Article

Secure Collaboration at Scale

by The Smartsheet Team

Summary

Companies are replacing their traditional Project & Portfolio Management (PPM) tools with Collaborative Work Management (CWM) applications to meet today’s demand while addressing how their employees work. As a result the people collaborating with internal and external collaborators at a rapid pace with data being shared instantly across the world and beyond organizational boundaries. Without proper controls, monitoring and audit this can result in data breach, losses resulting in a security nightmare. Fortunately the Smartsheet CWM platform equips an organization to secure & monitor collaboration at an enterprise level with just a few clicks. This article highlights key capabilities of the platform to enable & monitor collaboration with both internal peers and external partners. Smartsheet IT owners and Sys Admins can benefit by reviewing their Smartsheet security and governance settings to match their internal needs.

Introduction

Smartsheet offers users a dynamic platform that can scale from a single project to enterprise-wide solutions. Users on the platform can manage projects, automate manual tasks and entire workflows with access to real-time insights needed to accomplish any mission they plan to scale. Forrester1 predicts enterprises will replace their traditional portfolio management tools with Collaborative Work Management (CWM) in 2022. The number of Enterprise scale deployments has doubled2 with increase in remote and hybrid work. 

According to Forrester, “Greater agility requires more collaboration in the planning process”3. Organizations desire flexible tools to meet the needs of the modern working environment that can help employees build automated solutions and collaborate transparently4. Pervasive collaboration is only possible if it is secure. 

A Smartsheet content creator can create a wide range of solutions from a single sheet to store project data to a fully operational business application with multiple reports, dashboards & automated workflows. 

Creators may share their work directly with a peer, or collaborate with internal teams, external partners and suppliers to accomplish their goals, assign work and update their progress. Below are some of the platform capabilities that secures their work.

Identity and Access Management

Content creators would organize their solution in a Workspace*. In the simplest form of collaboration, creators can share their work directly with a peer (internally) to collaborate on the work and set the sharing level**. 

Internal users/employees who access content on the platform must establish their identity to access their content. Enterprise customers would enforce single-sign on (SSO) using the company managed authentication page (SSO) and authenticate with a Two Factor Authentication. (2FA) (optional). This ensures all assets and work products created, and accessed will be protected by company defined Identity and Access Management (IAM) tools.  And access will be automatically revoked if the employee leaves the organization. 

* A workspace provides the structure to store sheets, reports, dashboards, and templates to keep them organized. A workspace offers more functionality than a folder by enabling sharing permissions and branding (a logo and a color scheme) at the workspace-level—and a workspace can contain folders to organize assets within it. 

** There are five sharing levels in Smartsheet. The table below represents some of the tasks and permission of the user. The detailed table is available here5

Collaboration @ Scale

Internal Collaboration

Internal Collaboration can be described as collaboration across a group of peers within the organization. Some of the security controls available for Internal Collaboration include:

  1. Smartsheet groups: Organizing users into groups based on team, department and/or initiative. A Smartsheet Group Admin can add users to groups and associate groups with workspaces. Access (edit/view) can be governed across all members of groups. Policies that govern who can be admitted to a group (based on the user's email domain) can further tighten collaboration steps. Admins can limit group membership Limited to Account Users Only. When this option is selected, only users shown in the User Management screen can be added to groups by Group Admins.
  2. User Management & Sheet Access Report: From the Smartsheet admin6 page, a Sys Admin can download any user’s sheet access report. (A list of sheets shared with the user). Can revoke sharing privileges, remove a user from a group and upgrade/downgrade a user’s platform privileges. These controls can be automated using the Smartsheet User management API7 along with Event Reporting data.
  3. Event Reporting: With Smartsheet’s Event Reporting API8, admins can programmatically retrieve events that are occurring in the Smartsheet account. Events are generated with changes to collaboration like changes to Groups or updates sharing permissions in Sheets. These events can be synced with a Cloud Access Security Broker (CASB). Smartsheet Event Reporting along with Smartsheet API. The platform can be secured in real time and policies related to collaboration and sharing can be applied at scale. 

External Collaboration

External Collaboration occurs when a Sheet or asset is shared with a user outside of the organization’s Smartsheet plan. There are two more controls available for External Collaboration, besides the ones mentioned above. 

Safe Sharing List: This capability will restrict sharing to domain or by specific email addresses—for example, use it to ensure that sheets are shared only to people with a company email address or prevent sheets from being shared with certain Government domains, competitors and more.

Data Egress Policy: By enabling the Data Egress policy, admins can limit certain actions for External Collaborators. When this flag is enabled, External Collaborators will no longer be able to export sheet data i.e. publish Sheets, save as new or save as a pdf. 

Disable Publishing Feature: SysAdmin can selectively enable publishing9 of sheet, reports or dashboards to the account and can further control if these assets are available to external collaborators.

Collaboration with Control

In many scenarios a content creator may share assets but limit what an individual can see based on their identity, role or organization. With Smartsheet’s Dynamic View10, users can collaborate on the same underlying data set with granular control on what the end-user can view and edit. This feature is key in creating solutions like ticketing workflow, collecting data across multiple 3rd party vendors, Employee performance evaluation and more.

With Smartsheet WorkApps11, a user can build easy-to-navigate apps in a few minutes using Smartsheet data and external content. The app experience is tailored to each person’s role on the team, and you’ll work together from a single app using the same underlying datasets.

Roles and responsibilities

Here is a quick summary of the different Smartsheet roles discussed in this article and their responsibilities.

Conclusion

Ninety percent of Fortune 100 companies trust Smartsheet for Collaborative Work Management, Digital Asset Management and Project & Portfolio Management. The platform is constantly adapting to address tomorrow’s security challenges, market demands while giving more options to our customers to secure their data on our trusted platform. With additional tools like Enterprise Plan Manager12 (EPM) and data governance features, customers are in control of their secure journey and outcomes on our platform.

 

References

  1. Forrester - Predictions 2022: Software Development
  2. Gartner®,- "Market Guide for Collaborative Work Management", Nikos Drakos, Mike Gotta, 27 October 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
  3. Forrester - The Forrester Wave™: Strategic Portfolio Management Tools, Q1 2022
  4. The Total Economic Impact™ of Smartsheet, a commissioned study conducted by Forrester Consulting on behalf of Smartsheet, January 2022
  5. Sheet Sharing permissions - https://help.smartsheet.com/sharing-permission-levels
  6. User Management - https://help.smartsheet.com/learning-track/system-admin/user-management
  7. Smartsheet User Management API - https://smartsheet-platform.github.io/api-docs/#users
  8. Smartsheet Event Reporting API - https://smartsheet-platform.github.io/api-docs/#event-reporting
  9. Global Account Settings - https://help.smartsheet.com/articles/1159581-global-account-settings-team-business-enterprise
  10. Dynamic View - https://www.smartsheet.com/marketplace/premium-apps/dynamic-view
  11. WorkApps - https://www.smartsheet.com/platform/workapps 
  12. Enterprise Plan Manager - https://help.smartsheet.com/articles/2482433-Enterprise-plan-manager-overview