Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
1,157 reviews
from
External reviews are not included in the AWS star rating for the product.
Seamless - that's a one-word review for secureframe
What do you like best about the product?
Effortless Integrations: The ability to connect with services like AWS, Azure, and GitHub provides a centralized view of our security posture. This eliminates manual checks and ensures we are always up-to-date. and tests for each integration along with details for how to pass a specific test related to a certification and shows our progress
Comprehensive Compliance Monitoring: We can easily track our progress toward key certifications like SOC 2, GDPR, and ISO 27001. The platform consolidates all the necessary information, making it simple to see our compliance status at a glance.
Streamlined Onboarding: The integration with our HR portal is invaluable. We can automate the process of onboarding new staff, ensuring they receive and acknowledge all required security and compliance information from day one.
Centralized Information Hub: The platform serves as a single source of truth for all things compliance. We can access and review important documents, manage staff information, and monitor our overall compliance status in one place.
Comprehensive Compliance Monitoring: We can easily track our progress toward key certifications like SOC 2, GDPR, and ISO 27001. The platform consolidates all the necessary information, making it simple to see our compliance status at a glance.
Streamlined Onboarding: The integration with our HR portal is invaluable. We can automate the process of onboarding new staff, ensuring they receive and acknowledge all required security and compliance information from day one.
Centralized Information Hub: The platform serves as a single source of truth for all things compliance. We can access and review important documents, manage staff information, and monitor our overall compliance status in one place.
What do you dislike about the product?
Some time status doesn't update for few connections - and it was hard to figure out what else needed to be done. For ex certain PRs would fail but we follow all instruction on the test - but doesn't update. but we can add comments and upload evidence.
What problems is the product solving and how is that benefiting you?
We used secure frame for our SOC2, GDPR compliance.
How Secureframe Reinvented Our Audit Management
What do you like best about the product?
We hired manager of security (thus de-facto COO—same thing) who gave us an offer he could not refuse: to compare and sign the contract with Secureframe on our company behalf. Automated evidence collection and real-time compliance dashboards cut 80% of pre-audit scrambling. Our auditors used to spend weeks onsite and this has now been reduced to, only a couple of days as everything's pre-organized and verified.
What do you dislike about the product?
Reporting is not as customizable (eg, for executive board presentations), and sometimes the API rate limits are a bottleneck when you have very large audits that result in lots of data pulls/offloads.
What problems is the product solving and how is that benefiting you?
Your review tool help reduced finding you by 65%, audit preparation cost saved of 40% Secureframe Bolsters Compliance-as-Operational Risk For Pytorch COOs Protect Your Artificial Intelligence
Secureframe turned our AWS evidence into SOC 2 & ISO 27001 wins
What do you like best about the product?
Secureframe makes continuous compliance in AWS straightforward. The native AWS integrations (CloudTrail, Config, Security Hub, GuardDuty, IAM, S3/RDS/KMS, etc.) light up quickly and the out-of-the-box tests map cleanly to SOC 2 and ISO 27001 controls. I especially like how evidence is auto-collected and tied to specific controls, so I’m not chasing screenshots or ad-hoc exports. The tasking and workflows keep our team focused, and the dashboards make it obvious where we’re passing, drifting, or need to remediate. Their policy templates and auditor-friendly evidence packages have made audit prep much calmer.
What do you dislike about the product?
Mostly nits. A few AWS tests can be a bit strict Initial IAM permission setup took a moment of back-and-forth to align with our least-privilege standards. None of these were blockers, and once dialed in, the signal-to-noise has been excellent.
What problems is the product solving and how is that benefiting you?
Secureframe solves the revenue, gating problem of security compliance. For the enterprise deals we pursue, SOC 2 and ISO 27001 are now table stakes. Without them, procurement won’t move forward.
SecureFrame definitely helps our SaaS Co achieve and stay compliant using less internal resources
What do you like best about the product?
