There is a serious issue with Podio and its inability to restrict access to different types of users. Here are two examples that illustrate the problem.
1) If I am an account contract owner, paying monthly or annual fees for the number of employees within my employee network. I should be able to control the level of access that each of those users have within podio. For example, an employee should not be able to create a private workspace, share that space with clients and make that workspace inaccessible to the contract owner. If external users are not allowed to create workspaces within your organization why shouldn't an account owner be able to grant the same level of access to downstream employees.
2) If a workspace is created and one or two apps within that workspace are intended for just a few of the users, then an account admin (contract owner) should be allowed to restrict visibility of that app to only the members who are approved to see its contents. The only option to do this now is to create or clone a new private workspace with a couple of apps needed to be seen by a limited subset. Then however, we run into the issue above that not all employees should be able to clone an app into a new workspace without the contract owner having visibility.
This seems like a basic feature that should be standard, but it also presents a huge data security risk to the organization owner and incentivizes them to only invite people from outside the organization (via email domain) even IF they are actually employees.