Beyond Signal: Why Unsanctioned Apps Pose a Critical Enterprise Security Risk

A Gartner report predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT’s visibility, a surge from 41% in 2022. The report also highlights that the rise in shadow IT indicates the growing risk of cyberattacks because of poor governance and a lack of visibility into unauthorized applications.  

The Signal data breach involving US government war planning communications dramatically illustrates this vulnerability even for some of the most heavily regulated and secure organizations. In late March 2025, classified documents shared on an encrypted messaging platform not approved for official communications were exposed, compromising sensitive national security information. This was on top of the addition of an external user who should not have access to such sensitive conversations and data.

While this high-profile incident captured headlines, similar security risks stemming from unsanctioned app usage and careless oversharing occur daily across organizations of all sizes and levels of maturity. Every unauthorized app creates a potential security gap in your defense perimeter, particularly in highly regulated industries where stakes are exceptionally high.

This blog post examines why unsanctioned apps pose significant risks and analyzes recent breaches resulting from shadow IT. It also provides actionable strategies to strengthen your security posture while maintaining employee productivity.

The Signal Breach: A High-Profile Example of a Common Problem

In March 2025, classified war planning documents were compromised after US government officials used Signal – an encrypted but unauthorized messaging app – for sensitive discussions. Despite Signal’s strong encryption, bypassing official secure channels created a critical vulnerability that was ultimately exploited. There was no governance or control limiting who could be invited to a sensitive conversation. Not only did these privileged individuals invite an unauthorized journalist to view such conversations, but Signal’s own encryption also caused issues with auditing and compliance with laws like the Federal Records Act. Indeed, shadow IT often leads to multiple or compounding risks and policy failures.  

This mirrors a common issue in organizations: employees favoring convenient, familiar tools over approved systems and applications. In this case, the breach didn’t just expose data — it jeopardized strategic operations, endangered lives, and strained diplomatic ties.

More alarming is that this incident reflects a broader enterprise risk. Across sectors, especially in regulated environments, unauthorized app use undermines data security, compliance, and trust, turning convenience into a potential catastrophe.

Unsanctioned Apps: The Hidden Security Risk in Plain Sight

Shadow IT refers to technology resources used within an organization without explicit IT department approval or knowledge. A 2023 Gartner report revealed that 69% of employees knowingly bypassed cybersecurity guidance, representing the ongoing risk of the prevalence of using shadow IT.

Employees turn to unsanctioned apps for several compelling reasons:

• Workflow efficiency. Official tools may involve complex approval processes or lack features employees need to perform their jobs efficiently.
• Familiarity. Staff often prefer consumer applications they already use in their personal lives rather than learning new enterprise systems.
• Perceived security. Ironically, some employees mistakenly believe that consumer-grade encrypted messaging or file-sharing tools offer better security than corporate solutions.
• Process circumvention. When facing IT restrictions that impede workflow, employees create workarounds using readily available consumer applications.

The consequences of these seemingly innocent choices can be severe. Unsanctioned apps create unmonitored data repositories outside enterprise governance frameworks, bypass security controls designed to protect sensitive information, and introduce vulnerabilities that security teams cannot address because they’re unaware of their existence.

In highly regulated industries like healthcare, finance, and government, these risks are magnified by strict compliance requirements and the sensitive nature of the data being handled. Each unsanctioned app represents not just a security vulnerability but a potential compliance violation carrying significant financial penalties.

Want to know how your organization can enhance its data security posture? Learn how to streamline DSPM and safeguard your data. 

Case Studies: When Unsanctioned Apps Lead to Major Breaches

These case studies reveal major breaches from unsanctioned app usage. They demonstrate how unauthorized apps can circumvent security controls, resulting in severe financial, reputational, and national security impacts.

• The Uber Breach

In September 2022, Uber experienced a significant security breach when an attacker successfully compromised their systems through a combination of social engineering and unsanctioned communication channels. The attacker initially contacted an Uber contractor via WhatsApp – not an officially sanctioned channel for security communications – and convinced them to accept a multi-factor authentication (MFA) push notification.

