External reviews
External reviews are not included in the AWS star rating for the product.
Great platform, exceptional support
What do you like best about the product?
I like the customer support aspect the best -- Andrew, our assigned customer success rep has been super helpful with our on-boarding process. the platform is relatively straightforward and easy to use -- all for a great price!
What do you dislike about the product?
Maybe there is a way to streamline the policy documents a little bit more -- to me, that was the longest part of getting on-boarded on the platform - if there is a place I could suggest some improvement - that might be it -- we are a super small, early stage startup - having some guidance and an easier way to create the policy document could be great
What problems is the product solving and how is that benefiting you?
We need to be soc 2 type 2 compliant -- and for a small company with limited resources, we need a fair bit of hand holding to get there. Drata provides that with , along with a dedicated customer success agent to help you along the process
- Leave a Comment |
- Mark review as helpful
Amazing Support; Maturing Functionality
What do you like best about the product?
Our client success manager has really made our experience with Drata worth it. He is quick to reply with training and information, and when he doesn't have the answer, he finds it out. On a couple of items where Drata is unable to meet our needs, he hasn't ghosted us or left us in the dark--he has been honest and straightforward, which is an undervalued virtue when bearing bad news (more info on that in the next question).
What do you dislike about the product?
The AWS integration currently does not support access to our GovCloud region within the VPC. They are currently studying the regulations around this type of architecture, and I am assured that it will be supported in the future. They simply must do their due diligence--that's a good thing.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
What problems is the product solving and how is that benefiting you?
So much is automated, and this is our first SOC 2 Type II audit, so I can't really say what life would be like with versus without Drata, but our CPA firm did provide a discount price on the audit when we told them we are using Drata as our readiness platform. The integrations are helpful, and either help us know where we can improve or affirm that our security controls are properly configured.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
Recommendations to others considering the product:
Referring back to my two issues, Drata is not yet mature enough to easily handle:
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
Helped de-mystify a complex process
What do you like best about the product?
Drata is an easy-to-use platform that clearly breaks down the requirements for SOC II compliance and more. Their platform specifically laid out who needed to do what to get us moving.
What do you dislike about the product?
I'm pretty happy with the platform to date.
What problems is the product solving and how is that benefiting you?
We are working towards SOC II compliance which can be a daunting task for a first-timer. Having a tool like Drata helps to scope, plan and even assign the work needed to get us on the path towards compliance.
A very impressive SOC 2 compliance platform with amazing service
What do you like best about the product?
Very good pre-defined policy templates, comprehensive solutions, excellent customer service (Alex), fantastic UI/UX, very configurable
What do you dislike about the product?
So far, I haven't found it to be lacking in anything that we need.
What problems is the product solving and how is that benefiting you?
No problems so far
Superior to Vanta
What do you like best about the product?
The UX and the tech are excellent! The staff is even more so. I've had all my questions & suggestions responded to quickly and helpfully. I was even given a direct connection to the software team to address features and functionality relevant to our organization. They do a fantastic job at Drata!
What do you dislike about the product?
Nothing so far; if there's a feature I request, they're either already working on a solution, or they send to their product team and I get regular updates from our account rep.
What problems is the product solving and how is that benefiting you?
Streamlining security & compliance controls to prepare & maintain SOC 2.
Drata makes SOC 2 prep much more streamlined.
What do you like best about the product?
Centralized policy management, automated compliance checks
What do you dislike about the product?
There's no way to exclude a group of items from an automated check with the same reason.
What problems is the product solving and how is that benefiting you?
Drata has helped us prepare for our SOC 2 audit. By having all policies centralized as well as integrating employee policy acceptance/acknowledgment, we have significantly reduced the overhead of managing this data. The automated monitoring of controls also simplifies gathering evidence for an audit.
An interactive team and an effective tool
What do you like best about the product?
Drata makes it easy to manage testing of automated and custom controls, provides a smooth employee onboarding and document review process, and has a very communicative team that helps answer any questions promptly.
What do you dislike about the product?
At this time, we haven't run into any problems that Drata has not addressed.
What problems is the product solving and how is that benefiting you?
We're using Drata to track and manage our SOC2 certification process.
Efficient, intuitive, and timely
What do you like best about the product?
The web interface is intuitive and covers all of our needs. We were able to integrate with all the key tools in our tech stack as well. Our contact was super helpful and responsive. We were able to meet often enough that the project was always moving forward.
What do you dislike about the product?
The Microsoft Azure integration setup was a little tricky, but the Drata dev team helped us get it sorted out.
What problems is the product solving and how is that benefiting you?
We were able to get our SOC2 audit completed in a reasonable time frame and now have an automated monitoring system set up which enables us to keep up with our security compliance state in real-time.
Easy to use for small businesses
What do you like best about the product?
The API access (that would help with integrating non standard services) and mapping between framework specific requirements and controls in place weighed a lot in our decision making. The architecture of the service and CISO leadership were important factors too when we decided to go ahead with Drata.
The responsiviness and knowledge of the support team was highly appreciated. The user experience is appreciated by the entire team.
The responsiviness and knowledge of the support team was highly appreciated. The user experience is appreciated by the entire team.
What do you dislike about the product?
I found the cost higher than some of the competition, especially for small teams like ours. Some minor aspects: I would've loved to easily see the diffs between different versions of the policies managed through Drata, especially custom policies, and the ability to review the permissions for each of the integrations I would enable during onboarding ahead of time.
What problems is the product solving and how is that benefiting you?
Reduce the time it takes to prepare for a SOC 2 audit.
Nice fit for startups and small companies
What do you like best about the product?
Policy Templates, solid monitoring and automation
What do you dislike about the product?
Custom control capabilities are light. HIPAA compliance mapping is not yet available.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
showing 761 - 770