Download Link Removed from Backup Emails
Hi Community,
To further protect your Smartsheet environment, we are removing the link which previously directly downloaded files from the backup service.
The backup service allows licensed users to generate a one time or scheduled backup of a workspace, as well as generating backups of folders and sheets. Any user with viewer permissions or higher can generate a one-time backup, users must have Admin or Owner permissions to generate recurring backups of workspaces.
Previously, after the backup process, the backup service would send an email notification to the user with a link to download a zip file containing all sheets, comments, and attachments. To protect against this link being forwarded to individuals without the correct permissions, we will instead include instructions in the backup email of how to download your backup and previously generated backups from within Smartsheet.
You can learn more about this change here.
You can also stay informed by subscribing to receive product release updates for curated news of recently released product capabilities and enhancements for the platform of your choosing, delivered to your inbox. As new releases occur, you will receive a weekly email with news of what's released every Tuesday.
Best,
Danielle Wilson
Product Marketing Manager
Danielle W.
Product Marketing
Smartsheet
Comments
-
Hi @Danielle Wilson - I appreciate this step up in security. One question on accessing the backup: Does it matter WHEN a user becomes Admin or Owner of a workspace in order to access the backup? Scenarios:
- The owner of the backup (Admin or Workspace Owner) forwards the email to someone who is not an Admin or Owner… and we update their security to become Admin or Owner of the workspace (post-backup)
- The owner of the backup is out sick or wins the lottery… and IT reaches into their email and forwards the email to someone who is not an Admin or Owner… and we update their security to become Admin or Owner of the workspace (post-backup)
Thanks!
-
@Scott Peters Good question! Since you'll have to go in-app to see & download the backup now, it should only matter that the person is an owner or admin when they go into that part of the interface, not when the backup was generated.
Danielle W.
Product Marketing
Smartsheet
-
Hi @Danielle Wilson,
We created scripts that read the email and then downloaded the recurring backups to our servers, which as you can imagine removed any manual intervention.
With this step up in security, we are back at manual activities. Do you have advice how we could maintain our process of automated downloading of the backups.
Your prompt reply is highly appreciated.
================================================
"Nothing is impossible. The word itself says 'I'm possible!'"
-
We have a similar process. With the recent change, it now requires manual steps to download the backups.
-
So many extra clicks! Not liking this "enhancement". On a side note, if I wanted to forward a backup, I should be able to. If I can add my name to the list to revert this back to the old way, please add me!
-
@Danielle Wilson, I’d greatly appreciate a response to my question.
One of Smartsheet’s biggest strengths is how it empowers companies to make processes and tasks more efficient. However, this recent change feels like a step back in managing and processing backups, introducing complexities that weren’t there before.
Would it be possible to enhance the API to allow for automated backup downloads? This adjustment could significantly ease the burden on users and ensure continued efficiency. Any response or guidance from Smartsheet on this matter would be highly valued.
================================================
"Nothing is impossible. The word itself says 'I'm possible!'"
-
This change has introduced a really tedious work flow for a security issue that didn't exist in my organisation. I'm guessing whoever created this "fix" has never been responsible for downloading all the back up files every week. It also changes workflows in terms of how many workspaces are desirable to use. Is there an opt out?
-
I am not happy with this change. We should have the option to forward the emails if we want to. What used to take me 10 seconds to do now takes minutes. This "upgrade" has been anything but. I would like to Opt Out if possible. I do not consider this an improvement as you have now created more work for me.
-
I also dislike this change. It was much quicker and easier before. Automated downloads of the backup would be preferable. I understand the added precaution, but it seems this should be a company opt-in/opt-out security feature and not globally applied to all organizations.
Another related question: is it possible to easily view and/or revert to a previous backup within smartsheet? (By this I mean viewing it in the Smartsheet environment as originally created.) If not, do you have this on your backlog, and can I track the progress of it?
Thank you for the post.
-
Hi all! Thank you for your feedback - I've been passing it along to our security team and here's what I've heard back from them as they look into options to help you maintain your workflows:
Smartsheet is committed to protecting the data that our customers store within our platform, and to continually improving our platform’s security.
Email is an inappropriate transport mechanism for sensitive data and links, and email-based delivery of links can expose your data to malicious activity, where bad actors may attempt to impersonate the organization or trick users into disclosing sensitive information. To further secure your data, we have moved away from sending direct download links over email. This approach minimizes risk, keeping your backup data within Smartsheet’s controlled environment and reducing exposure to potential data theft or misuse.
We understand that this change has broken automations that currently rely on exposing the backup link within email, and that the change has caused disruption to previously-functioning workflows. Breaking existing customer workflows was not our intent when performing this change. We are working with several customers to identify a workable solution to meet this business need, and will communicate any customer-validated resolution paths.
Danielle W.
Product Marketing
Smartsheet
Categories
- All Categories
- 14 Welcome to the Community
- Smartsheet Customer Resources
- 64.1K Get Help
- 412 Global Discussions
- 221 Industry Talk
- 459 Announcements
- 4.8K Ideas & Feature Requests
- 143 Brandfolder
- 141 Just for fun
- 58 Community Job Board
- 461 Show & Tell
- 31 Member Spotlight
- 1 SmartStories
- 299 Events
- 38 Webinars
- 7.3K Forum Archives
