I use the solution in my company to apply for SOC 2 certification and to take notes on some controls that we have in AWS and other stuff.
External reviews
1,130 reviews
from
and
External reviews are not included in the AWS star rating for the product.
A little bit of work goes a long way!!
What do you like best about the product?
Drata exceeded our expectations during our SOC 2 audit. The platform’s ability to itemize all controls, paired with clear and detailed explanations, made navigating the audit process a breeze. Its integration with Microsoft 365 to automate the detection of controls added another layer of efficiency, saving us significant time and effort. On top of that, whenever we encountered something we didn’t fully understand, Elizabeth was always there and helped us resolve every issue we had. She consistently provided clarification and guidance each week, ensuring we stayed on track and felt supported throughout the entire process. Drata is an invaluable tool for simplifying compliance! Our CSM Elizabeth was great, she kept us on track throughout the entire year, she deserves a lot of credit for getting us to the finish line and I hope we continue to work with her.
What do you dislike about the product?
Not everything is as straight forward as one would think. Drata looks for specific names on things such as compliance policies in intune. If it isn't named exactly as Drata expects it to be named then it doesnt register. Not every auditor works with Drata but thats not Dratas fault. We just had to find one that did.
What problems is the product solving and how is that benefiting you?
Evidence Gathering for large scale audits
User friendly GRC platform
What do you like best about the product?
Compliance monitoring
Dashboard
simplifies audits
save time
Reduce manual efforts
Dashboard
simplifies audits
save time
Reduce manual efforts
What do you dislike about the product?
More applications or tools in connections cannot be added as per our process
What problems is the product solving and how is that benefiting you?
Audits
compliance monitoring
compliance monitoring
Drata is a great GRC product!
What do you like best about the product?
Ease of adoption, configuration, use, and most importantly its overall effectiveness of monitoring and testing your complaince.
What do you dislike about the product?
No real downsides. One critique, would be perhaps slow your role on new feature development a tiny bit and make sure you spend sprint time on quality of life development for your every day users.
What problems is the product solving and how is that benefiting you?
Build, maintain, and monitor our compliance posture.
Simplifying our ISO27001 Journey with Drata
What do you like best about the product?
Drata has streamlined our ISO27001 compliance process with its user-friendly automation and integrations. It is a great intuitive platform that greatly reduces the manual workload involved in compliance. Its automation capabilities for policy drafting, evidence collection, and monitoring make the entire process much more efficient! Plus, their customer support is truly one of the best we've ever experienced – they're always there to answer any question, no matter how small, and go above and beyond to help.
What do you dislike about the product?
While Drata is an amazing tool overall, the readiness score can sometimes be a bit misleading. It can signal that we are fully prepared when certain controls still require manual evidence to be uploaded. It would be great if there was a clearer way to indicate where manual evidence is still needed, even after the platform shows those controls as “ready.” A more transparent alert system for this would make the process even smoother!
What problems is the product solving and how is that benefiting you?
ISO27001 Compliance
The most responsive support team I've met
What do you like best about the product?
Drata automates and handles most of our ISO and SOC needs across the entire governance and compliance space for our company. It's multiple features and ease of use have been instrumental in completing our certification audits for the past 2 years. Their support team is very responsive and I've even talked with their CISO regarding one issue we had which was almost immediately resolved.
What do you dislike about the product?
In the initial setup for identity it asked for a global admin credentials to be used to set things up. This is a massive risk for any company. However, through working through their team we found a solution that exercised the practice of least privileged access and met my business needs. Needless to say, we've been very successful since that implementation.
What problems is the product solving and how is that benefiting you?
We use Drata to cover all our basis. We've implemented utilities and policies that enable our business to maintain governance and compliance across the infrastructure.
GRC engineering
What do you like best about the product?
Easy to use. Their on-demand support for platform questions is a great model. It is interactive and real-time.
What do you dislike about the product?
User Interface and Risk Management. The user interface isn't very friendly. Risk Register is pretty basic.
What problems is the product solving and how is that benefiting you?
It is monitoring your compliance controls in real time.
Drata has helped to automate our compliance and governance processes
What do you like best about the product?
Ability to track our risks w.r.t to personnel, process, infrastructure , policy and vendors - all in one place is super helpful.
What do you dislike about the product?
Not all auditors use Drata. So we need to supply the evidence manually in those cases.
Also Drata support quality can improve.
Also Drata support quality can improve.
