Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Fantastic Compliance and Security Platform
What do you like best about the product?
Drata centralizes and helps to automate your compliance needs under one solution; audits, vendor mgt, risk mgt, policy mgt, assets, reporting, and a trust portal.
What do you dislike about the product?
I honestly cannot think of one thing. Drata continues to bring feature after feature to improve the product.
What problems is the product solving and how is that benefiting you?
Allows a small team to work more effciently by automating various tasks that typically would take weeks to complete.
- Leave a Comment |
- Mark review as helpful
Seamless Communication and Solid Work Ethics but Room for Improvement in User Education
What do you like best about the product?
Efficient Communication: Despite the time zone difference, the communication with Drata's compliance team has been exceptionally smooth. I can easily reach out during my working hours and receive a prompt reply by the next morning.
Flexible Tools: Not only do they offer a built-in chat tool, but they're also flexible enough to let me use third-party tools like Google Docs for commenting.
Outstanding Work Ethics: Being the sole point of contact for compliance in my small company, I've worked with the Drata team more closely than with some of my colleagues. Their professionalism, punctuality, and respectful manner exceeded my expectations.
Flexible Tools: Not only do they offer a built-in chat tool, but they're also flexible enough to let me use third-party tools like Google Docs for commenting.
Outstanding Work Ethics: Being the sole point of contact for compliance in my small company, I've worked with the Drata team more closely than with some of my colleagues. Their professionalism, punctuality, and respectful manner exceeded my expectations.
What do you dislike about the product?
Lack of Deep Understanding: While Drata's tool excels at guiding users through compliance tasks and significantly aiding in increasing the readiness percentage, there's room for improvement when it comes to instilling a deep understanding of the 'why' behind the compliance requirements. Although the compliance team is very helpful in answering many of these 'why' questions, it would be advantageous if such knowledge were incorporated directly into the tool. This would eliminate the need for users to remember all the intricate details and could serve as an ongoing resource for understanding compliance deeply.
Gap in Audit Preparedness: The tool is designed to make you compliant but not necessarily audit-ready. Users are left to themselves to make the connections between policy requirements, company statements, and actual practices.
Gap in Audit Preparedness: The tool is designed to make you compliant but not necessarily audit-ready. Users are left to themselves to make the connections between policy requirements, company statements, and actual practices.
What problems is the product solving and how is that benefiting you?
Gaining trust in our security practice internationally, beyond local market.
Best SOC 2 compliance management tool we found
What do you like best about the product?
Fast moving team that develops features quickly; by far the best UI compared to Tugboat and Vanta; agentless evidence checking (unlike Vanta) which is a much more secure architecture.
What do you dislike about the product?
Still a young and maturing product. Overly prescriptive in how to implement and evidence certain controls. For example, we handle network access management through security groups, but their automated evidence collection checked for NACL rules instead. There's not always enough flexibility to handle different controls, let along custom controls. So, you'll still end up uploading a fair share of manually collected evidence.
What problems is the product solving and how is that benefiting you?
All of our compliance readiness is handled well in one place. They are also very good at automating all the tasks needed to maintain readiness: it would be like herding cats to do that by hand.
Great platform and incredible support!
What do you like best about the product?
The platform is very easy to use, easy to set up, and the support is one of the best I've seen of any platform I've used.
What do you dislike about the product?
Nothing - great service! I have gone through SOC2 Type 1 and currently doing SOC2 Type 2 and everything is moving smoothly.
What problems is the product solving and how is that benefiting you?
Helping me achieve SOC2 Type 1 for my customers to be more confident in signing with me.
Useful Tool That is Underutilized by Auditing Companies
What do you like best about the product?
I really have enjoyed that all the evidence is aggregated in one spot and presented in a way that auditors have understood it. The integrations are also useful, data that syncs up with any changes is especially useful in a fast paced business environment.
What do you dislike about the product?
The real downside of using drata was the fact that Auditors were reluctant to use it. All the evidence was there in the platform and visible for them to use, but they still wanted us to walk them through all of our controls over video chats. This defeated the purpose of Drata and did not save us time.
What problems is the product solving and how is that benefiting you?
The tedious process of data and evidence collection.
A useful solution
What do you like best about the product?
Nice UI, nice cloud vendor tooling tie ins to AWS & GCP.
Easily see your IT assets and allocated users.
Useful top down view of compliance checklists all in one place.
