Security-first: The Smartsheet commitment to enterprise security and governance

by Chris Peake

Modern IT teams face a daunting task: provide technology that supports the workforce during a period where companies are evolving and re-evaluating how work gets done. The shift from in-person to hybrid work has revealed process and application gaps for many companies that suddenly needed to support collaboration across distributed teams. 

And with limited IT resources to oversee and control applications (thanks, in part, to the “Great Resignation”), it has become increasingly common for users to take things into their own hands. Selecting technology that solves their most pressing problems, sometimes with cursory — or even without – IT involvement. But this contributes to organizational risk as the threat landscape continues to advance, with rising numbers of ransomware, malware, and insider threats. 

In fact, recent research shows an 82% increase in ransomware-related data leaks in 2021 compared to 2020. And of course, the aforementioned rise in IT resource turnover only compounds those risks. Then you tack on the lift to ensure organizations can adhere to increasingly demanding compliance standards and regulations, and the expectations can start to feel overwhelming. 

Given these risks and complexities, security and governance must be (or become) an ongoing focus as organizations evaluate, implement, and expand their tech ecosystem. Organizations must adopt a “security-first mindset” with a focus on keeping company data protected. And this focus on security is especially important when making foundational investments in technology that will be relied on for years to come. 

Where we are and where we’re headed

When selecting a tool, it can be hard to distinguish between vendors and the level of protection their security capabilities, practices, and safeguards provide. But a strong security program doesn’t take shape overnight. To build a platform truly capable of supporting work at scale, for the world’s largest organizations, it takes a level of maturity that can only be developed and honed over time.

For more than 17 years, Smartsheet has focused on building a secure, resilient, and customer-centric platform for managing work. From the beginning, security and data integrity were fundamental building blocks, not an afterthought, with strict encryption, management, and redundancy inherent elements at the foundation of our platform’s DNA.

Since then, enterprise-grade security has remained a central consideration as we’ve built and expanded our platform and organization. And while our focus remains steadfast, the threats, landscape, expectations, and needs around these areas have continued to evolve. 

To serve the diverse community of Smartsheet customers (with varying levels of enterprise maturity), we understand that our product needs to support multiple options for security, control, and data governance. That way, every organization is empowered with the autonomy to choose  the security controls right for their business. 

To help customers determine the controls most appropriate for their needs, we recently expanded our Trust Center to provide more depth and insight into our approach and options around security, privacy, compliance, and reliability. In short, we know that trust is built on transparency, and we’re eager to share the details that underscore the Smartsheet position of leadership in security, governance, and administration within collaborative work management (CWM). 

Cloud security, at its heart, is a shared responsibility, predicated on vendors providing the options and controls you need to secure your business. But making controls available is only half of the equation. Regardless of the company in question, your organization is ultimately responsible for determining the controls you need, and then ensuring they get turned on. 

Smartsheet is committed to holding up our end of the bargain. Through continuous investment and improvement in our security and governance program, we ensure that you have the controls you need to implement Smartsheet as a core part of your tech stack. 

Security built for you

Almost every feature that Smartsheet releases is based on customer feedback, beginning with a document that defines the problem and opportunity at hand from the customer’s perspective. This ensures that we’re building capabilities that address genuine customer needs.

For instance, we heard that customers working with sensitive data wanted additional controls to keep their work safe when shared externally. That’s why we recently released Data Egress Controls, which allow administrators to prevent data from leaving Smartsheet by limiting actions like saving a new copy, publishing, exporting, and printing. With a growing number of customers in finance, healthcare, and other regulated industries, the ability to restrict export options is critical to ensuring private company data remains private.

Similarly, some of our largest customers expressed concerns about risk associated with the amount of data they store in Smartsheet, so we developed Data Retention Controls that automatically delete content using configurable triggers based on asset age or inactivity. 

Everything Smartsheet does stems from - and is for - our customers 

So what’s coming next for Smartsheet security and governance? 

This week at our annual customer conference, ENGAGE, we announced that we’re broadening access to single sign on (SSO) controls. While Smartsheet has supported SSO across account types for years, it has become increasingly common for IT teams to enforce the use of specific login methods or identity providers. 

Our goal is to provide every customer with a secure, enterprise-grade Smartsheet experience. As security standards evolve, our company will too — that’s why we’re giving business-level subscribers the ability to implement prescriptive paths that guide user behavior around Smartsheet identity and access. 

Additionally, we announced our upcoming partnership with Okta to simplify and streamline account management by integrating directly with their leading directory service. Core adjustments like these, that simplify processes around user access, provisioning, and deprovisioning, are just some of the steps we’re taking to continue to meet or exceed enterprise standards.

I often say that security is a journey, not a destination – you never cross the finish line. With this in mind, we are always looking for opportunities to deepen our security and governance capabilities, accelerate our progress, and give our customers even more controls that support enterprise work. We’re determined to continue pushing the boundaries of our platform so we maintain a reliable, resilient, and secure product that our customers can trust.

Smartsheet (NYSE: SMAR) is a modern work management platform that empowers companies of all sizes to scale and deliver value as business requirements evolve. Backed by enterprise-grade security, Smartsheet is used by more than 80% of the companies in the Fortune 500 to implement, manage, and automate processes across a broad array of departments and use cases.

Visit our Trust Center