Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
993 reviews
from
External reviews are not included in the AWS star rating for the product.
Simplified Multi-Framework Compliance
What do you like best about the product?
Our SOC 2 and HIPAA control mapping was launched not in weeks, but days. AWS logs auto-collected for us, taking the drudgery out of grep/kubectl; and I'm sure as heck not going to ask anyone to save me chat logs anymore when we suddenly needed an audit trail courtesy of our vendors. Questions about the overlap of GDPR and HIPAA were also answered by customer support in a day or so, even if they were nuanced. Yesterday we replaced our (clunky) SAML workflows to use it daily for access reviews and training compliance.
What do you dislike about the product?
Limited in Report Export: Reporting is less flexible and allows for only a single custom export. And though most integrations are smooth, a couple tools that you need to run on-prem (anyone still have a physical asset tracker tool?) requires manual uploads.
What problems is the product solving and how is that benefiting you?
We are now multiple weeks ahead of audit prep — Secureframe transparency throughout the dev process kept us accountable as a team. Cut security questionnaire response time by 60% and flagged misconfigurations early.
From Overwhelmed to Audit-Ready in Weeks
What do you like best about the product?
From an IT Manager perspective that has to manage SOC 2 & ISO 27001, the automated workflows from Secureframe saves us hundreds of hours. 90% of the evidence collection was done leveraging the Azure AD/GitHub integrations while the Policy Library acted as a head start.Support team guided us through tedious custom architecture setups. There is just no alternative to the dashboard that performs the real-time gap analysis.
What do you dislike about the product?
The onboarding process was seamless, albeit intensive — a few teams needed their hands held. Some on-prem systems (like our on-prem asset tracker) have no such native integration so they require CSV upload.
What problems is the product solving and how is that benefiting you?
SOC 2 was required by enterprise contracts, but we had no full-time security employees. Secureframe took care of 70% of the work for us, we accelerated sales cycles and we gained round-the-clock visibility of compliance.
Eliminated Compliance Chaos
What do you like best about the product?
For me, by working with Secureframe and using the automated evidence collection (in particular for Jira & Google Workspace) what was previously a SOC 2 compliance nightmare became pretty much a hands-off experience. We were very excited about the pre-built policy templates which would save us weeks of work, and also a dashboard that other products offer for tracking gaps in real time. We had one small problem with setting up GitHub, which we solved in a few hours (thanks support!) The platform is user-friendly — somuch to the extent that even non-technical executors can view compliance status without any intervention from IT.
What do you dislike about the product?
Mobile experience is sluggish Want a more simple way to go in admin mode on my smartphone. The downside is that contextual alerts are vague, they do not tell you much; you need to click through several timeframes. They still require you to manually upload your evidence in some tools (e.g. our currentHR system) but the team are working on more wider integrations.
What problems is the product solving and how is that benefiting you?
Instead of always audit scrambling we did it in a manner suitable to be "audit-ready" at all time so cut our electron-to-electron time back down. Our sales cycle also improved as we are instantly proving our compliance and making sure the security posture is perceived well — all 24/7.
Seamless - that's a one-word review for secureframe
What do you like best about the product?
Effortless Integrations: The ability to connect with services like AWS, Azure, and GitHub provides a centralized view of our security posture. This eliminates manual checks and ensures we are always up-to-date. and tests for each integration along with details for how to pass a specific test related to a certification and shows our progress
Comprehensive Compliance Monitoring: We can easily track our progress toward key certifications like SOC 2, GDPR, and ISO 27001. The platform consolidates all the necessary information, making it simple to see our compliance status at a glance.
Streamlined Onboarding: The integration with our HR portal is invaluable. We can automate the process of onboarding new staff, ensuring they receive and acknowledge all required security and compliance information from day one.
Centralized Information Hub: The platform serves as a single source of truth for all things compliance. We can access and review important documents, manage staff information, and monitor our overall compliance status in one place.
Comprehensive Compliance Monitoring: We can easily track our progress toward key certifications like SOC 2, GDPR, and ISO 27001. The platform consolidates all the necessary information, making it simple to see our compliance status at a glance.
Streamlined Onboarding: The integration with our HR portal is invaluable. We can automate the process of onboarding new staff, ensuring they receive and acknowledge all required security and compliance information from day one.
