[windexh8er]

The simple fact that you believe this is insane to me. Microsoft?Security and compliance? Ahhh, yes the north star of security!

No, you don't need either of these companies if you need a corporate stack for communication and collaboration. And anyone who believes Microsoft or Google is doing anything out of the ordinary to protect their users or data is out of the loop.

[nathanaldensr]

It's not about actual security; it's about the appearance of it. It allows CTOs and such to check a box to say "Why yes, our vendor is secure! Look at all their claims! Look at how many other companies use them!" That's it. Safety in numbers for clueless CTOs.

[hedora]

This is just the new "no one gets fired for using IBM".

We need actual liability laws for compute services at this point, and they should pass through every entity between the bits on disk and the end user.

Google disappears someone's realtor's corporate email, and it cost the agent a $100K real estate commission? Google and the employer get to pay $50K, plus damages to the customer.

Or whatever. The point is not that they'd be paying lots of these fines. The point is the cost of non-compliance and insecure setups is 1000x the cost of just doing their jobs. At that point, the bean counters would allocate another 10% to engineering, and all the easily-solved problems would disappear.

[riddlemethat]

That regulatory framework would add a lot of cost to providing online services. There would be far fewer people able to use them because companies would pass that cost to their users/customers.

[aboardRat4]

>No, you don't need either of these companies if you need a corporate stack for communication and collaboration

A lot of corporate (customer) email sevices drop email from everybody except a very short whitelist.

[windexh8er]

This is a fascinating trope since I have zero issues and host many domains on my own infra. Zero issues with either.