Today I did my first advanced spreadsheet on LibreOffice after switching to Linux, and it handled itself pretty well. I had to search for some features on the web at first, but after I got it down, I felt comfortable using it. Also, LibreOffice’s default menu layout is not pretty, but I can find all of the functions with just a click, unlike MS Office’s ribbon menu where I had to click around to find what I was looking for. Sorry for bad English.
That may be true for Discord but for FOSS products the security concern is the attack surface (more to patch).
Like I said to the other commenter, if they say no they should have to justify that (in written form, argued, with points), even if the reason you want it is familiarity with the tool, workflow speed ups, or it has a nicer UI. Make them work harder if they say no, and make it really clear you will go away quietly if they say yes.
I do think that companies asking users to use standard tools so they can build processes and training materials is reasonable. Using other tools means more attack surface, it means more updates, more documentation, less familiar people and it means more risk.
Also assuming your company is like most and forgets to document everything
alongside the crucial processes, if you know how to do something and tie it to a FOSS product instead of say excel, they won’t be able to hire a grad that can work for cheaper and do the thing half as well.My point is it does do something for them, but not as much as they think. They didn’t pay for the office suit for you to not use it. However, if you don’t need it, they can also stop paying for it. Justification is important. So is making ITs life difficult by making them justify decisions.
Bypassing them makes the incident response team’s life difficult, not ITs.
Have you worked somewhere before? Yeah, they should, but they won’t. It’s easier and cheaper to say no to everything unless there’s a serious tangible business reason that you need to use it, at which point they’ll look into it.
My company has rejected a bunch of stuff with the only reason being “Security Risk” with no further reasoning provided when asked. It’s super aggravating.
I’m sorry your team is like that, they should do better. I get along with my company IT team, obviously working close with them has benefits, but we have a lot of oversight and executive support so giving two word answers isn’t a thing where I work, they have to give a written justification etc.
In the same sense that not everyone works where I do, not everyone has assholes in IT who deny everything. Neither of our experiences are default and I was trying to write for someone in-between. Apologies if it didn’t come across that way.
There are businesses who don’t allow spotify on the corporate device, for sure. I saw a talk delivered by a guy who did. He worked for a mining company, they wouldn’t let people install things and were inundated with policy violations. He had to change the entire company culture around who IT were, and started by letting people make install requests for apps they wanted to use. They just tracked the requests so they knew who had what, and by helping, they could be selective about where the software came from.
When people don’t have IT as a support and see them as a regulator, they don’t work with them and bad shit happens. This dudes mining company was hit, also with ransomware (this one worked), because the CFO had local admin since he didn’t want to talk to IT.
My point is
a. they should be helping in this instance. Sorry they don’t, that’s frustrating to hear. Work culture is hard to change and I’m lucky with where I do work and the culture we have.
b. don’t bypass security controls regardless. Sorry. It’s still not the answer. If work makes you do things a slower or more annoying way, that’s their time lost. HR will throw you under the bus for the policy violation.