External reviews
1,085 reviews
from
and
External reviews are not included in the AWS star rating for the product.
a friendly UI to work on compliance, with acceptable automation
What do you like best about the product?
I think its interface is friendly, easy to understand and intuitive.
What do you dislike about the product?
Feature requests are not always taken into account (although I know they are compared against other clients) and the result of the review of an FR is not communicated in the best way, so that we can know the status.
However, some CSs have improved this process, but in the end, everything remains in a backlog.
However, some CSs have improved this process, but in the end, everything remains in a backlog.
What problems is the product solving and how is that benefiting you?
Maintain an optimal Security posture, which allows for streamlining business processes with new clients.
However, I must say that more work is required to minimize the efforts required in manual interventions as much as possible.
An example of this is that when I seek support to fix an issue, I am given a CSV template, which requires manually popularizing it. This doesn't make sense when you talk about automation.
However, I must say that more work is required to minimize the efforts required in manual interventions as much as possible.
An example of this is that when I seek support to fix an issue, I am given a CSV template, which requires manually popularizing it. This doesn't make sense when you talk about automation.
Intuitive Platform
What do you like best about the product?
Drata makes management of compliance as easy as possible. The hard part, once you go down this path is up keep.
What do you dislike about the product?
The amount of work required to get to compliance, in this case SOC2.
What problems is the product solving and how is that benefiting you?
SOC2 compliance helps us win more business.
A useful solution
What do you like best about the product?
Nice UI, nice cloud vendor tooling tie ins to AWS & GCP.
Easily see your IT assets and allocated users.
Useful top down view of compliance checklists all in one place.
Handy lightweight MDM solution with agents for all OSes and a web dashboard / onboarding flow for users.
Out of the box SSO/SAML IdP integrations like Google auth.
Easily see your IT assets and allocated users.
Useful top down view of compliance checklists all in one place.
Handy lightweight MDM solution with agents for all OSes and a web dashboard / onboarding flow for users.
Out of the box SSO/SAML IdP integrations like Google auth.
What do you dislike about the product?
Very limited custimization options. Because there is no way to customize user IT asset compliance rules, if you don't do things 100% the Drata way, 100% of yours users will show as non-compliant all the time, becaus there is no way to customize the ruleset Drata uses. This makes the compliance dashboard of limited value.
This is an overall theme in Drata. It's highly opinionated, so if you do things 100% their way, it works well, but if not you'll never see a complete compliance picture due to continuous false positives. This can also be seen in the cloud asset compliance checks and VCS checks. If you have no existing SOC2 apparatus, and want to use the Drata way hook line and sinker, this can work well, but if you have an existing compliance process, you'll possibly feel constrained in your ability to tailor Drata to fit.
Finally custom API integrations are rudimentary. The fact that you must open a support engineer directly to get an API key speaks to this currently being a rudimentary feature, rather than a rich API layer. We had to reverse engineer APIs and use UI tokens/sessions to automate processes, rather than the official Drata APIs to get things automated.
This is an overall theme in Drata. It's highly opinionated, so if you do things 100% their way, it works well, but if not you'll never see a complete compliance picture due to continuous false positives. This can also be seen in the cloud asset compliance checks and VCS checks. If you have no existing SOC2 apparatus, and want to use the Drata way hook line and sinker, this can work well, but if you have an existing compliance process, you'll possibly feel constrained in your ability to tailor Drata to fit.
Finally custom API integrations are rudimentary. The fact that you must open a support engineer directly to get an API key speaks to this currently being a rudimentary feature, rather than a rich API layer. We had to reverse engineer APIs and use UI tokens/sessions to automate processes, rather than the official Drata APIs to get things automated.
What problems is the product solving and how is that benefiting you?
Top down single source of compliance state and information.
Ease of compliance w Drata
What do you like best about the product?
The continuous monitoring of controls and regular updates on missing compliance
What do you dislike about the product?
They don't have international background check integrated w Checkr. Atleast they didn't have it while we were getting onboarded.
What problems is the product solving and how is that benefiting you?
It streamlines the various compliances for us, mainly SOC2 Type2 & HIPAA. Being into healthcare tech, these compliances are of utmost importance and Drata has definitely eased the process.
An easy to use compliance management software
What do you like best about the product?
Drata monitors our systems daily and raises alerts whenever something is amiss. Integrations are also seamless with many of the systems we use. It also makes audits like SOC2 easy by automating a lot of controls.
What do you dislike about the product?
Although the evidence management flow has been simplified, it can be improved further.
What problems is the product solving and how is that benefiting you?
Automated compliance checks for our systems and helping with audits.
Good system which is easy to use.
What do you like best about the product?
Automated task manager. Audit sync ability. Integrated with our HR system, need to explore other integrations to get the best out of it.
Customer support team are quick at responding and supporting the process.
Customer support team are quick at responding and supporting the process.
What do you dislike about the product?
No export option on any pages. This would make a lot easier when tracking and sharing updates with c-suite staff.
Ability to change the view, for example - tasks outstanding are in a view of by month, would be useful to have this interchangeable into a monthly calendar view (which can also be exported) so you can quickly see tasks needing focus for the month ahead.
Ability to change the view, for example - tasks outstanding are in a view of by month, would be useful to have this interchangeable into a monthly calendar view (which can also be exported) so you can quickly see tasks needing focus for the month ahead.
What problems is the product solving and how is that benefiting you?
Ensuring that we have got all policies in order and making sure these are reviewed regularly. Creating one source of the truth which is easy to share with team members for 1 quick check.
Drata allowed us to attain our SOC2 Type II attestation within 12 months
What do you like best about the product?
The vast array of integrations into cloud platforms, idenitity providers and HRIS.
What do you dislike about the product?
UI was a little buggy initially but this improved as the product matured.
What problems is the product solving and how is that benefiting you?
Allows us to spend less time managing our SOC2 controls by providing continuous compliance.
Small Startup - Fast Track to Soc2 and HIPAA
What do you like best about the product?
Very easy and straighforward to use-prepopulated policies and easy to understand progress dashboards. Lots of very easy integrations.
What do you dislike about the product?
Not as automated as I thought--but hard to imagine how much easier they could make it. I wasnt very familiar with the security process before we went through this.
What problems is the product solving and how is that benefiting you?
Drata solves a lot of the project planning, coordination and communication around getting security certifications--and does so at a fraction of the cost and effort. Its hard to put a price on how much time and effort htis saved us.
Helps me keep compliance up to date and under control.
What do you like best about the product?
The way it notifies about things that need to be improved, and the control tracking it performs on an ongoing basis along with integrations.
What do you dislike about the product?
In previous versions, the platform did not correctly perform the verification tests.
What problems is the product solving and how is that benefiting you?
The correct mapping of controls both from different frameworks and from the assigned endpoints.
Drata - easy to use and track progress
What do you like best about the product?
Drata is extremely easy to implement and more importantly, track company progress against SOC2 compliance in order to drive adoption of compliant processes & controls.
What do you dislike about the product?
Drata has been extremely valuable in our push towards compliance best practices and SOC2 compliance. While there were some employee hesitations about downloading Drata and its activity tracking capabilities, we were able to clearly explain what Drata will and will not do in terms of employee activity tracking to assuage any concerns and drive adoption across our employee base.
What problems is the product solving and how is that benefiting you?
Drata is helping us identify gaps and drive towards SOC2 compliance certification
showing 201 - 210