Speaking as a proud member of the shadow IT brigade, I see this as a never-ending saga.
The same article could have been written 10 years ago and most probably would apply 10 years from now.
The reason at the end of the day is that authorised, properly secured apps tend to be cumbersome whereas unauthorised ones trade in the security for ease of use.
One tiny example: file sharing with external partners. Our corporate app works on a rather difficult to type URL, requires registration by the outsiders, only accepts *.zip files that contain the company name in the filename otherwise summarily deletes them and has a 50 MB limit.
Compare with box/drive/onedrive/whatever and you get a shareable URL, 15 GB size limit, 2FA for added safety and you can re-designate a file as no longer being shared after the external has taken it.
I may accept and respect our policies but my external party doesn't have time to faff on with mindless registrations just to get their hands on a single file, not to mention the amount of times externals have sent me their drawings in a zip folder only to be spaffed by the system.