Abstract
Software as a Service (SaaS) is a software service where software solutions are offered to users via the internet, usually subscription-based or sometimes opened to access by selling a license key, distributed over the cloud, and updates are automatically delivered to users because they are distributed over the cloud. The number of SaaS provider companies is increasing day by day, and with this increase, unauthorized purchase of SaaS applications has become a problem for corporate-sized companies. Without the company's approval, SaaS software and hardware used by employees increase Shadow IT which means there is a potential risk of security breaches, data loss, and compliance issues as the IT department is unaware of the usage and unable to monitor and control the systems effectively. In this study, in order to avoid the problems that may be caused by Shadow IT, unauthorized SaaS applications in Arçelik Global have been detected by utilizing statistical and machine learning approaches. In the experiment, Interquartile Range, K-Means and Stabilization algorithms were used for the detection of unauthorized SaaS applications. Using all three algorithms, low, medium and high-risk shadow IT detection was made for Arçelik company. We see that the proposed stabilization approach explores unauthorized SaaS applications much more distinctively than the other two algorithms. The proposed approach can be used in the future to detect unauthorized software from other companies.
Subject
General Earth and Planetary Sciences
Reference36 articles.
1. [1] Haag, S.; Eckhardt, A. Shadow IT. Bus Inf Syst Eng. 2017, vol. 59, no. 6, pp. 469–473, doi: 10.1007/s12599-017-0497-x.
2. [2] Györy A.; Cleven A.; Uebernickel F.; Brenner W. Exploring the shadows: IT governance approaches to user-driven innovation. In: Proceedings of the 20th European Conference on Information Systems. 2012, Barcelona.
3. [3] Segal M. Dealing with the realities of shadow IT. In: Datacenter J. http://www.datacenterjournal.com/dealing-realities-shadow/. Accessed 22 Nov. 2016.
4. [4] Brancheau J.C; Brown, C. The management of end-user computing: Status and Directions. ACM Computing Surveys, 1993, vol. 25, no. 4, pp. 437–482.
5. [5] Klotz, S.; Kopper, A.; Westner, M., Strahringer, S. Causing factors,outcomes, and governace of Shadow IT and business-managed IT: a systematic literature review. International Journal of Information Systems and Project Management. vol.7, no.1, 2019.