I am not optimistic.  Shadow IT presents immense risk from a data security and compliance perspective.  The problem is that Shadow IT is often sanctioned by people with spending authority and that means people at reasonably senior levels.  It isn't hard to end up in a situation where behaviours that put an organisation at risk are not only sanctioned, but rewarded.

The nature of Shadow IT is that its output lacks the formal support structures and practises to be self sustaining.  That means that, eventually, the progenitor of a particular solution will move on or be promoted to a position where they can divest themselves of their offspring.  Because their offspring is regarded as "mission critical" it rolls down hill into formal IT.  Should a breach occur as a direct result of using this system then it is formal IT that will end up carrying the can.