Centralized Information Hub: The platform serves as a single source of truth for all things compliance. We can access and review important documents, manage staff information, and monitor our overall compliance status in one place.
What do you dislike about the product?
Some time status doesn't update for few connections - and it was hard to figure out what else needed to be done. For ex certain PRs would fail but we follow all instruction on the test - but doesn't update. but we can add comments and upload evidence.
What problems is the product solving and how is that benefiting you?
We used secure frame for our SOC2, GDPR compliance.
How Secureframe Reinvented Our Audit Management
What do you like best about the product?
We hired manager of security (thus de-facto COO—same thing) who gave us an offer he could not refuse: to compare and sign the contract with Secureframe on our company behalf. Automated evidence collection and real-time compliance dashboards cut 80% of pre-audit scrambling. Our auditors used to spend weeks onsite and this has now been reduced to, only a couple of days as everything's pre-organized and verified.
What do you dislike about the product?
Reporting is not as customizable (eg, for executive board presentations), and sometimes the API rate limits are a bottleneck when you have very large audits that result in lots of data pulls/offloads.
What problems is the product solving and how is that benefiting you?
Your review tool help reduced finding you by 65%, audit preparation cost saved of 40% Secureframe Bolsters Compliance-as-Operational Risk For Pytorch COOs Protect Your Artificial Intelligence
Secureframe turned our AWS evidence into SOC 2 & ISO 27001 wins
What do you like best about the product?
Secureframe makes continuous compliance in AWS straightforward. The native AWS integrations (CloudTrail, Config, Security Hub, GuardDuty, IAM, S3/RDS/KMS, etc.) light up quickly and the out-of-the-box tests map cleanly to SOC 2 and ISO 27001 controls. I especially like how evidence is auto-collected and tied to specific controls, so I’m not chasing screenshots or ad-hoc exports. The tasking and workflows keep our team focused, and the dashboards make it obvious where we’re passing, drifting, or need to remediate. Their policy templates and auditor-friendly evidence packages have made audit prep much calmer.
What do you dislike about the product?
Mostly nits. A few AWS tests can be a bit strict Initial IAM permission setup took a moment of back-and-forth to align with our least-privilege standards. None of these were blockers, and once dialed in, the signal-to-noise has been excellent.
What problems is the product solving and how is that benefiting you?
Secureframe solves the revenue, gating problem of security compliance. For the enterprise deals we pursue, SOC 2 and ISO 27001 are now table stakes. Without them, procurement won’t move forward.
SecureFrame definitely helps our SaaS Co achieve and stay compliant using less internal resources
What do you like best about the product?
Some of the things I like best about SecureFrame are the extensive resources and templates it offers, the automation of compliance tests, the ability to easily view an overview of our ISMS health, and the dedicated success manager who collaborates with our security team year-round to help us achieve certification.
What do you dislike about the product?
While there are still some missing features for tracking risks and the downloadable agent our employees use to track their laptops isn’t perfect, I’ve seen definite improvements thanks to our feedback, and despite these dislikes, I would still highly recommend the product.
What problems is the product solving and how is that benefiting you?
SecureFrame has addressed our challenges—like not having full-time security staff, missing policies, and knowledge gaps—by streamlining and automating compliance processes, which enabled our team to successfully achieve initial certification in two frameworks in under 16 months.
The Compliance Platform That Finally Speaks Both Tech and Business
What do you like best about the product?
We are currently using Secureframe so I can have real-time compliance visibility for both SOC 2 and HIPAA while still being able to more easily report up the chain. It has even flagged nearly a dozen critical vulnerabilities before they could be exploited
What do you dislike about the product?
To better support these specialized frameworks like FedRAMP, more flexibility is needed and additional procurement system integrations would help streamline some of the vendor risk management process.
What problems is the product solving and how is that benefiting you?
Slashed board reporting time by 60%, cut M&A due diligence times in half, and saved over $150k/year on audit costs & improved our security posture all at the same time. This turns compliance from an overhead to a competitive advantage for tech leaders.
Secureframe is the SCA for cloud compliance the industry has been missing
What do you like best about the product?
Secureframe has drastically altered the way we think about audits as a cloud security engineer who works directly on multi-cloud compliance (AWS, Azure, GCP). Its native CSPM integrations automatically map cloud resource configurations to compliance controls (SOC 2, ISO 27001, CIS Benchmarks), and outputs near-zero false positives. Like, it detected an S3 bucket with unintentional public write access — one that our own scripts missed and one that would have resulted in a finding against us during the last audit.
