Information Systems (IS) researchers traditionally have the assumption that Information Technology (IT) innovations are conceived within the IT department. Developments like ubiquitous computing, web services and the emerging culture of digital natives challenge this foundational assumption as they enable individuals to implement their own IT innovations quickly. Placing such empowered individuals into a strictly regulated IT environment will drive them away from the IT department and towards their own IT solutions and inevitably to non-compliance. Such user- or business-driven solutions are not necessarily the result of strict policies or limited user rights but may be caused by the inability of the IT department to fulfil business needs. The phenomenon of user-driven fulfilment of requirements is called Shadow IT (SIT). While receiving very limited scholarly attention, SIT is a widespread challenge amongst IT departments. We employ a triangulation approach using three independent data sources to address this phenomenon within the three domains of IS research, IS Security (ISsec), IT Governance (ITG) and Business IT Alignment (BITA). Our findings suggest that practitioners follow three different ITG approaches to SIT based on their business or IT strategy: IT-control, user-oriented and user-driven.