Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the New Management System Considering Shadow IT

Shadow IT를 고려한 새로운 관리체계 도입에 관한 연구

  • 유지연 (상명대학교 일반대학원 지식보안경영학과) ;
  • 정나영 (상명대학교 경영대학원 사이버보안경영학과)
  • Received : 2016.07.30
  • Accepted : 2016.08.26
  • Published : 2016.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

Keywords

References

  1. Anderson, N., "Cisco Bring Your Own Device-Device Freedom Without", San Jose : Cisco Systems, Inc, 2013.
  2. Bayan, R., "Shed Light on Shadow IT Groups", Techrepublic.com, 2004. http://www.techrepublic.com article/hed-light-on-shadow-it-groups/5247674(Checked on July 25, 2016).
  3. Brodin, M., "BYOD VS. CYOD-What is the Difference?", 9th IADIS International Conference Information System, 2016.
  4. Cio Korea, "10 Security Forecast Released by Gartner", 2016, http://www.ciokorea.com/news/30244(Checked on July 25, 2016).
  5. Computer Weekly, "Managing Shadow IT", September, 2012.
  6. Crump, G., "Shadow IT : Data Protection and Cloud Security", Gigaom Research, 2014, https://gigaom.com/report/shadow-it-data-protection-and-cloud-security(Checked on July 25, 2016).
  7. Cui, X., B.N. Mills, R.G. Melhem, and T. Znati, "Shadows on the Cloud : An Energy-aware, Profit Maximizing Resilience Framework for Cloud Computing", CLOSER, 2014.
  8. CXO Unplugged, "Shadow IT-Should CIOs take Umbrage?", Retrieved, 2012.
  9. Dhingra, M., "Legal Issues in Secure Implementation of Bring Your Own Device(BYOD)", International Conference on Information Security & Privacy, 2015.
  10. Digital Times, "CYOD' focus", September, 16, 2014.
  11. Dols, T., "Influencing Factors Towards Non-compliance in Information Systems", UAS Utrecht, 2009.
  12. Haag, S., "Appearance of Dark Clouds?-An Empirical Analysis of Users' Shadow Sourcing of Cloud Services", 2015.
  13. Hasegawa, T. and M. Nakano, "From ISMS to ITSMS", 2012.
  14. ITR, "Mobile Security-Stand up to Hidden Use Shadow IT", ITR White Paper, 2012, https://www.itr.co.jp/library/whitepaper/ITR_WP_C12090043-pdf.html(Checked on July 25, 2016).
  15. JIPDEC, "CSMS(Cyber Security Management System-Overview of the Conformity Assessment System)", 2014a.
  16. JIPDEC, "IT Service Management System-Overview of the Conformity Assessment System", 2014b.
  17. JIPDEC, "Prescription of as a Service era-IT Service Management System(Second edition)", 2014c.
  18. Kim, H., "A Case Study on Realization of ITSM Performance Applying the Change Management Framework of ITSM", Journal of Information Technology Services, Vol.10, No. 3, 2011, 251-264.
  19. Kobayashi, K., "Utilized for Business-consumer IT", Nomura Research Institute IT Solutions Frontier, Vol.12, 2011, 78-81.
  20. Kushwaha, P., "Amalgamation of the Information Security Management System with Business-Paradigm Shif", International Journal of Computer Science and Information Security(IJCSIS), Vol.14, No.1, 2016.
  21. McAfee, "The Hidden Truth Behind Shadow IT-Six Trends Impacting Your Security Posture", Stratecast Frost & Sullivan, 2013.
  22. Protiviti, "Making Shadow IT Work for You : What Financial Companies Can Do to Bring Grassroots IT Solutions Into the Fold", 2014.
  23. Raden, N., "Shedding Light on Shadow IT : Is Excel Running Your Business?", DSSResources. com, 2005.
  24. Rentrop, C., O. Laak, and M. Mevius, "Schatten-IT : Ein Thema Fur Die Interne Revision", Revisionspraxis-Journal fur Revisoren, Wirtschaftsprufer, IT-Sicherheits-und Datenschutzbeauftragte, 2011, 68-76.
  25. Rentrop, C. and S. Zimmermann, "Shadow IT : Management and Control of Unofficial IT", ICDS 2012 : The Sixth International Conference on Digital Society, 2012a, 98-102.
  26. Rentrop, C. and S. Zimmermann, "Shadow IT Evaluation Model", Proceedings of the Federated Conference on Computer Science and Information Systems, 2012b, 1023-1027.
  27. Schaffner, M., "IT Needs to Become More Like 'Shadow IT", 2007. http://mikeschaffner.typepad.com/michael_schaffner/2007/01/we_need_more_sh.html(Checked on July 25, 2016).
  28. Sherman, R., "Shedding Light on Data Shadow Systems", Information Management Online, 2004, http://www.information-management.com/news/1002617-1.html(Checked on July 25, 2016)
  29. Shumarova, E. and P.A. Swatman, "Informal e-Collaboration Channels : Shedding light on "Shadow CIT", eCollaboration : Overcoming Boundaries through Multi-Channel Interaction, 21st Bled eConference, 2008, 371-394.
  30. TechTarget, "NASA's shadow IT Issues with Cloud Computing all too Common", 2013.
  31. TechTarget, "Bring Your Own Apps(BYOA)", 2014.
  32. Yun, H., W.J. Kettinger, and C.C. Lee, "A New Open Door : The Smartphone's Impact on Work-to-Life Conflict, Stress, and Resistance", International Journal of Electronic Commerce, Vol.16, No.4, 2012, 121-152. https://doi.org/10.2753/JEC1086-4415160405