Terraform has introduced the Compliance as Code, and it is nothing less than revolutionary. We now include the Secureframe validation checks in our IaC pipelines and those checks fail the deployment process if certain policies are broken like using unencrypted EBS volumes or overly permissive IAM roles. It has led to a 75% decrease in cloud misconfigurations pre-production using this shift-left approach.
The auto-remediation workflows save dozens of engineering hours for evidence collection. In the event that Secureframe identifies a non-compliant resource (i.e. unpatched EC2 instance) it can automatically trigger Lambda functions to auto-resolve or escalate via Slack — reducing our mean time to remediation (MTTR) from 48 hours down to less than four.
Terraform has introduced the Compliance as Code, and it is nothing less than revolutionary. We now include the Secureframe validation checks in our IaC pipelines and those checks fail the deployment process if certain policies are broken like using unencrypted EBS volumes or overly permissive IAM roles. It has led to a 75% decrease in cloud misconfigurations pre-production using this shift-left approach.
The auto-remediation workflows save dozens of engineering hours for evidence collection. In the event that Secureframe identifies a non-compliant resource (i.e. unpatched EC2 instance) it can automatically trigger Lambda functions to auto-resolve or escalate via Slack — reducing our mean time to remediation (MTTR) from 48 hours down to less than four.
What do you dislike about the product?
The multi-cloud dashboard would be able to provide a better representation of the various compliance gaps across providers (eg: Azure NSGs vs. AWS Security Groups) Today we still have to use some hacks with custom Ionic tags. The Kubernetes compliance module is also very new and we found that it does not offer sufficient coverage of custom admission controllers or Istio policies (we needed to provide extra evidence on those fronts manually).
What problems is the product solving and how is that benefiting you?
1. Preventing Compliance Drift in a Dynamic Cloud:
The problem was the traditional tools couldn't keep up with our ephemeral environments. Everything from a new VPC, container or serverless function is continuously evaluated in real-time against various compliance frameworks as soon as anything gets deployed.
2. Audit Preparedness Without Toil:
Nothing was requested in our last SOC 2 audit – everything was already conveniently organized and versioned ready for auditors via Secureframe. Which reduced the audit timeline by 3 weeks.
3. Unblocking Engineering Teams:
Uses developers no longer cycle on compliance tickets, With Secureframe's self-service portals and automated approvals, they can now enforce security policy before deploying; cutting down their friction by 90%.
The problem was the traditional tools couldn't keep up with our ephemeral environments. Everything from a new VPC, container or serverless function is continuously evaluated in real-time against various compliance frameworks as soon as anything gets deployed.
2. Audit Preparedness Without Toil:
Nothing was requested in our last SOC 2 audit – everything was already conveniently organized and versioned ready for auditors via Secureframe. Which reduced the audit timeline by 3 weeks.
3. Unblocking Engineering Teams:
Uses developers no longer cycle on compliance tickets, With Secureframe's self-service portals and automated approvals, they can now enforce security policy before deploying; cutting down their friction by 90%.
Bridging DevOps and Compliance Without the Headache
What do you like best about the product?
Why it resonated with me I am also a DevOps engineer and compliance is where i usually get pulled in so the fact that Benchee actually made some sensible integrations with Terraform / GH Actions / API-first design, felt refreshing. This means the same kind of language around security requirements that would also be easy to represent to developers — for example, auto-remediating misconfigured S3 buckets. The ease at which this could be plugged in into our CI/CD pipeline meant that it was not too arduous for any individual engineer. Customer help knows of the technical debt and even helped us to configure controls for our kubernetes clusters.
What do you dislike about the product?
Deeper in the doc for custom integrations can use more webhook options to trigger external workflows. Too much compliance jargon in UI leading engineers to confusion — I need more “DevOps mode” with normal language.
What problems is the product solving and how is that benefiting you?
It removed the wall between DevOps and compliance where you could not throw it over. We now bake controls into the deployments, Puts less of a burden on retroactive fixes. For example, we have halved our mean-time-to-remediation by gaining real-time visibility into cloud vulnerabilities.
showing 221 - 230