Everyone’s super concerned about security and control, but the best places I worked in were more concerned with freedom. Yes, be savvy about security, protect key assets, but “permissions oversight” about claiming an alias seems excessive.
You’ll have 1,000x more headaches and burned operational cash getting everyone to approve everyone else’s every step than handling one security incident in a decade. And even with very tight security, something will still happen. It’s best to have backups, a good restore plan, and a relaxed culture*. Or that’s what I think, anyway.
I’m in SME land though, not big tech. But then again, 99.99% companies are.
One of the biggest time sinks and "velocity" killers in BigTech, and sometimes also in MediumTech, is the need to get approval (sometimes multiple people's approvals) for absolutely everything. Often, approvers are among the most senior, busy people in the company, and "approving a dozen things" is not even top 100 on their list of things to do today. There are people who spend >75% of their time just "chasing" approvers and reminding them to please, please, please approve my Thing X so we can launch Product Y on time!
In multinational megacorps this is more or less modus operandi. I am not even mad anymore, I realized this aint malice but simply inevitable as size goes up and time passes on.
The best companies that realize this can minimize it, but its inevitable.
I feel you. I keep hearing people in software say "wild west" when they mean "absence of paternalistic bureaucratic controls."
The virtual space is locked down so so so much harder than the physical because it's "free" to automate, but the vibe is it's outrageously uncontrollable. I get it when we're talking the whole Internet, but the same group of insiders as the physical space?
> but the best places I worked in were more concerned with freedom
Sure. But if that's the case why do you even have individual email? Make everything a group email and group IM. Not allowed to send messages to a specific person; can only send messages to everyone. What would happen?
Can you see the flaw in this logic? Email isn't only for discussing work projects. It needs to be private for discussions involving HR, legal, and other personnel matters.
And every NeXT machine came with an email waiting in your inbox out of the box from sjobs@next.com complete with Lip Service voice message from Steve Jobs.
Of course you likely had no immediate way to reply to an internet email address like that at the time out of the box.
Registering an alias self-service style is fine. What's potentially problematic is changing that alias once it has become established. Please read my original comment again.
Even with the privacy concerns aside, you need individual mailboxes for reasons of maintaining organization.
I think your point would be better made if in your hypothetical, we still had individual mailboxes, but everyone could see into everyone else's mailbox.
You’ll have 1,000x more headaches and burned operational cash getting everyone to approve everyone else’s every step than handling one security incident in a decade. And even with very tight security, something will still happen. It’s best to have backups, a good restore plan, and a relaxed culture*. Or that’s what I think, anyway.
I’m in SME land though, not big tech. But then again, 99.99% companies are.
* common sense exceptions apply.