What problems is the product solving and how is that benefiting you?
It integrates well with our cloud platform and its automation to manage the risks across people, process/policy and infrastructure/technology helps us track and remediate those risks timely. It helps with our compliance needs to met our regulations and framework requirements.
Good Repository of Policies and Procedures
What do you like best about the product?
Email notifications contain links that generally take me where I need to be. Dashboards and statuses are clear. Implemented quickly and we were quickly using it. The extra support for the first month was beneficial.
What do you dislike about the product?
As an infrequent user (a couple of times a week), I don't always remember which menu/toolbar items I need to click on if I am doing something outside of an email notification. The menu isn't always intuitive for me as to what I should click. The dashboard can be a little misleading when listing the completed task percentage - many tasks may be mostly finished but I'm not sure how to see, for example, that 20 tasks are completed and 40 tasks are 90+% done.
What problems is the product solving and how is that benefiting you?
Drata helps us ensure that our cloud product is secure. Certification will help us win contracts with larger prospects that are starting to ask for certifications completed.
Friendly to use and offers powerful functionalities
What is our primary use case?
What needs improvement?
I wish the tool were more granular with some configurations about the controls or the platforms. I don't know whether the information and the way that we share it with third parties could be made more granular, if the benefit could be done, and if it would be a fine product.
The product can improve in its API documentation area.
For how long have I used the solution?
I have been using Drata for a year and eight months. I am the solution's customer.
What do I think about the stability of the solution?
I never had any issues with the stability of the product.
What do I think about the scalability of the solution?
I was impressed the first time using Drata because you could put all the data that you have in all across all the platforms over there. Drata tells you how good or bad you will be for applying for those certifications. I rate the tool's scalability a nine out of ten.
In the cybersecurity team, three or four people used to use the tool. The rest of the team used only the agents in their laptops.
How are customer service and support?
I didn't use the solution's technical support a lot, but when I had to, it was great. I had no problem. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The product is really expensive. I remember that my company used to pay 25,000 USD to use the product, but I can recommend it to those who have no team and still need a certification, evidence or anything related to such areas. The product's cost is really high, but it is a powerful tool.
What other advice do I have?
Impact of the product on your company's security posture management has been great because we had a team of three people in the security part, and I was their technical leader. In our company, we have a CIO and an operations team. We have only three people on the team, and Drata helps us to increase and enhance the maturity of our controls and evidence for future auditing and other compliance assessments.
With the automated evidence feature of the product, we connected all our platforms, like Amazon, and then we connected with GitHub Enterprise to get information about the outbound application. Data has a control panel for third parties so that they can read or know what controls are working and how, which is a breaking advantage for such a tool.
The product is 100 percent friendly to use.
I rate Drata's integration capabilities as an eight out of ten.
If I have ten people with Excel and fully commit to write the controls, then maybe we won't require Drata. If you have a small team, and you want to hurry up with things in your company, Drata is the perfect solution.
I rate the tool an eight out of ten.
Drata Makes Compliance Easy
What do you like best about the product?
Drata made it easy to migrate to their tool. Between dedicated onboarding support, easy to use features, and well written documentation, I was able to get started very quickly.
Drata's prebuilt integrations make life easier. I was using a lot of manual scripting to generate inventories and perform basic configuration checks, and Drata automated that all away.
Drata has a ton of small features that you don't know you need until you have them:
- A vendor inventory tool with the ability to attach security documentation and complete structured reviews of third-party audit reports.
- An evidence library that supports one-off evidence tasks and recurring evidence for whatever period you want.
Drata's prebuilt integrations make life easier. I was using a lot of manual scripting to generate inventories and perform basic configuration checks, and Drata automated that all away.
Drata has a ton of small features that you don't know you need until you have them:
- A vendor inventory tool with the ability to attach security documentation and complete structured reviews of third-party audit reports.
- An evidence library that supports one-off evidence tasks and recurring evidence for whatever period you want.
What do you dislike about the product?
As someone who is very particular about how I want my compliance program to work, I want to be able to customize every aspect of a tool. There are some areas where I can't quite customize as I'd like, however Drata has recently introduce some interesting features around building custom monitors.
What problems is the product solving and how is that benefiting you?
A compliance program has a lot of moving parts. Drata helps keep all of it organized, letting you know what needs to be done and when. This frees up a lot of time and saves me from a ton of manual work.
showing 131 - 140