Why Modern Businesses Need Enterprise Grade Security

Kicking off our series of Six Five Media at Smartsheet ENGAGE with host Keith Townsend, who is joined by Smartsheet’s Chris Peake, CISO & SVP, Information Security. Their conversation covers why modern businesses require enterprise-grade security, the evolving landscape of enterprise security, the impact of AI on cybersecurity, and the future trends IT leaders should prepare for.

Their discussion covers:

  • The definition of enterprise-grade security and its critical significance
  • The future of responsible AI and its implications for CISOs today, along with the opportunities it presents
  • Major AI-related threats in enterprise technology and other significant threats businesses must anticipate
  • Market trends in the security domain as observed by a CIO and the developments anticipated in the near to mid-term future
  • Chris Peake’s personal favorite feature in Smartsheet and how it enhances security measures

Learn more at Smartsheet.

Transcript

Keith Townsend: All right. All this activity in the background, all 4,000 people-strong is Smartsheet ENGAGE US 2024. You’re watching coverage from Six Five Media. I’m joined with the Chief Information Security Officer of Smartsheet, Chris Peake. Chris, welcome to the show.

Chris Peake: Thank you. Well, thanks for having me, Keith. Appreciate it.

Keith Townsend: You know, Chris, I have to say this user community is unlike any other that I mentioned, very passionate about the technology. You’ve been a Smartsheeter for how long now?

Chris Peake: Four years.

Keith Townsend: Four years.

Chris Peake: Yeah.

Keith Townsend: Does it surprise you? You’ve been in technology, I assume, your entire career?

Chris Peake: Yes, I have, and it does surprise me, actually. I mean, I think that it’s kind of an amazing thing when you see this kind of enthusiasm around software. I mean, let’s be honest, that’s not the most exciting thing on the planet, but yes, to have this kind of passion. I think what it really comes down to is having a capability, a software that actually enables people to do their daily job better. And it’s incredibly powerful, I think, and we see it here today.

Keith Townsend: You know, one of the amazing hallway track conversations I’ve had is about people talking about how Smartsheet has enabled and changed their careers. I asked, “Under what circumstance would you consider another product?” A woman actually told me she’d change jobs, well, if they tried to take Smartsheet from her. So you worked in information security and information security is not known as something that speeds up processes.

Chris Peake: True.

Keith Townsend: So talk to me about the philosophy of information security at Smartsheet.

Chris Peake: Yeah, and it’s a good point, right? I mean, I think security traditionally is a hindrance. It slows things down, at least that’s the way people think of it. I like to think of security as an enabler. This is a capability and a series of capabilities and controls that actually allows data to be protected, information to be protected, which actually should enable and facilitate collaboration. So it should actually open up those boundaries, as opposed to locking it down. Of course, you have to be careful there’s regulation, but what we’re building in our philosophy here at Smartsheet is to make sure that we empower and enable those users, but do it in a way that’s secure. So secure collaboration should enable people to work more effectively.

Keith Townsend: So from Mark to Ben, product leader and CEO of Smartsheet, they’ve used this term enterprise-grade. When I think of enterprise-grade security, but look at the vast majority or vast range of Smartsheet customers all the way down from companies with a handful of employees, so I talked to one company, 800,000 employees worldwide, what does enterprise security mean to that wide range of users?

Chris Peake: Yeah, and I think enterprise-grade is one of those terms that gets thrown around a lot. When I’m talking with customers what they tell me is enterprise-grade really means the ability to protect information at scale, which means, as you said, whether it’s a team of five or an organization of 800,000, that the technology should be able to scale. So we look at it from a how do we layer in security? How do we build those capabilities? How do we give administrative function to the folks that are administrating the platform to manage the users across that entire spectrum? So that’s what enterprise-grade is, and I think it’s really about a collection of security controls and capabilities throughout that application. So it’s not just one thing, but that’s what we strive for. We’re trying to figure out all those bits and pieces. We’ve made some announcements this week that are super exciting about hopefully unlocking more of that potential.

