Legitimise IT

Design of an approach to the use of shadow IT for producing small and medium-sized enterprises

The aim of the research project Legitimise IT is to help SMEs in the manufacturing industry to use and legitimise beneficial shadow IT in a controlled manner, taking existing risks into account.

Initial situation

Numerous risks arise from the uncontrolled use of shadow IT in the company. For example, the extraction of data from the ERP system and processing in independent shadow IT applications can lead to an incomprehensible calculation of costs. Furthermore, the calculation is dependent on the wealth of experience of the respective sales employee. This can lead to an incorrect calculation and thus to increased costs for the manufacturing company. There are also other risks associated with shadow IT:

  • Decentralized data storage within the company can lead to current information being overwritten with old information. This results in incomplete or outdated data records, on the basis of which incorrect decisions can be made.
  • External data storage and processing via cloud platforms results in employees being unaware of how to handle data. Functionality is in the foreground, the requirements for integration and security have a low priority.
  • The low priority of integration and security requirements increases the likelihood of breaches of the basic data protection regulation.

These risks are offset by the benefits of controlled use of shadow IT in the company. For example, the company-wide use of a shadow IT application by an experienced internal sales representative can allow installation costs to be calculated efficiently and more accurately. In addition to such an increase in the efficiency of operating processes, there are other benefits:

  • Increasing the motivation of the employees in the departments due to the availability of practicable solutions.
  • Increase in flexibility, as no time-consuming coordination with the IT department is necessary.
  • Increase in the promotion of innovation through the design of IT solutions close to the business departments.

It is clear from the explanations that both risks and benefits are associated with shadow IT. The challenge for companies is to find a balance between benefits and risks when using shadow IT.

Solution approach

There are already approaches for dealing with shadow IT. However, up to now there is a lack of a procedure adapted to SMEs, with which shadow IT can be used in consideration of their risks. This research project focuses on the conception of an intermediary.

Methodologically presented approaches to the use of shadow IT are not available to SMEs, which means that a targeted use cannot be implemented. This justifies the working hypothesis of the research project Legitimise IT:

The research project will enable SMEs in the manufacturing industry to systematically evaluate the benefits and risks of shadow IT and to use it profitably for themselves.

The research goal is to show to what extent SMEs can use shadow IT through controlled legitimisation. This results in the following sub-goals (TC):

  • TC I: Development of a methodology suitable for SMEs to identify shadow IT;
  • TC II: Identification of benefit aspects and risks resulting from shadow IT;
  • TC III: Development of methods to quantify the identified benefits and risks;
  • TC IV: Development and determination of approaches to solutions taking into account MTO perspectives;
  • TC V: Derivation of a holistic and validatable procedure that can be designed to meet the specific needs of the company;
  • TC VI: Measurement of the developed procedure with regard to the success-critical and financial parameters of corporate success.

Expected result

As a result, a procedure for the controlled use of shadow IT for producing SMEs is expected.

Benefits for the target group

The results of the research project will enable SMEs in the manufacturing industry to systematically evaluate and quantify the benefits and risks of shadow IT and to use them profitably for themselves.


  • Machinery and Plant Engineering

Topic Area

  • Information Management
  • Business Transformation

Research Focus

  • IT-Komplexitätsmanagement

FIR Navigator

  • Cybersecurity
  • JRF Guiding Topic

    • Society & Digitization
    • Industry & Environment


    Funding no.
    21191 N
    Funding information

    The IGF project 05339/19 N of the Research Association FIR e. V. at the RWTH Aachen University is funded via the AiF within the framework of the programme for the funding of cooperative industrial research (IGF) by the Federal Ministry for Economic Affairs and Climate Action (BMWK) on the basis of a resolution of the German Bundestag.

    Further information

    Der Abschlussbericht zu diesem Forschungsprojekt ist über den FIR e. V. an der RWTH Aachen erhältlich: epub(at)fir.rwth-aachen.de