That may be true for Discord but for FOSS products the security concern is the attack surface (more to patch).

Like I said to the other commenter, if they say no they should have to justify that (in written form, argued, with points), even if the reason you want it is familiarity with the tool, workflow speed ups, or it has a nicer UI. Make them work harder if they say no, and make it really clear you will go away quietly if they say yes.

I do think that companies asking users to use standard tools so they can build processes and training materials is reasonable. Using other tools means more attack surface, it means more updates, more documentation, less familiar people and it means more risk.

Also assuming your company is like most and forgets to document everything alongside the crucial processes, if you know how to do something and tie it to a FOSS product instead of say excel, they won’t be able to hire a grad that can work for cheaper and do the thing half as well.

My point is it does do something for them, but not as much as they think. They didn’t pay for the office suit for you to not use it. However, if you don’t need it, they can also stop paying for it. Justification is important. So is making ITs life difficult by making them justify decisions.

Bypassing them makes the incident response team’s life difficult, not ITs.