New security, governance, and compliance announcements from ENGAGE: ALL IN

by Chris Peake

June 8, 2021 (updated January 4, 2024)

Editor’s note: In this article, Chris Peake, VP of Information Security (CISO) at Smartsheet, shares details about our latest capabilities and partnerships, announced at ENGAGE,  that align with the evolving security, governance, and compliance needs of our customers. 

At our ENGAGE: ALL IN virtual conference, we announced some exciting product developments, including Smartsheet Advance. This new offering builds on the core functionality of Smartsheet, helping organizations automate workflows across systems, align global teams, and build business-driven solutions. It is enterprise-ready and built to unlock the true power of business: its people. 

We also announced Smartsheet Regions, our partnership with Skyhigh Security, customer managed encryption keys (CMEK), Data Retention Controls, and Enterprise Plan Manager. These security and administrative announcements build on the secure environment that we’ve maintained since Smartsheet launched over 15 years ago.

The Smartsheet platform was built from the ground up with security requirements and protocols to secure your data and give you control of user access to safely share information inside and outside of your organization. Let’s go deeper into what these announcements mean for our customers.

Illustration of a flat map with location pins

Meeting your data hosting needs with Smartsheet Regions 

We’ve heard from customers about the need to control the hosting location of their content. Their needs can include being compliant with regional laws requiring content to be hosted in-country or specific regions, meeting privacy requirements like the General Data Protection Regulation (GDPR), or satisfying data governance policies put in place to reduce the risk of exposing confidential information. This is where Smartsheet Regions come in.

Smartsheet Regions are new instances of Smartsheet located in geographic regions around the world to enable our customers to comply with data residency requirements. Smartsheet Regions will give organizations the flexibility to pick which Smartsheet Region they want their content to be hosted. 

  • At launch, Smartsheet Regions will support new accounts and work assets created in that region. 
  • Existing Smartsheet subscription accounts and assets will continue to reside in the U.S. region. 
  • Users accessing their data can be anywhere in the world and all updates including file attachments will be hosted in the specified Smartsheet Region. 

We’re launching the first new Region in Germany to serve customers in the European Union (EU) this fall, with additional Regions coming next year. We’re excited about what this means for both our customers in the EU and our global customers that have significant operations outside the US.

Illustration of a data server rack

Partnering with Skyhigh Security for out-of-the-box, hardened security

Another thing customers have requested is an easy way to identify and flag sensitive data across their entire Smartsheet environment to ensure it meets their data protection requirements. 

That’s why we’ve integrated Smartsheet with Skyhigh Security platform. This integration allows customers to add controls created by the Skyhigh Security CASB to help protect your investment and use of the Smartsheet platform. 

Additionally, you may be able to implement threat and anomaly detection along with data loss prevention (DLP) policies with your existing DLP provider to help find and remediate sensitive data violations such as sharing a healthcare record, social security number, or credit card information.

Having a multi-cloud security platform capability like Skyhigh Security enables information technology (IT) and security departments to audit how their teams are using Smartsheet to ensure compliance with data security policies while simultaneously protecting data confidentiality. 

We believe that partnerships are critical to the cloud-based ecosystem, and we are committed to  working with organizations like Skyhigh Security to provide great enterprise-grade solutions and capabilities that make data protection and overall enterprise management easier.

Illustration of a key in the center of a laptop screen

What makes the Smartsheet platform enterprise-grade?

Over the past 15 years, our teams have made Smartsheet a leading, enterprise-grade platform for work management. This means implementing critical practices and functions — trust and safety, corporate security, identity access management, DevSecOps, code reviews, physical security, security architecture, and much more — to create a solid foundation. 

And as the challenges enterprises face continue to change, we are dedicated to evolving our platform capabilities to remain one of the top enterprise-grade solutions.

At ENGAGE: ALL IN, we announced customer managed encryption keys, Data Retention Controls, and Enterprise Plan Manager. You can learn more about each of these releases below:

CMEK provide an added layer of control

Last month, we added customer managed encryption keys (CMEK) to give customers with sensitive or regulated data complete control over encrypting and accessing data within their Smartsheet environment.

With customer managed encryption keys you can monitor, grant, and revoke access to your organization’s data using keys you own and manage, that are stored outside of Smartsheet in Amazon Web Services (AWS) Key Management Service.

Advanced control over data relevancy 

We continue to innovate to ensure Smartsheet remains a trusted and secure collaborative work management platform for enterprise IT teams. As organizations expand the use of software systems, they naturally increase the amount of aging and unused data in those systems. 

In some industries, there are regulatory standards  that require companies to retain data for a specified time period. And yet other organizations want to limit discovery and delete old data. 

Finding and reducing outdated information not only helps performance, but is critical for data governance and compliance purposes. That’s why we released Smartsheet Data Retention Controls to greatly simplify the data management challenge for Smartsheet customers. 

Data Retention Controls will allow administrators to set up a policy that automatically removes sheets after either a certain amount of time or period of inactivity.

For example, sheets older than 5 years or sheets not modified in the last 6 months can be automatically scheduled to be removed from your Smartsheet environment. In addition, with Data Retention Controls, System Admins can: 

  • Select from time periods to define outdated or unused sheets.
  • Set up a policy to either include or exclude certain users for things like legal holds.
  • Notify impacted users before any action takes place, so they know which asset is scheduled for deletion and how long they have to take action.

Simplify multi-plan administration and billing

Another requirement we hear a lot from Smartsheet customers as they expand their Smartsheet usage across the organization is the ability to centrally manage multiple plans.

Customers we’ve talked with want flexibility to allow teams and departments to manage their plans and billing while enabling IT to centrally manage security and governance for the entire organization. That’s why we’re launching Enterprise Plan Manager later this summer.

Enterprise Plan Manager will give you the flexibility to manage Smartsheet the way you’re organized by letting IT centrally manage security controls while giving teams and business units the flexibility to manage separate plans. Here are some of the capabilities that will be included in Enterprise Plan Manager:

  • Admins can validate all of their domains, discover all the plans that exist across the company and add them as a managed plan.
  • Centralized settings provides the ability to create a main plan configuration that propagates to all managed plans. For example, System Admins can set up a common login across all the plans making it easy to remove access globally when an employee leaves.
  • Automated user management makes it easy to provision users and move them from the main plan to the managed plans.
  • Departmental billing by plan allows individual teams and plans to only pay for what they use and to keep costs relegated by plan.

Our success is built on your trust

We are committed to raising the bar for enterprise-grade work management platforms, and these are just a few of the new security and administrative features that are on our roadmap. Our teams will continue to work around the clock to ensure that the Smartsheet platform continues to be a secure environment, so that our customers can make their work, work for them.

To learn more about security, privacy, compliance, and availability related to the Smartsheet platform, please visit our Trust Center.