Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
787 reviews
from
External reviews are not included in the AWS star rating for the product.
Secureframe Simplifies Compliance and Policy Management
What do you like best about the product?
Secureframe makes SOC 2 compliance much smoother. I really like that it helps with policy acceptance for new users, assigning security training videos to new joiners, and keeping policies updated. It also tracks vendor lists.
The dashboard is clean, and the integrations with tools like AWS, Google Workspace, and Github help pull data automatically with the vulnerabilities.The Governance feature is very useful, as it shows which applications each user has access to and whether the right security options are enabled. On top of that, the asset inventory tied to the SOC 2 framework gives a clear view of systems and resources, making audits and compliance checks much easier.
The dashboard is clean, and the integrations with tools like AWS, Google Workspace, and Github help pull data automatically with the vulnerabilities.The Governance feature is very useful, as it shows which applications each user has access to and whether the right security options are enabled. On top of that, the asset inventory tied to the SOC 2 framework gives a clear view of systems and resources, making audits and compliance checks much easier.
What do you dislike about the product?
A. Sometimes the policy acceptance reminders can be a bit too rigid, and it would be great if there were more customization options for scheduling or tailoring them to different teams like :
1. Customizing the message style to match your company’s internal communication style.
2. Flexibility in sending the email as per teams
B. Having different format to export vulnerbilties apart from only CSV
1. Customizing the message style to match your company’s internal communication style.
2. Flexibility in sending the email as per teams
B. Having different format to export vulnerbilties apart from only CSV
What problems is the product solving and how is that benefiting you?
It removes the manual effort of chasing people for policy acceptance, makes onboarding new employees easier with built-in training, and helps us stay on top of access controls and vendor compliance. This saves a lot of time during audits.
Secureframe simplifies compliance management
What do you like best about the product?
The integrations and automation save a ton of time, and the dashboards make it easy to track audit readiness. Great at quickly getting your org compliant.
What do you dislike about the product?
Test overview documentation sections can offer varying levels of depth, some are more helpful than others.
What problems is the product solving and how is that benefiting you?
Helps our org stay SOC 2/HIPAA compliant
Uncomplicated SOC 2
What do you like best about the product?
Secureframe makes compliance simple. The platform is user-friendly, well-organized, and easy to navigate. Their customer service is truly outstanding—responsive, knowledgeable, and always ready to help. Highly recommend for anyone working toward SOC 2 or similar certifications.
What do you dislike about the product?
Pricing is on the higher side, but the time and effort it saves makes it a worthwhile.
What problems is the product solving and how is that benefiting you?
Soc 2 Report needed to engage with customers
Solid Compliance Platform with Excellent Integrations and Support
What do you like best about the product?
Secureframe is incredibly easy to use, even for team members who are not deeply technical. The interface is intuitive, and navigating between different compliance requirements and integrations feels seamless. Implementation was straightforward, and the onboarding process made it simple to get up and running quickly. Their customer support is exceptional, with every interaction being with someone knowledgeable, friendly, and able to provide clear answers to both platform-specific and general compliance questions. The number of features is impressive for the price, especially when compared to alternatives like Drata, and the ease of integration with a wide variety of SaaS solutions has saved us countless hours of manual work. We use the platform frequently throughout the week to check progress toward SOC 2 and other compliance standards, and it has significantly improved our ability to track and maintain our security posture.
What do you dislike about the product?
The platform is still growing, which means that while new features are added often, they occasionally come with bugs that need to be addressed. These are usually resolved quickly, but they can be mildly disruptive. The pace of changes is fast, and while that is generally positive, it sometimes introduces temporary instability. It is clear the product is evolving rapidly, and although that brings some short-term challenges, the improvements over time have been substantial.
I would love to see Secureframe introduce automated analysis for manually uploaded evidence. While I understand this can be computationally demanding, it would be an incredibly valuable feature to help ensure that the evidence being gathered is accurate and complete. The current manual upload method causes the test to pass, regardless of what is uploaded.
I would love to see Secureframe introduce automated analysis for manually uploaded evidence. While I understand this can be computationally demanding, it would be an incredibly valuable feature to help ensure that the evidence being gathered is accurate and complete. The current manual upload method causes the test to pass, regardless of what is uploaded.