This social engineering attack succeeded partly because the communication occurred outside Uber’s monitored channels. Had the interaction taken place on approved platforms, security systems might have flagged the suspicious communication. The breach exposed internal systems, including the company’s HackerOne bug bounty program and various internal databases.

The financial impact of this breach included incident response costs exceeding $10 million and significant reputational damage affecting Uber’s stock price and customer trust.

• The Pentagon Discord Leak

In April 2023, classified US military documents related to the Russia-Ukraine conflict appeared on Discord, a platform primarily designed for gaming communities. Air National Guard member Jack Teixeira allegedly shared these documents with a small group on the platform, from where they spread more widely.

Discord was not an approved channel for discussing or sharing classified information. The breach occurred because sensitive information migrated from secure, monitored environments to an unsanctioned platform lacking appropriate security controls. The national security implications were severe, potentially compromising intelligence sources and military operations.

• Other Common Scenarios

These high-profile cases represent just the most visible instances of a pervasive problem. More common scenarios include:

• Financial analysts sharing sensitive market data via personal email accounts to facilitate work from home
• Healthcare professionals taking screenshots of patient records and sharing them through messaging apps for consultation purposes
• Legal teams using personal cloud storage for document sharing when official systems seem too cumbersome
• Engineers using unauthorized collaboration tools containing proprietary code and intellectual property

Each scenario represents a bypass of security controls that gives rise to significant organizational risk, particularly in regulated industries with stringent data protection requirements.

Steps Organizations Can Take to Address Unsanctioned App Risks

Addressing shadow IT requires a balanced approach that acknowledges legitimate employee needs while maintaining security standards. Organizations should consider these strategies:

1. Implement comprehensive discovery processes. Deploy tools that continuously scan your network to identify unsanctioned apps and services. Visibility is the essential first step — you cannot secure what you don’t know exists.
2. Establish clear communication policies. Develop and communicate explicit policies regarding approved communication channels and applications. Ensure these policies explain the “why” behind restrictions to encourage compliance.
3. Provide compelling alternatives. Rather than simply blocking unsanctioned tools, offer approved alternatives that provide similar convenience and functionality. The best defense against shadow IT is official IT that meets user needs.
4. Conduct targeted security training. Educate employees on the specific risks associated with unsanctioned apps, using real-world examples that resonate with their daily work. Make security personal by highlighting how breaches affect both the organization and individual employees.
5. Take a risk-based approach. Not all unsanctioned apps pose an equal risk. Prioritize addressing high-risk applications handling sensitive data rather than attempting to eliminate all shadow IT simultaneously.
6. Deploy automated data protection. Implement data loss prevention (DLP) tools that monitor and protect sensitive information across approved channels, creating a safety net even when policy violations occur.

These strategies work most effectively when implemented as part of a cohesive security program rather than as isolated initiatives. By addressing both the technical vulnerabilities and the human factors driving unsanctioned app usage, organizations can significantly reduce their risk exposure.

Robust Data Governance Secures Your Future

The Signal breach highlights a broader issue: the rising risk of unsanctioned app usage as employees prioritize convenience. Technical solutions alone aren’t enough. Reducing shadow IT requires a balance of strong security controls, intuitive tools, and clear policies. Combine data guardrails with a culture of security awareness, and you empower employees to work smarter without compromising safety. In today’s threat landscape, this is your strongest defense.

Take the first step towards robust data security, governance, and resilience today! 

By Shyam Oza

Shyam Oza brings over 15 years of expertise in product management, marketing, delivery, and support, with a strong emphasis on data resilience, security, and business continuity. Throughout his career, Shyam has undertaken diverse roles, from teaching video game design to modernizing legacy enterprise software and business models by fully leveraging SaaS technology and Agile methodologies. He holds a B.A. in Information Systems from the New Jersey Institute of Technology.

View all posts by Shyam Oza