Keith Townsend: Yeah. Well, you mentioned the word collections, but you weren’t talking about the collection feature-

Chris Peake: No.

Keith Townsend: … and we’ll get into that in a minute. But AI has been a big theme of this conference.

Chris Peake: Yes.

Keith Townsend: I’ve talked to customers that are using AI for simple formula transformations, and as an AI assistant to customers who are super-excited about the integration with Q, to one customer that’s using AI to do scheduling for a huge, massive workforce. As we think about AI and the friction and the caution that folks are going to, what is Smartsheet’s philosophy around security in AI?

Chris Peake: Yeah. You might imagine that this is an area I’m spending a lot of time on right now, both from… Because we’re not only a cloud service provider, we’re also a cloud consumer. So I look at this from the perspective of how am I protecting even Smartsheet’s information internally? But AI, I mean, gosh, this is going to be something that we are… You know, right now, it seems new. I think it’s going to be just woven into everything we do in our personal and business lives in the future. So right now, it’s incredibly exciting, but also a little bit scary, honestly, from folks like in a security standpoint who are worried about how do I keep this data protected and private. There’s a lot of those concerns.

So I think there’s a bit of how do we have this conversation around AI today in a way that actually facilitates the use and adoption, but also ensures that it’s protection? So our philosophy is really one of responsible AI, and what we mean by that is we know going into this that we wanted to build a capability that would protect customer data. So right upfront, it’s a commitment that we don’t use customer data to inform our models, and something that our chief product officer says often is we actually don’t want to use customer data because it could actually impact those models. So it’s a delicate balance of making sure that we give customers capability that’s relevant to their use within Smartsheet, but also reassuring them and ensuring them that it’s going to stay protected and safe.

Keith Townsend: So much security is training and informing and making end users aware. It’s really interesting about this show that most of the attendees are end users. This isn’t actually the IT crowd. But you’re a CISO, and your job is to make sure that these business line users and administrators are aware of some of the security concerns around AI. What are some of the concerns and the things that customers should look out for over the next year?

Chris Peake: Yeah, I think it’s the awareness of and, again, this is not just Smartsheet, right? AI is going to be infiltrating every kind of software we use, which is a good thing. I think it’s being aware of what those controls are around those products. How is the information used when you ask a question into one of these language models? Where is that going? How is it being used? So I think it’s really just an awareness. So as employees, as users start adopting these capabilities and trying them out and practicing with them, just understanding where that data is going. And we’re trying to do as much as we can to inform and educate people as they use AI within Smartsheet about how they can benefit from it, but also reassure them, and as I said before, is that it’s still safe. This is still protected. This is your information. It’s not going anywhere else.

Keith Townsend: So we still have to provide speed of feature or-

Chris Peake: For sure.

Keith Townsend: … stay on the cutting edge. You know, I can do incredible things with the LLMs that’s available to ChatGTPs of the world. I can take that data out of, export it out of Smartsheet, put it into a general purpose LLM. I shouldn’t. You folks are still on a cutting edge of enabling AI, as I’m looking at things like Amazon Q. How should I think about these native integrations over kind of this gorilla access to AI?

Chris Peake: Yeah. No, the native integrations have extreme power because it’s specific to the information in the environment you’re operating. So within Smartsheet, if our users are asking AI about the capabilities, the information in a sheet and a dashboard, it gives them information specific to that data. And then the broader gorilla AI, if you will, that broader context, it doesn’t have that information. So it’s kind of making more general assumptions about information that it does have within the model. So I like this ability and we’re going to see a lot of it in the coming days, months, years, where the products that have AI built in, it’s very focused on the information within that product, within that platform, and there’s incredible power there. It can be very specific, and it can really harness not just the information, but the capabilities of the product.

Keith Townsend: You know, one of the things that we’ve been afraid of is this ability for users to go against the guardrails when it comes to AI. Had a really interesting conversation with the product team yesterday and came up in the conversation as we’re talking about Amazon Q integration and security and guardrails. One of the things that we haven’t actually talked about and discussed is the ability to use these AI systems to actually enforce and test policy. Any thoughts around how you can use these tools to actually enforce policy?