Handy lightweight MDM solution with agents for all OSes and a web dashboard / onboarding flow for users.
Out of the box SSO/SAML IdP integrations like Google auth.
Easily see your IT assets and allocated users.
Useful top down view of compliance checklists all in one place.
Handy lightweight MDM solution with agents for all OSes and a web dashboard / onboarding flow for users.
Out of the box SSO/SAML IdP integrations like Google auth.
What do you dislike about the product?
Very limited custimization options. Because there is no way to customize user IT asset compliance rules, if you don't do things 100% the Drata way, 100% of yours users will show as non-compliant all the time, becaus there is no way to customize the ruleset Drata uses. This makes the compliance dashboard of limited value.
This is an overall theme in Drata. It's highly opinionated, so if you do things 100% their way, it works well, but if not you'll never see a complete compliance picture due to continuous false positives. This can also be seen in the cloud asset compliance checks and VCS checks. If you have no existing SOC2 apparatus, and want to use the Drata way hook line and sinker, this can work well, but if you have an existing compliance process, you'll possibly feel constrained in your ability to tailor Drata to fit.
Finally custom API integrations are rudimentary. The fact that you must open a support engineer directly to get an API key speaks to this currently being a rudimentary feature, rather than a rich API layer. We had to reverse engineer APIs and use UI tokens/sessions to automate processes, rather than the official Drata APIs to get things automated.
This is an overall theme in Drata. It's highly opinionated, so if you do things 100% their way, it works well, but if not you'll never see a complete compliance picture due to continuous false positives. This can also be seen in the cloud asset compliance checks and VCS checks. If you have no existing SOC2 apparatus, and want to use the Drata way hook line and sinker, this can work well, but if you have an existing compliance process, you'll possibly feel constrained in your ability to tailor Drata to fit.
Finally custom API integrations are rudimentary. The fact that you must open a support engineer directly to get an API key speaks to this currently being a rudimentary feature, rather than a rich API layer. We had to reverse engineer APIs and use UI tokens/sessions to automate processes, rather than the official Drata APIs to get things automated.
What problems is the product solving and how is that benefiting you?
Top down single source of compliance state and information.
Ease of compliance w Drata
What do you like best about the product?
The continuous monitoring of controls and regular updates on missing compliance
What do you dislike about the product?
They don't have international background check integrated w Checkr. Atleast they didn't have it while we were getting onboarded.
What problems is the product solving and how is that benefiting you?
It streamlines the various compliances for us, mainly SOC2 Type2 & HIPAA. Being into healthcare tech, these compliances are of utmost importance and Drata has definitely eased the process.
An easy to use compliance management software
What do you like best about the product?
Drata monitors our systems daily and raises alerts whenever something is amiss. Integrations are also seamless with many of the systems we use. It also makes audits like SOC2 easy by automating a lot of controls.
What do you dislike about the product?
Although the evidence management flow has been simplified, it can be improved further.
What problems is the product solving and how is that benefiting you?
Automated compliance checks for our systems and helping with audits.
Good system which is easy to use.
What do you like best about the product?
Automated task manager. Audit sync ability. Integrated with our HR system, need to explore other integrations to get the best out of it.
Customer support team are quick at responding and supporting the process.
Customer support team are quick at responding and supporting the process.
What do you dislike about the product?
No export option on any pages. This would make a lot easier when tracking and sharing updates with c-suite staff.
Ability to change the view, for example - tasks outstanding are in a view of by month, would be useful to have this interchangeable into a monthly calendar view (which can also be exported) so you can quickly see tasks needing focus for the month ahead.
Ability to change the view, for example - tasks outstanding are in a view of by month, would be useful to have this interchangeable into a monthly calendar view (which can also be exported) so you can quickly see tasks needing focus for the month ahead.
What problems is the product solving and how is that benefiting you?
Ensuring that we have got all policies in order and making sure these are reviewed regularly. Creating one source of the truth which is easy to share with team members for 1 quick check.
Great platform with excellent customer support
What do you like best about the product?
Super easy to set up, use and maintain, plus they have excellent customer support. The speed and frequency that Drata are releasing new & very good features is impressive and have really added to our experience.
What do you dislike about the product?
No downsides so far, we have loved the Drata product.
What problems is the product solving and how is that benefiting you?
Helping our small team maintain compliance on an ongoing basis
showing 491 - 500