"We use Gmail for email and Google Groups for lists."
"What we have today works pretty well for our current size—around 45 people."
So if I can manage to get the Google authentication credentials for just one of Stripe's 45 employees, I can get access to the vast majority of Stripe's email? I hope they require two factor authentication.
Yes, we do require two factor auth, and we're very stringent about laptop security generally. We're pretty cognizant that, even at a less open company, compromising any employee can generally be used to obtain a surprising amount of sensitive company information.
In light of this issue, what have you done to restrict the amount of harm that even a trusted employee can do? I'd be happy to learn that after a suitable time period for disputes, literally no employee would be able to provide any demographic info related to a particular charge. You can't harm my customers if you don't have access to their data.
Yikes. I was just skimming HN before a meeting to talk about how we are going to handle payment flow. Literally just put a huge question mark next to Stripe on my list now.
A compromised employee machine will always cause problems. (Just look at Google, the New York Times, etc.) We're obviously careful about what goes in email, and I think the open-by-default policy largely makes the security properties of email clearer. (I.e., don't put sensitive material here.)
"What we have today works pretty well for our current size—around 45 people."
So if I can manage to get the Google authentication credentials for just one of Stripe's 45 employees, I can get access to the vast majority of Stripe's email? I hope they require two factor authentication.