Detection of Shadow IT Incidents for Centralized IT Management in Enterprises using Statistical and Machine Learning Algorithms

Abstract

Software as a Service (SaaS) is a software service where software solutions are offered to users via the internet, usually subscription-based or sometimes opened to access by selling a license key, distributed over the cloud, and updates are automatically delivered to users because they are distributed over the cloud. The number of SaaS provider companies is increasing day by day, and with this increase, unauthorized purchase of SaaS applications has become a problem for corporate-sized companies. Without the company's approval, SaaS software and hardware used by employees increase Shadow IT which means there is a potential risk of security breaches, data loss, and compliance issues as the IT department is unaware of the usage and unable to monitor and control the systems effectively. In this study, in order to avoid the problems that may be caused by Shadow IT, unauthorized SaaS applications in Arçelik Global have been detected by utilizing statistical and machine learning approaches. In the experiment, Interquartile Range, K-Means and Stabilization algorithms were used for the detection of unauthorized SaaS applications. Using all three algorithms, low, medium and high-risk shadow IT detection was made for Arçelik company. We see that the proposed stabilization approach explores unauthorized SaaS applications much more distinctively than the other two algorithms. The proposed approach can be used in the future to detect unauthorized software from other companies.

Keywords

• Shadow IT
• Centralized IT Management
• Enterprise IT
• IT Monitoring and Control

References

1. [1] Haag, S.; Eckhardt, A. Shadow IT. Bus Inf Syst Eng. 2017, vol. 59, no. 6, pp. 469–473, doi: 10.1007/s12599-017-0497-x.
2. [2] Györy A.; Cleven A.; Uebernickel F.; Brenner W. Exploring the shadows: IT governance approaches to user-driven innovation. In: Proceedings of the 20th European Conference on Information Systems. 2012, Barcelona.
3. [3] Segal M. Dealing with the realities of shadow IT. In: Datacenter J. http://www.datacenterjournal.com/dealing-realities-shadow/. Accessed 22 Nov. 2016.
4. [4] Brancheau J.C; Brown, C. The management of end-user computing: Status and Directions. ACM Computing Surveys, 1993, vol. 25, no. 4, pp. 437–482.
5. [5] Klotz, S.; Kopper, A.; Westner, M., Strahringer, S. Causing factors,outcomes, and governace of Shadow IT and business-managed IT: a systematic literature review. International Journal of Information Systems and Project Management. vol.7, no.1, 2019.
6. [6] Rentrop, C., Zimmermann, S. Shadow IT - Management and Control of Unofficial IT,” ICDS 2012: The Sixth International Conference on Digital Society, Proceedings pp. 98-102.
7. [7] Silic M.; Back, A. Shadow IT – A view from behind the curtain. Computers & Security, vol. 45, pp. 274–283, Sep. 2014, doi: 10.1016/j.cose.2014.06.007.
8. [8] Allen, D. ; Burton, F.G.;Smith, S.D.;Wood, D.A. Shadow IT Use, Outcome Effects, and Subjective Performance Evaluation. Rochester, NY, Jun. 27, 2017. doi: 10.2139/ssrn.2993443

