Smartsheet Safeguard: Empowering customers by bridging control and convenience

by Chris Peake

January 23, 2024

There is an outdated assumption that when a business chooses to work with a software platform, they sacrifice some control for convenience compared to self-managed systems. This is especially true for those in regulated industries and for companies handling sensitive data.

Now, it’s commonly known that optimized software solutions provide unmatched reliability, security, and resilience – often surpassing in-house capabilities. Smartsheet encompasses a variety of robust security features, ranging from strong authentication (i.e. multi-factor authentication and single sign-on) to role-based access controls. These standardized capabilities allow organizations to achieve best practices for data security.

More control over crucial security features like encryption keys, event monitoring, and data egress has lowered the barrier for organizations working with sensitive data and regulated industries to better enable work with SaaS partners. Thoughtful implementation with software partners can eliminate the trade-off between control and convenience. Smartsheet Safeguard is a collection of our most powerful security capabilities, on top of our standard features, to help protect and manage customer’s data in Smartsheet that makes that thoughtful implementation of our platform possible.

Every day, our customers use Smartsheet to do incredible, often mission-critical work. Let’s dive a little deeper into the Smartsheet Safeguard capabilities that are keeping that work safe and secure.

Ultimate data control with customer-managed encryption keys 

Encryption is a crucial aspect of many SaaS services, and Smartsheet takes this very seriously. We securely store all customer data in Smartsheet using National Institute of Standards and Technology (NIST) and Federal Information Processing Standards (FIPS) approved ciphers, transport layer security (TLS) technology, and AES 256-bit at-rest encryption. Additionally, we use Amazon Simple Storage Service (Amazon S3) for storing and serving uploaded files. Smartsheet manages the required encryption key, typically using a service like Amazon Key Management Service (Amazon KMS). We restrict access to production systems and data in Smartsheet to only authorized Technical Operations team members based on need-to-know and least-privilege principles.

Some highly regulated organizations need an additional level of control over their data, such as those in the financial or healthcare industry. With Smartsheet Safeguard, customers can opt for Customer-Managed Encryption Keys (CMEK), in which you directly manage your encryption keys in Amazon KMS. Revoking or destroying the master keys renders the data inaccessible to anyone.

Controlling data movement with data egress policies

Storing data in the cloud simplifies collaboration, making critical information accessible across locations and devices. The primary defense against unauthorized data sharing is user authentication. Single sign-on and multifactor authentication help administrators keep data secure.

Smartsheet Safeguard contains additional core capabilities to provide enhanced visibility and control over your data, like data egress policies, which are crucial for customers with stricter data governance requirements. These take security further, controlling how data exits an application, like saving, sending, or exporting information from its source. In our platform, you implement this with a simple checkbox and exclusion list, allowing control over specific actions for both internal and external collaborators.

SMAR data egress policy


When enabled, these controls provide data governance guardrails when using sensitive data. While not foolproof, they offer extra assurance in keeping your data secure. Smartsheet also provides guidance within the platform regarding when a user tries to perform a restricted action, educating them about security policies so they understand why certain measures are in place.

Maximizing visibility with event reporting

Detailed event reporting for daily operations becomes crucial in heavily-regulated industries like finance, government, or healthcare. Detailed tracking ensures compliance with strict data policies and supports precise monitoring and auditing. In these sectors, access to extensive logs of application activities over months is essential, offering the transparency and accountability required for navigating complex regulations.

The Event Reporting capability as part of Smartsheet Safeguard meets these demands through integration with Cloud Access Security Brokers (CASBs) and Security Information and Event Management (SIEM) systems, relying on partnerships with specific vendors. It provides a comprehensive JSON feed of events, covering a wide range of activities like item creation, edits, and downloads. This feature suits the needs of regulated industries, offering compatibility with major CASB systems like Splunk, Skyhigh Security, and Microsoft Cloud App Security (MCAS), simplifying event monitoring and analysis for better data management.

Managing data retention to reduce risk

There’s an old adage in security: the more data you house in a system, the more risk a system is exposed to. The purpose of a data retention policy is to mitigate that risk by setting limits on how long data can be stored. By removing unused content from their account, a customer is lowering their risk profile. Often, this is set by an industry’s regulatory body. For example, healthcare organizations are required to adhere to data retention requirements as established in the Health Insurance Portability and Accountability Act (HIPAA).

With the data retention controls available as part of Smartsheet Safeguard, customers can automatically delete assets to ensure only current, relevant data is stored. Policy conditions can be customized to the organization's best practices and requirements. Admins have visibility into a running list of content that has been deleted, and content owners are notified before a scheduled deletion in case the content should continue to be stored.

Smartsheet governance controls for data rentention

Bridging control and convenience

Through Smartsheet Safeguard, you gain security and control of data at every stage of its journey. Features such as CMEK, data egress policies, and data retention policies in Smartsheet equip organizations with enhanced control over their data. Enhanced event reporting and integration with Cloud Access Security Brokers (CASBs) and Security Information and Event Management (SIEM) systems give companies the flexibility to adopt visibility and control mechanisms that suit their needs.

These developments help organizations balance their needs for security and operational efficiency. Learn more about Smartsheet Safeguard through an in-depth look at these capabilities in our Whitepaper: Unpacking Smartsheet Safeguard, or by contacting our team.