This paper will look at reasons why organisations use approved software lists, and why users (with little real understanding of security) find such lists increasingly frustrating, once they have found that they can do the job quicker and more effectively using their own apps.
It also examines the role of BYOD in expanding this headache for managers of organisational systems, and how best practice of a hybrid approach to BYOD/organisation systems that embraces security issues can in turn reduce the more general problem of "Shadow IT".
The follow on from this would be an academic paper examining the relationship between type of organisation culture and extent of Shadow IT.