Some of the things I like best about SecureFrame are the extensive resources and templates it offers, the automation of compliance tests, the ability to easily view an overview of our ISMS health, and the dedicated success manager who collaborates with our security team year-round to help us achieve certification.
What do you dislike about the product?
While there are still some missing features for tracking risks and the downloadable agent our employees use to track their laptops isn’t perfect, I’ve seen definite improvements thanks to our feedback, and despite these dislikes, I would still highly recommend the product.
What problems is the product solving and how is that benefiting you?
SecureFrame has addressed our challenges—like not having full-time security staff, missing policies, and knowledge gaps—by streamlining and automating compliance processes, which enabled our team to successfully achieve initial certification in two frameworks in under 16 months.
The Compliance Platform That Finally Speaks Both Tech and Business
What do you like best about the product?
We are currently using Secureframe so I can have real-time compliance visibility for both SOC 2 and HIPAA while still being able to more easily report up the chain. It has even flagged nearly a dozen critical vulnerabilities before they could be exploited
What do you dislike about the product?
To better support these specialized frameworks like FedRAMP, more flexibility is needed and additional procurement system integrations would help streamline some of the vendor risk management process.
What problems is the product solving and how is that benefiting you?
Slashed board reporting time by 60%, cut M&A due diligence times in half, and saved over $150k/year on audit costs & improved our security posture all at the same time. This turns compliance from an overhead to a competitive advantage for tech leaders.
Secureframe is the SCA for cloud compliance the industry has been missing
What do you like best about the product?
Secureframe has drastically altered the way we think about audits as a cloud security engineer who works directly on multi-cloud compliance (AWS, Azure, GCP). Its native CSPM integrations automatically map cloud resource configurations to compliance controls (SOC 2, ISO 27001, CIS Benchmarks), and outputs near-zero false positives. Like, it detected an S3 bucket with unintentional public write access — one that our own scripts missed and one that would have resulted in a finding against us during the last audit.
Terraform has introduced the Compliance as Code, and it is nothing less than revolutionary. We now include the Secureframe validation checks in our IaC pipelines and those checks fail the deployment process if certain policies are broken like using unencrypted EBS volumes or overly permissive IAM roles. It has led to a 75% decrease in cloud misconfigurations pre-production using this shift-left approach.
The auto-remediation workflows save dozens of engineering hours for evidence collection. In the event that Secureframe identifies a non-compliant resource (i.e. unpatched EC2 instance) it can automatically trigger Lambda functions to auto-resolve or escalate via Slack — reducing our mean time to remediation (MTTR) from 48 hours down to less than four.
Terraform has introduced the Compliance as Code, and it is nothing less than revolutionary. We now include the Secureframe validation checks in our IaC pipelines and those checks fail the deployment process if certain policies are broken like using unencrypted EBS volumes or overly permissive IAM roles. It has led to a 75% decrease in cloud misconfigurations pre-production using this shift-left approach.
The auto-remediation workflows save dozens of engineering hours for evidence collection. In the event that Secureframe identifies a non-compliant resource (i.e. unpatched EC2 instance) it can automatically trigger Lambda functions to auto-resolve or escalate via Slack — reducing our mean time to remediation (MTTR) from 48 hours down to less than four.
What do you dislike about the product?
The multi-cloud dashboard would be able to provide a better representation of the various compliance gaps across providers (eg: Azure NSGs vs. AWS Security Groups) Today we still have to use some hacks with custom Ionic tags. The Kubernetes compliance module is also very new and we found that it does not offer sufficient coverage of custom admission controllers or Istio policies (we needed to provide extra evidence on those fronts manually).
What problems is the product solving and how is that benefiting you?
1. Preventing Compliance Drift in a Dynamic Cloud:
The problem was the traditional tools couldn't keep up with our ephemeral environments. Everything from a new VPC, container or serverless function is continuously evaluated in real-time against various compliance frameworks as soon as anything gets deployed.
