External reviews
1,112 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Amazing Support; Maturing Functionality
What do you like best about the product?
Our client success manager has really made our experience with Drata worth it. He is quick to reply with training and information, and when he doesn't have the answer, he finds it out. On a couple of items where Drata is unable to meet our needs, he hasn't ghosted us or left us in the dark--he has been honest and straightforward, which is an undervalued virtue when bearing bad news (more info on that in the next question).
What do you dislike about the product?
The AWS integration currently does not support access to our GovCloud region within the VPC. They are currently studying the regulations around this type of architecture, and I am assured that it will be supported in the future. They simply must do their due diligence--that's a good thing.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
What problems is the product solving and how is that benefiting you?
So much is automated, and this is our first SOC 2 Type II audit, so I can't really say what life would be like with versus without Drata, but our CPA firm did provide a discount price on the audit when we told them we are using Drata as our readiness platform. The integrations are helpful, and either help us know where we can improve or affirm that our security controls are properly configured.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
Recommendations to others considering the product:
Referring back to my two issues, Drata is not yet mature enough to easily handle:
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
Nice fit for startups and small companies
What do you like best about the product?
Policy Templates, solid monitoring and automation
What do you dislike about the product?
Custom control capabilities are light. HIPAA compliance mapping is not yet available.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
Drata an excellent tool for security and compliance automation
What do you like best about the product?
Straightforward layout, easy to navigate and understand what's about. The material is well prepared and consistent. The tool for editing also easy to use.
What do you dislike about the product?
I don't dislike anything. Here and there, I find some things I would do differently, but that's not a major issue.
What problems is the product solving and how is that benefiting you?
Developing consistent policies for data and systems security and coordinating the review and approval of the policies among team members.
Great software for easing the SOC2 audit process
What do you like best about the product?
It's easy to see at a glance what criteria we need to satisfy for SOC2, and for many criteria, whether we're meeting them.
What do you dislike about the product?
Sometimes the UI is a little cramped, with the drawer that opens to show information on a particular entry (employee, policy, criteria, etc.) being relatively narrow when more of the screen could be used to display more information.
What problems is the product solving and how is that benefiting you?
We're in the process of getting SOC2 compliance and Drata has helped us pin down what we need to do to achieve this.
Easy SOC2 Preparation and Monitoring
What do you like best about the product?
Great support and easy to use interface which is perfect for beginners. Drata is the easiest solution to go from zero to being ready for SOC2 for a small startup.
What do you dislike about the product?
Only SOC2 compliance for now and no support for other compliance frameworks. The security program that Drata recommends is harder to customize for existing security programs or more complex use cases.
What problems is the product solving and how is that benefiting you?
As a startup that is new to SOC2 compliance, we found the individual tests provided by Drata and explanations to address them very easy to follow and setup. Furthermore, the recommendations provided by Drata to achieve SOC2 compliance are sensible to adopt and didn't require our organization make large changes to existing procedures. Without an extensive background in security, we were able to figure out what we needed to do from the generated SOC2 policies, support resources, and automated tests. Finally, we have high confidence that we are staying in compliance over the course of the year for our SOC2 Type 2 audit since Drata is continuously evaluating our configuration every night.
Great SOC 2 readiness experience with best-in-class customer service
What do you like best about the product?
I’m a Drata customer and have prepped for SOC 2 Type 2 with other readiness platforms in the past.
Drata is more automated than its competitors with a much more intuitive UX. They've really thought through what it means to meaningfully advise on security for their customers, rather than simply prepare for audits or adhere to compliance frameworks. With Drata I feel like I have a trusted partner to help me navigate security and compliance.
They also have best-in-class customer success, including access to an auditor to ensure you're doing everything you can to prepare for a successful audit. 10/10 recommend!
Drata is more automated than its competitors with a much more intuitive UX. They've really thought through what it means to meaningfully advise on security for their customers, rather than simply prepare for audits or adhere to compliance frameworks. With Drata I feel like I have a trusted partner to help me navigate security and compliance.
They also have best-in-class customer success, including access to an auditor to ensure you're doing everything you can to prepare for a successful audit. 10/10 recommend!
What do you dislike about the product?
Nothing, honestly working with them is a pleasure - which is the first time I've ever used the word "pleasure" to describe anything compliance-related.
What problems is the product solving and how is that benefiting you?
We are using Drata for SOC 2 Type 2 audit readiness. Drata has helped us prepare for an audit quickly, find an auditor, and develop policies internally that strengthen our overall security posture.
Recommendations to others considering the product:
If you're thinking about using a compliance readiness platform, don't discount the importance of customer success and trusted partnership. Drata really cares about their customers' business outcomes.
showing 311 - 316