You're missing the point. In non-production environments a large user base (eg developers, etc) have direct access to the database as needed for development.
In production environments, they do not.
This is exactly why data masking technologies exist. To mask/transform production data in non-production to that non-production has meaningful data but not REAL data
I'm certain all 37s employees have access to the production database anyway; they're still a fairly small company.
The only real additional risk here is running non-production code against live data; e.g. the risk of a feature branch sending extra email to customers. Given the nature of their products this is probably manageable, assuming they don't run batch jobs (via eg. resque)
Fair enough, but if they were large enough to require that sort of privilege separation, then the entire post would make a lot less sense. Furthermore, I think the target audience has the same demographics; relatively small companies where the development team is also the production team.
Thanks for the reference to data masking; it should be more common.
In production environments, they do not.
This is exactly why data masking technologies exist. To mask/transform production data in non-production to that non-production has meaningful data but not REAL data