Cloud computing went from hype to mainstream in pretty short order. That’s partly because providers are making cloud computing resources easier to use all the time. It can be as easy as taking out your credit card. In fact, it’s so easy, your employees are probably using cloud services without your IT department knowing about it.

There’s some peril in this. An IT department can’t police—and by police, I mean apply corporate policy, nothing Orwellian—what it doesn’t know about.

Employees use cheap or free cloud services for what they see as perfectly good reasons. Probably the most common is for collaboration. Any other member of your project team, any partner in your supply chain, any customer can use a generic online office applications suite to share documents. Data can be uploaded to shared online storage. This includes self-collaboration—making documents and data available to yourself in order to work on it from a home office or on the road.

In these instances, even your employees might not know they’re in the cloud.

Another common reason: Employees want services that your IT department isn’t offering them. This is a more conscious cloud decision, since employees will have to whip out the credit card to use that CRM application they covet.

Regardless of whether your employees are consciously in the cloud or not, the potential perils are the same.

* Lack of standardization. It’s great that you can collaborate with a client online using a generic office suite. But things can get dicey when you bring it back into the project team’s in-house system. Will changes continue to be tracked? What will that slide show look like? This is actually anti-collaborative.

* Proliferation of services. What if your client prefers a different application suite? Suppose you’re trying to collaborate with someone who uses a different file-sharing application than yours, say, DropBox instead of OneDrive? This leads to the use of even more cloud-based services, more desktop widgets.

* Security and governance. You can’t apply policy to what you don’t know is there. Having corporate data, which could include personal information about customers or employees, or financial transactions, or intellectual property, floating around unpoliced is a security and governance nightmare. Consider the financial implications to your company if any of that data was exposed. You’re right to shudder.

Fortunately, there are some steps an IT department can take to reduce the exposure of this ad hoc cloud use.

* Standardize. If there is some collaborative advantage to the use of cloud-based applications, services and file-sharing, make sure your staff are all on the same page technologically speaking. This means giving them access to a set of applications and services in a controlled environment—your corporate cloud—before they seek them out on their own. This will reduce the anti-collaborative effect and service proliferation issues. Use the more feature-rich enterprise version even if it costs more.

* Formalize. In a formal policy document, distributed to, read by and (if practical given the size of your company) signed by each user, define permitted uses of cloud-based services. Be specific about the consequences of breaching these policies, particularly when it comes to data-sharing services, which are the most significant corporate vulnerability.

* Survey. It’s all fine and well to point the finger at the end-user for inappropriate cloud use, but remember the second reason they turn to the cloud—for services and applications they’re not getting from in-house IT. Ask users regularly what you’re not providing and why they need it. Hold focus group meetings. One aspect of the cloud dilemma that is entirely under your control is providing excellent customer service to your users so they don’t cheat on you.