What problems is the product solving and how is that benefiting you?
Secureframe is helping us centralize and automate our security compliance efforts, particularly for SOC 2 and other industry standards. By integrating with our existing SaaS tools, it reduces the manual work of tracking controls and evidence, gives us real-time visibility into our compliance posture, and ensures we stay audit-ready year-round. This saves time, reduces errors, and allows our team to focus on higher-value security and IT initiatives.
Seamless - that's a one-word review for secureframe
What do you like best about the product?
Effortless Integrations: The ability to connect with services like AWS, Azure, and GitHub provides a centralized view of our security posture. This eliminates manual checks and ensures we are always up-to-date. and tests for each integration along with details for how to pass a specific test related to a certification and shows our progress
Comprehensive Compliance Monitoring: We can easily track our progress toward key certifications like SOC 2, GDPR, and ISO 27001. The platform consolidates all the necessary information, making it simple to see our compliance status at a glance.
Streamlined Onboarding: The integration with our HR portal is invaluable. We can automate the process of onboarding new staff, ensuring they receive and acknowledge all required security and compliance information from day one.
Centralized Information Hub: The platform serves as a single source of truth for all things compliance. We can access and review important documents, manage staff information, and monitor our overall compliance status in one place.
Comprehensive Compliance Monitoring: We can easily track our progress toward key certifications like SOC 2, GDPR, and ISO 27001. The platform consolidates all the necessary information, making it simple to see our compliance status at a glance.
Streamlined Onboarding: The integration with our HR portal is invaluable. We can automate the process of onboarding new staff, ensuring they receive and acknowledge all required security and compliance information from day one.
Centralized Information Hub: The platform serves as a single source of truth for all things compliance. We can access and review important documents, manage staff information, and monitor our overall compliance status in one place.
What do you dislike about the product?
Some time status doesn't update for few connections - and it was hard to figure out what else needed to be done. For ex certain PRs would fail but we follow all instruction on the test - but doesn't update. but we can add comments and upload evidence.
What problems is the product solving and how is that benefiting you?
We used secure frame for our SOC2, GDPR compliance.
Secureframe turned our AWS evidence into SOC 2 & ISO 27001 wins
What do you like best about the product?
Secureframe makes continuous compliance in AWS straightforward. The native AWS integrations (CloudTrail, Config, Security Hub, GuardDuty, IAM, S3/RDS/KMS, etc.) light up quickly and the out-of-the-box tests map cleanly to SOC 2 and ISO 27001 controls. I especially like how evidence is auto-collected and tied to specific controls, so I’m not chasing screenshots or ad-hoc exports. The tasking and workflows keep our team focused, and the dashboards make it obvious where we’re passing, drifting, or need to remediate. Their policy templates and auditor-friendly evidence packages have made audit prep much calmer.
What do you dislike about the product?
Mostly nits. A few AWS tests can be a bit strict Initial IAM permission setup took a moment of back-and-forth to align with our least-privilege standards. None of these were blockers, and once dialed in, the signal-to-noise has been excellent.
What problems is the product solving and how is that benefiting you?
Secureframe solves the revenue, gating problem of security compliance. For the enterprise deals we pursue, SOC 2 and ISO 27001 are now table stakes. Without them, procurement won’t move forward.
SecureFrame definitely helps our SaaS Co achieve and stay compliant using less internal resources
What do you like best about the product?
Some of the things I like best about SecureFrame are the extensive resources and templates it offers, the automation of compliance tests, the ability to easily view an overview of our ISMS health, and the dedicated success manager who collaborates with our security team year-round to help us achieve certification.
What do you dislike about the product?
While there are still some missing features for tracking risks and the downloadable agent our employees use to track their laptops isn’t perfect, I’ve seen definite improvements thanks to our feedback, and despite these dislikes, I would still highly recommend the product.
What problems is the product solving and how is that benefiting you?
SecureFrame has addressed our challenges—like not having full-time security staff, missing policies, and knowledge gaps—by streamlining and automating compliance processes, which enabled our team to successfully achieve initial certification in two frameworks in under 16 months.
