To quote Dr. Manhattan, "Without condemning, or condoning, I understand".
I am in network security. I have stopped shadow IT, and been a part of it.
Your situation seems so ungodly stupid and anathema to the point of IT, that the remaining courses of action should be the following.
Thoroughly document via email your attempts at explaining requirements to Netsec, to document in writing their objections, to do your best with what they provide you... and WHEN things catastrophically break, point the finger at them and thoroughly document how if you had the proper, industry-standard tooling, you could have prevented the loss of research/time/money.
THIS. Don't paper over the issues with shadow IT. Make them painfully obvious to the point where IT has to do something or answer to it. Otherwise it will not change.
I've given teams the option to turn off their pagers when this sort of thing happens with the justification that they can't fix it anyway. And then documented the crap out of why they can't fix it so when someone asks I can point to existing policy. It's very effective if done right.
"What did you accomplish during your time with X research group?"
"Nothing since all our equipment broke, but we documented how it was all IT's fault. You shoulda seen the looks on their faces when we called them out on it to the dean!"
It seems weird to dump on IT when they’re a department responding to the incentive structure they’re placed under like everyone else. You going to the Dean/someone with actual authority to get top down approval for IT to give you what you want is basically how IT operates in large orgs. I have nigh infinite technical power but in return I am bound politically by polities that I’m explicitly not allowed to have any authority over (i.e. I can’t approve my own policy exceptions). I want to give you literally anything you ask for. As long as my ass is covered it literally doesn’t matter at all to me. When I worked Uni IT if someone wanted something we couldn’t give them because $dumb_reason weren’t in a position to have that fight with the higher-ups on their behalf. It doesn’t mean much coming from us and since it’s not impacting our work it falls on deaf ears.
From your tone you make it seem like you were proud to waste everyone’s time and money when one single meeting with the Dean and the CIO/Director of IT when the problem happened would have opened every door for you.
The parent comment was literally suggesting that GP should have allowed the equipment to fail so that IT could be blamed. I didn't get the impression GP's situation was the result of not bothering to sit down and talk to a higher-up.
Everyone else is responding to incentive structures too, it's no less legitimate for lab workers to circumvent IT due to their incentives than it is for IT workers to be unhelpful due it their incentives.
Many people are not in a stable career such that they can hang around and do upper management's job for them by "expensively failing so as to demonstrate IT's failures".
Academics and PHD students in particular live from grant to grant. They can't afford to waste grant money "to make a point that IT doesn't work." Reputations - and by extension careers - can be made and unmade with such stuff.
Aside, I think the academic life being so fragile is ALSO silly but that is another story.
I was assuming that the OP was someone who worked in a department IT role, that had to abide by more centralized IT security requirements. You're right that someone who is more transient or less full-time has less motivation to make a long-term point to the administration.
I am in network security. I have stopped shadow IT, and been a part of it.
Your situation seems so ungodly stupid and anathema to the point of IT, that the remaining courses of action should be the following.
Thoroughly document via email your attempts at explaining requirements to Netsec, to document in writing their objections, to do your best with what they provide you... and WHEN things catastrophically break, point the finger at them and thoroughly document how if you had the proper, industry-standard tooling, you could have prevented the loss of research/time/money.