Old news, off target. People will choose to go rogue until they hit a wall and need help. Which is very costly to your organization.
We've been hearing this for years. It is not a new issue, no matter what you name it - "shadow IT", or just "people doing what they want to". There are standards and policiies for reasons, and people can always find an excuse for doing things differently - going all the way back decades to the infamous "it is easier to ask forgiveness than permission" and "the end justifies the means". To that, I have simple comparisons to offer: can you violate your company's travel policy because it was easier for you? Violate purchasing rules because it was quicker and easier? Use your personal cell phone in a call center environment where all calls are recorded for regulatory reasons, because it was better for you?
People don't like some rules. They always say they didn't talk to the right person first because it would take time and they might hear a "no". But after 25 years working in this field in all different kinds of environments, the people that use that excuse are not interested in a collaboration. This author thinks that if you just offer solutions instead of saying No, people will start working with IT? Not so. The problem with "shadow IT", self-empowered users, etc. is simple: most of them don't know what the impact is of what they are doing. They waste time themselves implementing poor solutions, and frequently put sensitive data at risk in the process. Then later when the solution really doesn't fit the need, and they want to expand it, or they suddenly realized it isn't secure enough, they call in the IT department to fix their mess. And cleaning up a mess is a lot more difficult than doing it correctly the first time. Training everyone would be a big help, but the truth is you need upper management to push using IT as your solutions provider, or it will just keep running amock. It is not a new problem - it started with the intro of the PC, DBase and Access, etc. and never stopped.
And by the way, everone is in a regulated environment at this point: publicly traded company? Then you have a 100 controls in place via COBIT or COSO to satisfy Sarbanes-Oxley. Health care? Welcome to HIPAA. Government? Welcome to a whole raft of different requirements depending on your function. Process payment information? Welcome to PCI. All have audit requirements. All have penalties. If your company doesn't control your data, it is not a matter of if you will get in (massive) trouble, but when.
Empowering people, giving them mobility, etc. is all possible - but only if IT is allowed to do the research, have a plan, test it out and support it. It can be done securely and still give a better overall compromise of usability and security (and support!) than random solutions (i.e. chaos).