Smooth SOC2 Compliance with Exceptional Support
What do you like best about the product?
Secureframe made preparing for our SOC2 audit straightforward and stress free. The platform provided an easy way to centralize all required information, making it simple to track progress and stay organized. The integrations were quick to set up and worked seamlessly with our existing tools. Our Customer Success Manager, Coletta Edison, was both knowledgeable and highly responsive, providing valuable guidance that helped us complete our audit efficiently. We met with her frequently and she was so helpful every time we connected with her. The overall experience left us feeling well prepared for future compliance cycles and I expect to use it moving forward.
What do you dislike about the product?
I don't have much criticism of the product. We provided feedback along the way and I believe it is being addressed in a future update. Mainly the abililty to customize timing and followup schedules for our team's compliance acceptance and training.
What problems is the product solving and how is that benefiting you?
The main problem Secureframe solves for us is organizing our information to complete our annual SOC2 compliance audit quickly and efficiently. It's nice to have it all in one place for the future too.
Secureframe - The Magical Automation Behind Continuous Compliance
What do you like best about the product?
For me, as a cybersecurity professional concentrated in automating at scale compliance processes, Secureframe quickly emerged as an obviously impactful product that made all the messy manual steps into this smooth sailing workflow. Using the platform supported by an API-first approach, we can bring various custom scripts and other internal tools (like SIEM and PAM solutions) into the compliance framework. It has been invaluable in automating the collection of evidence for controls that do not have standard integrations (e.g., our in-house IAM system).
Accurate real time monitoring and anomaly detection are outstanding. A simple example: Secureframe flagged an accidental misconfiguration of our cloud storage permissions, which could have been access to sensitive audit logs — a vector that was not covered by any of our existing tools. Mapping controls across multiple frameworks (SOC 2, ISO 27001, NIST CSF) in one single dashboard removes the duplicates we were locked into with non-integrated spreadsheets or point solutions.
Accurate real time monitoring and anomaly detection are outstanding. A simple example: Secureframe flagged an accidental misconfiguration of our cloud storage permissions, which could have been access to sensitive audit logs — a vector that was not covered by any of our existing tools. Mapping controls across multiple frameworks (SOC 2, ISO 27001, NIST CSF) in one single dashboard removes the duplicates we were locked into with non-integrated spreadsheets or point solutions.
What do you dislike about the product?
The automation options are impressive, but the scripting interface for creating something more advanced like a custom integration does not have the extent of an IDE. Bug in complex workflows benefit request that requires some back and forth from support. Also, the ability to customize scores within the risk assessment module tying into our internal risk appetite metrics could be a bit more granular.
What problems is the product solving and how is that benefiting you?
What Secureframe Solves: Scalability and Audit Fatigue So where exactly does Secureframe come into play? We have automated 90% of evidence collection and control testing, saving more than 40% in compliance-related FTE hours annually. For reference, our prior SOC 2 Type II audit required 8 hours of prep time on our end as opposed to 3 weeks pre-Secureframe.
It is also the bridge between security and DevOps. Using Terraform support, compliance checks will now be configured to be created in CI/CD pipeline wherein before every deploy of new infrastructure, the pipeline would ensure that the proper controls are met. The shift-left approach has reduced remediation costs by 60% and changed compliance from the end-of-the-line bottleneck to a collective action.
It is also the bridge between security and DevOps. Using Terraform support, compliance checks will now be configured to be created in CI/CD pipeline wherein before every deploy of new infrastructure, the pipeline would ensure that the proper controls are met. The shift-left approach has reduced remediation costs by 60% and changed compliance from the end-of-the-line bottleneck to a collective action.
SOC2-related audit support
What do you like best about the product?
I like the user interface and ease of navigation within SF. I also appreciate the integrations with our existing applications.
What do you dislike about the product?
In some cases (e.g. Paylocity) useful integration was not possible because certain extraneous but highly sensitive personal information could not be filtered out.
What problems is the product solving and how is that benefiting you?
SF is helping us solve SOC2 compliance and related audit support. This is invaluable to enterprise clients and for best-practice governance as well.
showing 141 - 150