Chris Peake: Oh, that’s what I’m waiting for. I think it’s going to be really exciting. Yeah, right now we are very focused on the end user. How do we empower and enable them? And this is not just Smartsheet. I think it’s across the board. It’s looking at those opportunities to enable the user to get the information that they want. What I’m excited about is the smaller group of folks, the IT admins, the security folks that are going to be asking broader questions about where is this type of data in the environment? How is it protected? How many people have been shared to this sheet or this dashboard? How do I control that information? I think there’s a lot of capability within AI that’s going to help the security and the IT professionals in our space. So I’m kind of waiting. I know we’re not first up as far as our prioritization, but I’m super excited about it.

Keith Townsend: All right. And I don’t know if this will be the last question, but what’s your favorite feature of Smartsheet?

Chris Peake: Oh, wow. Okay. So I love Smartsheet. I was a user of Smartsheet before I came to Smartsheet. My wife and I used it to manage the contractors who were remodeling our home.

Keith Townsend: I’m about to build something-

Chris Peake: … food for thought, food for thought, nice timelines we use, very helpful.
And my team within Smartsheet, we use it every single day to manage our security programs. So everything from monitoring risk to vulnerabilities, we actually track it so we use a lot of the features, so hard for me to pick a single thing. But I will say I’m super excited about something that we’re getting ready to release, but there’s some talk of it here at the conference. We’re calling it Security Hub, and this is a capability within the admin center. So it’s for admins within the platform that’ll show them what their security settings are currently for their plan and gives them a quick ability to toggle and turn on security features. One of the challenges that we’re seeing is not, well, there’s so many SaaS capabilities out there today. Not everyone is informed of what the security is within those products. So we’re trying to make it easier for folks to find those security features and enable them so they have a more protected experience within the product.

Keith Townsend: And one of the things I’m finding is users are discovering ways to bypass not just IT, but system integrators and using AI to create formulas or simply ask, “What does this mean? What’s a token? What is a single sign-on?” What are you excited about around the abilities of AI to improve security, not just for the administrator, but for the-

Chris Peake: Everyday user? Yeah. Well, as you said, there’s a huge education component. So just being able to ask, “What is this SSO thing,” right? Like, “What is single sign-on?”

Keith Townsend: Yeah, the acronym-

Chris Peake: “Why do we care about it?” Yeah. “What’s this multi-factor authentication?”

Keith Townsend: Microsoft Office? What-

Chris Peake: Yeah. So I think there’s a huge opportunity of just education, like letting folks know what these things are, how they can be used. But when you make it more product-specific, like what should I be using for, let’s say, an organization of 800,000 people, you’re trying to figure out what should I be doing within Smartsheet that would help improve the security of our collaboration across our, I don’t know how many thousands of, customers or partners, whatever they have, that can be really powerful, even just as a user of a product to understand how should I be doing this the right way? So the guardrails that you talk about, most of the time the users are not aware of them. If they can ask a question, say, “Hey, what am I… guardrails here within this product? I want to share with my partner over there. How do I do this in the right way according to our policies?” Huge power right there.

Keith Townsend: And we’ll be talking about collections and one of the next features, and this idea of being able… This is a new, powerful abstraction. How do I deploy it in a secure manner would be a great segue to that. All right. I’m pretty excited for the rest of Six Five Media coverage of ENGAGE 2024. 4,000 stories, not just attendees, 4,000 stories of how Smartsheet is transforming business processes, whether we’re talking about AI, general collaboration, getting work done. Chris, thank you for joining me on today’s program.

Chris Peake: Oh, thank you, Keith. This has been great. I’m looking forward to the rest of the conference.

Keith Townsend: All right. Chris Peake, I’m Keith Townsend, stay tuned for more coverage from ENGAGE 2024.

Other Categories