IT can implement a few measures to correct this. First, if IT meets the business requirements of its internal clients, then those clients have no reason to look for other options. Second, IT needs to publish and promote data governance policies within the company. Violations most often occur due to a lack of understanding, rather than deliberate subversion.
IT may never have the bandwidth to prevent business folks from looking outside the firewall for the services they need -- after all, that's a big reason why cloud computing exists. Users are going to take matters into their own hands when they need to, not for malicious reaons, but to get things done. If the rules for handling data are crystal clear from the start, then "going rogue" to the cloud has far less potential to damage the business.
This article, "Sneaking around IT to get to the cloud," originally appeared at InfoWorld.com. Read more of David Linthicum's Cloud Computing blog and follow the latest developments in cloud computing at InfoWorld.com.