There needs to be a balance to mission needs and the CIO's needs. These "shadow" systems fill a void and it was filled by the end-user rather than the CIO. There are many reasons for a end-user developed solution -- usually the CIO's budgets and available IT resources.
Depending on the app and the type of data, stick it in the cloud. Slam dunk right? Well....not so fast, some data cannot live in the cloud and must exist internally. When it comes to the security of all the internal systems, the CIO is ultimately responsible --no matter who builds and operates the system (think FISMA scorecard)!
So my two cents are: build a secure platform for end-users to develop on. Sharepoint, LAMP stacks, and Websphere come to mind. Provide them with some basic "rules the road" and let them build. It may not be a perfect fit with your SDLC, but at best it is secure.