The paradox of governing user autonomy

by Chris Peake

April 30, 2024

At its best, technology empowers people: helping them to work more efficiently, collaborate from anywhere and with anyone, and gain access to insights and knowledge, instantly. These capabilities rely on the ability to access, share, and use data. The potential to collaborate is growing exponentially, but data – whether it’s highly regulated or not – is just as business-critical to protect.

As a result, IT departments find themselves in the seemingly paradoxical position of expanding access to information while also protecting it from ever-evolving threats. In today’s fast-paced business environment, IT is tasked with figuring out how to give users the autonomy to use technology and data to solve business problems without having to ask permission and get the IT department involved every time.

There’s a new urgency to solve these challenges. Hybrid work means more people are accessing data from more places than ever. The rise of AI promises to transform the workplace, but raises new questions about security and governance. Complex environments with many data storage locations have become the norm.

With these pressures in mind, it has become more critical than ever to adopt practical tools and strategies for data governance that free users to work efficiently and securely. The right approach enables empowerment and data protection to reinforce one another, and to exist in greater harmony than ever before. Here’s how Smartsheet balances autonomy and governance for the data-driven enterprise:

Improving visibility through technology

The tools you choose have a significant impact on the user experience. In the past, many organizations saw this as a zero-sum game, with degrees of freedom granted to users taking away from the overall security posture.

Today, with the evolution of security best practices, a nexus of security capabilities that provide the best of both worlds has emerged. In Smartsheet, Role-Based Access Control (RBAC) grants permissions based on job responsibilities rather than individual requests. This simplifies work for users while reducing the administrative burden on the IT teams of our customers. A fundamental principle for our platform is “trust, but verify.”

By using a combination of Event Reporting and Security Incident and Event Management (SIEM) tools, Smartsheet admins can consolidate information on platform usage into one location. SaaS solutions with event monitoring integration, like Smartsheet, offer the best of both worlds: easily managed cloud services with robust protection that provide admins with the visibility to ensure user behavior adheres to specific organizational requirements.

Establishing guardrails on data going out, and data staying in

A crucial step in protecting your organization’s data is to set data governance guardrails. This starts with having a strong organizational policy, but also requires tools that allow you to implement those written policies into the actual product. The end goal is to get data protection guardrails established early, so that your users can easily collaborate and share using the tool.

Governance controls in Smartsheet allow system admins to customize their organization’s requirements for compliance and data governance. These controls provide expanded governance capabilities that make it easier to set and enforce policy restrictions. Data egress policies restrict actions that allow data to leave your Smartsheet account, and data retention controls automatically delete assets, per your set policy, to ensure that only current and relevant data is saved.

Trust through partnership

When you have partners you can trust, you can achieve higher levels of compliance and security while increasing your focus on what truly matters to your business. To help you make a partnership decision based on trust, it’s important to consider transparency and values.

A provider shows good faith when they provide documentation in straightforward language and are willing to proactively engage with your people to clarify any questions or gaps upfront. A good partner will also proactively provide you with best practices and recommendations that will help improve usability and security of their service, and back up their stated values of trust and security with actions and practices.

This is a huge part of the daily responsibilities for me and my team at Smartsheet. We build security into our platform to ensure that your most valuable asset — your data — is protected every step of the way. Whether we’re consulting directly with IT leadership for a customer or working with industry-recognized hosting partners, it’s all about ensuring that you can deliver services to your organization confidently on a platform you can trust.

Data governance that frees users to work efficiently and securely

As organizations embrace technologies that connect distributed workforces and expand access to data, the imperative grows to balance autonomy and security. Smartsheet strikes that balance by providing visibility while automating policy enforcement, meaning IT leaders can securely unlock innovation and empower users while keeping data safe and secure.

Learn more about the security and governance capabilities of Smartsheet.