9. [9] Alojairi, A. The Dynamics of IT Workaround Practices- A Theoretical Concept and an Empirical Assessment. International Journal of Advanced Computer Science and Applications, 2017, 8(7), 527-534.https://doi. org/10.14569/IJACSA.2017.080773.
10. [10] Behrens, S. Shadow Systems: The Good, the Bad and the Ugly. Communications of the ACM, 2009, 52(2), 124-129. https://doi.org/10.1145/1461928.1461960.
11. [11] Behrens, S. ;Sedera, W. Why Do Shadow Systems Exist after an ERP Implementation? Lessons from a Case Study. Proceedings of the 8th Pacific Asia Conference on Information Systems, 2004, 1713-1726.
12. [12] Burnett, M. M.; Scaffidi, C. End-User Development. In Soegaard, M. and Friis, R. (Eds.), The Encyclopedia of Human-Computer Interaction. Aarhus: The Interaction Design Foundation, 2013.
13. [13] Chua, C. E. H.; Storey, V. C.; Chen, L. Central IT or Shadow IT? Factors Shaping Users’ Decision to Go Rogue with IT. Proceedings of the 35th International Conference on Information Systems, 2014, 1-14. Atlanta: The Association for Information Systems.
14. [14] Haag, S.; Eckhardt, A. Normalizing the Shadows- The Role of Symbolic Models for Individuals ‘Shadow IT Usage. ICIS 2014, 2014, 1-13.
15. [15] D. A. Aziz, "Webserver based smart monitoring system using ESP8266 node MCU module," International Journal of Scientific & Engineering Research, vol. 9, pp. 801-808, 2018.
16. [16] Strong, D.M.; Volkoff O. A roadmap for enterprise system implementation. Computer, 37 (6) (2004), pp. 22-29.
17. [17] Oliver, D.; Romm, C.T. ERP systems in universities: rationale advanced for their adoption Idea Group Publishing, Hershey, PA (2002).
18. [18] Chefjec, T. Resultats De L'Enquete Sur Le Phenomene du Shadow IT http://chejfec.com/2012/12/18/resultats-complets-de-lenquete-shadow-it/ (2012) Retrieved on March 2014.
19. [19] Rentrop, C.; van Laak, O.; Mevius M. Schatten-IT: ein Thema für die interne Revision Revisionspraxis–Journal für Revisoren, Wirtschaftsprüfer, IT-Sicherheits und Datenschutz beauftragte (2) (2011), pp. 68-76.
20. [20] Warkentin, M. Willison, R. Behavioral and policy issues in information systems security: the insider threat. Eur J Inform Syst, 18 (2) (2009), p. 101.
21. [21] Puhakainen, P. Siponen, M. Improving employees' compliance through information systems security training: an action research study MIS Q, 34 (4) (2010).
22. [22] Behrens, S.; Sedera W. Why do shadow systems exist after an ERP implementation? Lessons from a case study. In: Paper presented at the 8th Pacific Asia conference on information systems. Shanghai, China; 2004.
23. [23] Harley, B. Wright, C.; Hall, R.; Dery K. Management reactions to technological change the example of enterprise resource planning. J Appl Behav Sci, 42 (1) (2006), pp. 58-75.
24. [24] Jones, D.; Behrens, S; Jamieson, K.; Tansley, E. The rise and fall of a shadow system: lessons for enterprise system implementation ACIS, Hobart, Tasmania (2004).
25. [25] Sherman, R. Shedding light on data shadow systems Inform Manage Online (29 April, 2004), p. 1002617-1.
26. [26] Haag, S.; Eckhardt, A. Justifying Shadow IT Usage, PACIS 2015 Proceedings. 241.https://aisel.aisnet.org/pacis2015/241.
27. [27] Behrens S. Shadow systems: the good, the bad and the ugly Commun ACM, 52 (2) (2009), pp. 124-129.
28. [28] Mahmood, M.A.; Siponen, M.; Straub, D.; Rao, H.R.; Raghu, T. Moving toward black hat research in information systems security: an editorial introduction to the special issue MIS Q, 34 (3) (2010), pp. 431-433.
29. [29] Silic, M.;Back, A. Information security and open source dual use security software: trust paradox open source software: quality verification. Springer (2013), pp. 194-206.
30. [30] Rentrop, C.; Zimmermann, S. Shadow IT evaluation model. In 2012 Federated Conference on Computer Science and Information Systems (FedCSIS), Sep. 2012, pp. 1023–1027.
31. [31] Raković, L.; Sakal, M.; Matković, P.; Marić, M. Shadow IT – Systematic Literature Review. Information Technology and Control, vol. 49, no. 1, Art. no. 1, Mar. 2020, doi: 10.5755/j01.itc.49.1.23801.
32. [32] Minh, H.L. Sang-To, T.; Abdel Wahab, M.; Cuong-Le, T. A new metaheuristic optimization based on K-means clustering algorithm and its application to structural damage identification. Knowledge-Based Systems, vol. 251, p. 109189, Sep. 2022, doi: 10.1016/j.knosys.2022.109189.
33. [33] Abernathy, A.; Celebi, M.E. The incremental online k-means clustering algorithm and its application to color quantization. Expert Systems with Applications, vol. 207, p. 117927, Nov. 2022, doi: 10.1016/j.eswa.2022.117927.
34. [34] Li, Y.; Chu, X.; Tian, D.; Feng, F.; Mu, W. Customer segmentation using K-means clustering and the adaptive particle swarm optimization algorithm. Applied Soft Computing, vol. 113, p. 107924, Dec. 2021, doi: 10.1016/j.asoc.2021.107924.
35. [35] Cho, I.; Park, S.; Kim, J. A fire risk assessment method for high-capacity battery packs using interquartile range filter. Journal of Energy Storage, vol. 50, p. 104663, Jun. 2022, doi: 10.1016/j.est.2022.104663.
36. [36] Selvaraj, E. Collier, J.D.; Culver, E.; Brady, J.M.; Bailey, A.; Pavlides, M. THU460 - Temporal increase in interquartile range iron-corrected T1 in high-risk patients with large-duct primary sclerosing cholangitis. Journal of Hepatology, vol. 77, p. S322, Jul. 2022, doi: 10.1016/S0168-8278(22)01009-1.