 19, no. 1, pp. 147–160, 2021, doi: 10.1177/1476127020982866.

S. H. Appelbaum, “Socio-technical systems theory: an intervention strategy for organizational development,” Manag. Decis., vol. 35, no. 6, pp. 452–463, 1997, doi: 10.1108/00251749710173823.

G. L. Mallmann, A. C. G. Maçada, and M. Oliveira, “The influence of shadow IT usage on knowledge sharing: An exploratory study with IT users,” Bus. Inf. Rev., vol. 35, no. 1, pp. 17–28, 2018, doi: 10.1177/0266382118760143.

M. A. Cascio, E. Lee, N. Vaudrin, and D. A. Freedman, “A Team-based Approach to Open Coding: Considerations for Creating Intercoder Consensus,” Field methods, vol. 31, no. 2, pp. 116–130, 2019, doi: 10.1177/1525822X19838237.

M. Javaid, A. Haleem, R. P. Singh, R. Suman, and E. S. Gonzalez, “Understanding the adoption of Industry 4.0 technologies in improving environmental sustainability,” Sustain. Oper. Comput., vol. 3, no. January, pp. 203–217, 2022, doi: 10.1016/j.susoc.2022.01.008.

M. Abbas and A. Alghail, “The impact of mobile shadow IT usage on knowledge protection: an exploratory study,” VINE J. Inf. Knowl. Manag. Syst., vol. 53, no. 4, pp. 830–848, 2023, doi: 10.1108/VJIKMS-08-2020-0155.

S. Alter, “Theory of Workarounds,” Commun. Assoc. Inf. Syst., vol. 34, no. 55, pp. 1041–1066, 2014, doi: 10.17705/1CAIS.03455.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Qualitative Analysis of Shadow IT Practices in Higher Education to Identify IT Security Needs

Qualitative Analysis of Shadow IT Practices in Higher Education to Identify IT Security Needs

Authors

DOI:

Keywords:

Abstract

Downloads

References

ARTICLE HISTORY

How to Cite

Issue

Section

Most read articles by the same author(s)