Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Email is often "production data" -- it contains personal data, IP, business relationship information and so on. Sending an email from an @coinbase.com is certainly a production action.

It is only fairly recently that locking people out of the office didn't implicitly remove their access to email, memos, letters and so on.



This is true, but most institutions like Coinbase don’t have customers email employees.

Customers email something like “support@domain.com” and that routes to a ticketing system (eg Zendesk), not to people.

And, the vast majority of employees don’t directly interact with customers either.

Well designed controls deliberately keep PII data out of general purpose systems like email, drive sharing, dev ticketing, etc

I agree that the remote move introduces new risks, but those should be minimized by the existing controls in place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: