Drata: A great tool for centralized compliance
What do you like best about the product?
Drata centralizes all of our compliance data and allows us to continuously monitor for changes. This saves our compliance team a huge amount of effort in auditing our customer-facing products and IT services. It also helps our technical/operations staff quickly identify and document changes to infrastructure.
What do you dislike about the product?
The user interface can be difficult to use. Some of the test failures are hard to interpret and diagnose, requiring jumps back and forth from Drata app to Drata docs to provider docs to certification/standard definitions, etc.
What problems is the product solving and how is that benefiting you?
It's difficult to monitor and audit the compliance of our infrastructure as it evolves to meet product needs. Drata solves this and pushes us to implement better patterns for infrastructure and software.
Excellent environment for supervising your compliance efforts
What do you like best about the product?
Intuitive UI design and excellent/close customer support
What do you dislike about the product?
The document editor might be more advanced.
What problems is the product solving and how is that benefiting you?
Decreasing the overall burden and required effort to manage compliance processes for multiple standards/frameworks.
Smooth experience with Drata
What do you like best about the product?
Drata has great customer support - I have reached out to them for help a lot of times and they have always been responsive and extremely helpful. The platform is straightforward and easy to use.
What do you dislike about the product?
I wish they had more integrations. Some of the things we use they don't have automatic integrations yet so I have to manually upload evidence.
What problems is the product solving and how is that benefiting you?
Drata is helping me organize everything we need to get our SOC2 and ISO 27001 compliance certifications done.
SOC 2 Type 2 experience
What do you like best about the product?
Continous monitoring throughout the period that allows you to fix issues as you go and you don't have stress out just before the audit starts.
What do you dislike about the product?
Sometimes the behaviour is not intuitive or consistent accross the product e.g. task view - adds task for expiring evidences that are monitored but that is not always true for resources in settings page e.g. org chart.
I would like to nore distribute the work accross the team but Drata permission model doesn't allow that though that was improved recently.
There was few shakes of trust that happend to us and we were loosing a trust to product little bit:
1. Drata agent - provide false sense of being on checked when we discovered that some HW haven't reported checks for more than 9 months which equals to situation that we hands over the PC and than have no checks
2. During the audit the auditor was claiming that he don't see evidences that were uploaded on quarterly basis which was scary given the fact that we are not backing up evidences uploaded to Drata. Thankfully it was restored with support and provided extra to auditor. But finally we don't know what was a problem as acting via middleman is clumsy. We were instructed with support to raise it that additional training will be provided with auditor. But what I think would be more appropriate and well appriciated would be auditor communicating with drata folks directly either resulting in either additional training or restoring data. The result we got are ok we survived the audit, but I have no clarity whether it was problem with the auditor or with platform and I am afraid it will be repeated next audit.
The features that would be really appriciated and are missing is measuring SLAs for offboarding where a lot of focus is during the audit.
What problems is the product solving and how is that benefiting you?
Continous monitoring and automatic evidence collection. Providing a sense of security in some aspects.
Drata Trust Center a smart way to share your company security posture
What do you like best about the product?
Apart from the main use of the Drata solution focused on compliance monitoring, the platform also provides an easy way to share with customers your company security posture thanks to the Drata Trust Center. Trust Center enablement is very easy and takes little time, moreover, the integration with Docusign is an added value.
What do you dislike about the product?
The Trust Center should have more customization capabilities, especially for the UX look and feel and the contents that may be published
What problems is the product solving and how is that benefiting you?
Once Drata is properly configured for cloud/security compliance the Trust center can be enabled with few clicks.
Solid product, helpful support
What do you like best about the product?
- Most important integrations are available and easy to setup
- Drata Agent as lightweight MDM solution
- Simple UI which gets the job done
- REST API to build custom workflows
- OOTB policy templates with guidance
- Customer support is friendly, helpful and usually quick to respond
- Trust page
What do you dislike about the product?
- While SOC 2 is well documented in the help center, ISO 27001 is not always mentioned as well.
- More integrations that could be helpful
What problems is the product solving and how is that benefiting you?
Drata is helping us building and improving processes around compliance and security, preparing us for ISO 27001.
Fairly intuitive product
What do you like best about the product?
Really helpful complimentary documentation, especially for the policies. I did need to reach out to ask for help in order to find the right sections of this documentation but now that I know where it is, super helpful (could be useful to link out in the comments at the top of each policy). The UI is simple to use and has easy link outs ot more details.
What do you dislike about the product?
I expected a formal onboarding, which was never setup or suggested. This may be because I was familiar with similar tools and had already started asking questions, indicating I was already using the platform but it felt like I just suddenly had this tool and needed to find my way from day 1.
What problems is the product solving and how is that benefiting you?
Getting our SOC2 and ensuring constant monitoring as we work to get there.
A comprehensive solution to reduce vulnerabilities and address loopholes in the infrastructure
What is our primary use case?
I was working on a project that required using ROC tools and SOC 2 compliance. To address this, we integrated with the Drata tool to reduce vulnerabilities in the infrastructure and address other loopholes. Additionally, Drata seamlessly integrated with our cloud services, including SysTrack S3 and other key creation and GuardDuty services.
Drata can identify loopholes and provide solutions for improved security. Drata secures the organisation's infrastructure, achieve SOC 2 compliance, and address HIPAA requirements. It can identify and close security loopholes proactively.
What is most valuable?
Drata is a comprehensive and informative tool that provides in-depth guidance on how to protect your infrastructure. However, it is also quite expensive and requires restarting if any loopholes are available.
What needs improvement?
The solution has a latency of three to five minutes. Also, the solution is quite costly.
For how long have I used the solution?
I have been using Drata as a customer for eight to nine months.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine-point five out of ten.
What do I think about the scalability of the solution?
We were six guys using this product.
I rate the solution’s scalability a nine-point five out of ten.
Which solution did I use previously and why did I switch?
We used Drata only because it is popular. Also, the organization supports the use of Drata for SOC 2 compliance.
How was the initial setup?
The initial setup is straightforward and user-friendly, making it accessible to anyone. If a guy starts the journey in security, this tool will help. He can quickly pick up the entire information if he has extensive knowledge about cloud services. He needs to follow the steps to use the whole infrastructure.
What other advice do I have?
It would be helpful if the solution could provide screenshots to illustrate the steps outlined. Additionally, provide a day-by-day breakdown of the tasks, addressing potential loopholes that users may encounter. For instance, if we need to address three buckets, we could tackle each bucket one day at a time. This approach would make the process less overwhelming and more manageable. Drata provides steps on how to handle low falls. To do this, you need to turn certain options on or off. You can also edit or track these points. Additionally, you can include screenshots and highlight specific areas of interest.
Overall, I rate the solution a nine-point five out of ten.
Great Tool and Support!
What do you like best about the product?
Drata helped us to stay organized and aware of deliverables for continuous compliance.
- The platform is easy to use
- Interface is friendly
- Compliance Monitoring
- Ease of Implematation
- Customer Support
What do you dislike about the product?
There isn't much to complain about.
Even though there were a minor issues with integrations, the team was still able to provide soultions to help with automated contols.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
Great at reducing work across multiple audit frameworks.
What do you like best about the product?
I like the automated monitoring to be confident that we're compliant year-round. It's also really good at providing templates for commonly needed policies, risk reviews, and more. When you start with one framework like SOC 2 and add a second in the future like ISO 27001, you won't need to gather all-new evidence; each control is mapped to all applicable standards.
What do you dislike about the product?
It's difficult to exclude some out-of-scope resources in an environment that's always changing, as exceptions are done on an individual resource basis. For example, if your AWS account has applications in scope for GDPR plus many others, they'll all get pulled into Drata and it's not easy to stay on top of the exceptions.
What problems is the product solving and how is that benefiting you?
It helps us get ready for security compliance audits. Saves hours of prep and saves time on calls with auditors by giving them a portal where they can see live status. However, it doesn't cover nearly all of what a thorough auditor will ask for, so it's not a magic bullet.
