Our main use case for Drata is to provide a platform for us to manage our SOC 2 compliance.
External reviews
370 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Great product
What do you like best about the product?
Sales was straight forward to deal with, support was good, product is intuitive and easy to use, pricing was aggressive
What do you dislike about the product?
the one drawback to implementation was some of their support wants you to upload a video to troubleshoot where i prefer to troubleshoot on my own or live troubleshoot
one of their engineers was kind enough to provide data and resolve the issue
one of their engineers was kind enough to provide data and resolve the issue
What problems is the product solving and how is that benefiting you?
we are using their software for compliance
A great compliance tool with real online support people
What do you like best about the product?
Automations to connect to internal systems and integrations to auditors workflows.
The online chat to support people in my time zone is good.
The online chat to support people in my time zone is good.
What do you dislike about the product?
It's a growing company and therefore they are rapidly changing. This can create some small bugs from time to time.
Popularity of software can create overload with support resources in non US timezones.
Popularity of software can create overload with support resources in non US timezones.
What problems is the product solving and how is that benefiting you?
Ensures our processes that are compliant are automatically submitted to auditors, saving time and reducing manual work.
Ensures that our auditors also use Drata to reduce rework.
Ensures that our auditors also use Drata to reduce rework.
Great GRC platform
What do you like best about the product?
Intuitive interfaces that are easy to use
What do you dislike about the product?
Nothing at the moment. Its a solid tool,
What problems is the product solving and how is that benefiting you?
holistic GRC automation
Easy to use, constantly improving, and easy to understand GRC platform
What do you like best about the product?
It's constantly improving - the changes in the little time we have been using the platform has been enormous.
Customer Support and compliance team are also top notch - they've never not been able to help.
The amount of integrations are staggering, and they all work pretty well in my experience. We've rarely had any issues in that area.
Customer Support and compliance team are also top notch - they've never not been able to help.
The amount of integrations are staggering, and they all work pretty well in my experience. We've rarely had any issues in that area.
What do you dislike about the product?
Some omissions in features that would truly make it an 'all-in-on' GRC tool - such as a NC register - sometimes hold it pack a little.
What problems is the product solving and how is that benefiting you?
Implementing different security frameworks, and hand holding along the way
Fantastic platform and even better CSM!
What do you like best about the product?
We really like the fact that it has several views on the controls, we also like that it is helping us get through SOC2 and ISO at the same time.
It was easy to rollout - everyone was good to go with one walk through (I found doing a 1x1 with Exec was easiest)
It was easy to rollout - everyone was good to go with one walk through (I found doing a 1x1 with Exec was easiest)
What do you dislike about the product?
When you leave a page, nothing is saved so you have to save your settings that you had already put in SOC/ISO(compliance) , readiness, etc. Super annoying. If you hit the back button on the browser, it will take you there, but if you have opened a lot of items - it takes forever
What problems is the product solving and how is that benefiting you?
Help us get to SOC2 and ISO compliance. The templates in the Policies were fantastic! Really saved us a lot of time
Platform requires compliance expertise and struggles with control accuracy
What is our primary use case?
What is most valuable?
The best features that Drata offers, even though my overall experience wasn't great, include monitoring that worked effectively, although it was somewhat inflexible.
Almost all of the monitoring worked, but they have very specific ways that they want to see the infrastructure set up. For instance, one of the SOC 2 requirements is having a business recovery plan, which necessitates periodic database backups. We had it set up using AWS Backups to do it twice daily, but Drata requires using a different service for daily backups. Even though we had already covered the requirement, they still required it to be done their way, which I felt was not ideal. But overall, their monitoring of infrastructure worked pretty effectively.
What needs improvement?
Drata helped us manage our SOC 2 compliance by automating the monitoring of our infrastructure, but overall, the platform didn't work effectively at all.
Being fairly new SOC 2 compliance, understanding how the platform worked was really difficult to use. In particular, their UI shows many false positives, indicating that requirements are taken care of even when they're not. This makes it really difficult to manage and understand where we were in the process without being a compliance expert myself.
A specific example of when the UI gave us a false positive is that there were several controls within the Drata platform that were completely monitored, such as ensuring that our databases are encrypted at rest. However, there are other controls that are a combination of monitored controls and manual evidence required, and they don't show that secondary requirement at all, even though it's what an actual auditor would require. Using Drata to understand the full scope of what we needed to accomplish and what we needed to provide evidence on was unsuccessful. I went back and forth between the auditor a dozen times and talked to the Drata team multiple times about trying to sort that out to ensure I actually had a punch list of things to do so that they understood the scope of what we needed, but couldn't get there. We eventually tried to cancel the subscription, but they refused, despite the platform not providing the value they promised.
We attempted to get their Slack integration working so that we would be notified in real-time of any monitoring issues that were out of compliance, but ultimately, we couldn't get that to work.
Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time. The complications with Drata extended the entire process by about six months and cost me probably 10 hours a week while we were still trying to get Drata to work, totaling about 40 hours of my time.
I think Drata could be improved by changing it so that it reports the actual status of the controls and are more proactive about helping organizations at our stage of business get to compliance.
For how long have I used the solution?
We have been using Drata for about nine months.
What do I think about the stability of the solution?
I suppose Drata is stable.
What do I think about the scalability of the solution?
Drata's scalability is fine.
How are customer service and support?
My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked. In the end, it wasn't great. I would rate the customer support a seven on a scale of 1 to 10.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
Drata integrates quite well with other AWS services we use. The procurement process was easy.
What was our ROI?
I haven't seen a return on investment with Drata, as there are no relevant metrics such as money saved, time saved, or fewer employees needed.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is all fine.
Which other solutions did I evaluate?
Before choosing Drata, we evaluated other options, namely Vanta and Secureframe.
What other advice do I have?
My advice to others looking into using Drata is that I would advise them not to use it.
I would rate Drata a 1 out of five because the platform requires that you be a compliance expert and doesn't help guide the user through the process. The platform fundamentally requires compliance expertise, which can be a barrier for many users.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Great Experience
What do you like best about the product?
Drata helps organize all your documentation like a dream. Theres a ton of time saved figuring out related controls. The integrations make tracking changes much easier. I have used this platform everyday for the past few months preparing for our PCI compliance audit. After all the initial heavy lifting I can see that huge amount of burden relief this product offers its clients.
What do you dislike about the product?
There are some features that feel lacking such as, no way to track requirements that are in progress state in the midst of an audit in audit hub.
What problems is the product solving and how is that benefiting you?
Drata helps monitor realtime environment compliance.
Customer Support
What do you like best about the product?
Whenever I had to contact customer support, the issue was handled promptly. The support team is helpful and communicates clearly, keeping you informed of any delays, recommended steps to resolve the issue.
What do you dislike about the product?
I have not come across any downsides using drata.
What problems is the product solving and how is that benefiting you?
Helping us towards SOC type 2 compliance.
Comprehensive platform with excellent support
What do you like best about the product?
The support, including access to compliance professionals
What do you dislike about the product?
The UI not always intuitive, and you can bounce between sections easily
What problems is the product solving and how is that benefiting you?
Helping us achieve ISO27001 compliance.
Great way to get up and running
What do you like best about the product?
Great support, templates to help get things rolling. Easy for end users.
What do you dislike about the product?
Not as strong as a reference, fixed format and limited searchability for more advanced users.
What problems is the product solving and how is that benefiting you?
Helps us develop and maintain standardization and certification, giving us a better and clearer offering to present to customers.
showing 11 - 20