The trick is to treat users as if they were part of IT. In fact, they already are. The majority of security breaches, for example, are caused by users who unwittingly download stuff they shouldn't. Users are the front line in protecting the security of the organization. If they felt like they were part of something, rather than simply following someone else's rules, they might be more careful.
If users are going to get more capabilities on their own, they need to accept the responsibility that comes with that greater empowerment. Rather than the consumerization of IT diminishing IT's power, it makes users conscripts to the IT cause.
If employees want to use their own smartphones for company email, for example, they need to accept that their device will forever be password protected -- and if the device is lost, it will be wiped remotely. IT can set up the process, so users can provision their devices in this way on their own. The business gets added productivity with almost no additional overhead.
In many companies this DIY model may soon extend to the user's primary computer. It's quite possible, for example, that Windows 8 will include a client-side hypervisor, which will be able to run a secure virtual machine containing everything the user needs in the way of business apps for work. When the system powers down, the business virtual machine goes away.
The main criterion for client hardware, then, is that it must be able to run the virtual machine. That's a wide range of hardware -- so why not let the user choose? The company reimburses the user for the cost of the machine, but vendor tech support takes care of maintaining it -- curing one of IT's biggest headaches.
The cloud side of consumerization is more complicated. Cloud services and applications need vetting to screen out providers with poor security practices and to avoid subscriptions that are redundant or wasteful. One interesting approach I've seen is VMware's Horizon App Manager, which gives users access to SaaS and Web apps, but allows IT to enforce policy -- for compliance, among other things -- and track usage.
You don't need to contemplate cloud apps very long to see the limitations of the consumerization of IT. Individuals should not simply run off and subscribe to stuff, and cost, security, and compliance aren't the only reasons. Even more important is data integration with applications already running in the enterprise. Otherwise, users are reinventing silos that fragment data about customers, products, projects, and so on.