2. Audit Preparedness Without Toil:
Nothing was requested in our last SOC 2 audit – everything was already conveniently organized and versioned ready for auditors via Secureframe. Which reduced the audit timeline by 3 weeks.
3. Unblocking Engineering Teams:
Uses developers no longer cycle on compliance tickets, With Secureframe's self-service portals and automated approvals, they can now enforce security policy before deploying; cutting down their friction by 90%.
The problem was the traditional tools couldn't keep up with our ephemeral environments. Everything from a new VPC, container or serverless function is continuously evaluated in real-time against various compliance frameworks as soon as anything gets deployed.
2. Audit Preparedness Without Toil:
Nothing was requested in our last SOC 2 audit – everything was already conveniently organized and versioned ready for auditors via Secureframe. Which reduced the audit timeline by 3 weeks.
3. Unblocking Engineering Teams:
Uses developers no longer cycle on compliance tickets, With Secureframe's self-service portals and automated approvals, they can now enforce security policy before deploying; cutting down their friction by 90%.
Bridging DevOps and Compliance Without the Headache
What do you like best about the product?
Why it resonated with me I am also a DevOps engineer and compliance is where i usually get pulled in so the fact that Benchee actually made some sensible integrations with Terraform / GH Actions / API-first design, felt refreshing. This means the same kind of language around security requirements that would also be easy to represent to developers — for example, auto-remediating misconfigured S3 buckets. The ease at which this could be plugged in into our CI/CD pipeline meant that it was not too arduous for any individual engineer. Customer help knows of the technical debt and even helped us to configure controls for our kubernetes clusters.
What do you dislike about the product?
Deeper in the doc for custom integrations can use more webhook options to trigger external workflows. Too much compliance jargon in UI leading engineers to confusion — I need more “DevOps mode” with normal language.
What problems is the product solving and how is that benefiting you?
It removed the wall between DevOps and compliance where you could not throw it over. We now bake controls into the deployments, Puts less of a burden on retroactive fixes. For example, we have halved our mean-time-to-remediation by gaining real-time visibility into cloud vulnerabilities.
Secureframe Saves us Time and Headaches
What do you like best about the product?
Secureframe provides clear, step by step guidance. Automation of vendor reviews and risk assessments is especially helpful.
What do you dislike about the product?
More AI driven suggestions during policy creation would be great, especially for niche industries like ours.
What problems is the product solving and how is that benefiting you?
It helps us maintain a strong security posture for enterprise clients while reducing the overhead of manually managing controls.
HIPAA Compliance Without the Chaos
What do you like best about the product?
The continuous monitoring keeps us aware of any potential drift. It's like having a compliance partner that never sleeps.
What do you dislike about the product?
I wouldn't call it a dislike, but a nice addition would be more HIPAA-specific templates to make policy rollout even faster.
What problems is the product solving and how is that benefiting you?
HIPAA audits are now straightforward. Secureframe's proactive alerts and AI policy creation mean we're always prepared.
Small Team, Big Compliance Wins with Secureframe
What do you like best about the product?
For small IT teams, it is a game-changer. We did SOC 2 without lifting a finger using the policy library and auto evidence collection (Jira, Google Workspace). Support was on the front foot when people encountered problems integrating with GitHub Speedy response to GitHub integration issue that even non-technical stakeholders could compare.
What do you dislike about the product?
Mobile access is slow - I wish I could admin on the run. Contextual Alerts not providing any context and forcing the user to click into it to understand what has occurred. Couple niche tools manually uploaded (cough yea our local HR system), which is good in the following way.
What problems is the product solving and how is that benefiting you?
We no longer find ourselves stuck in a vicious cycle of being reactive and scrambling during audits, and are always audit ready. We can give a need to know compliance status instantly, so sales cycles are much shorter. The biggest benefit? Security posture is believed to be at rest 24/7.
showing 391 - 400