Dark IT is not entirely the IT department’s fault. Nothing an IT department does unilaterally is going to fix the problem. If we are trying to fix Dark IT alone, we’ll continue to be on a hiding for nothing. It is essential that the organisation (not the IT department) puts in place policies and controls over the use of information and technology in order to protect itself, and that it empowers the IT department to be the agency to monitor and effect those policies and controls.
That is a great thing to emphasize. There is a lot of “blame” to be tossed around at any one time.