IT departments must account for the business impact and security risks such applications introduce.