External reviews
1,074 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Drata: A great tool for centralized compliance
What do you like best about the product?
Drata centralizes all of our compliance data and allows us to continuously monitor for changes. This saves our compliance team a huge amount of effort in auditing our customer-facing products and IT services. It also helps our technical/operations staff quickly identify and document changes to infrastructure.
What do you dislike about the product?
The user interface can be difficult to use. Some of the test failures are hard to interpret and diagnose, requiring jumps back and forth from Drata app to Drata docs to provider docs to certification/standard definitions, etc.
What problems is the product solving and how is that benefiting you?
It's difficult to monitor and audit the compliance of our infrastructure as it evolves to meet product needs. Drata solves this and pushes us to implement better patterns for infrastructure and software.
SOC 2 Type 2 experience
What do you like best about the product?
Continous monitoring throughout the period that allows you to fix issues as you go and you don't have stress out just before the audit starts.
What do you dislike about the product?
Sometimes the behaviour is not intuitive or consistent accross the product e.g. task view - adds task for expiring evidences that are monitored but that is not always true for resources in settings page e.g. org chart.
I would like to nore distribute the work accross the team but Drata permission model doesn't allow that though that was improved recently.
There was few shakes of trust that happend to us and we were loosing a trust to product little bit:
1. Drata agent - provide false sense of being on checked when we discovered that some HW haven't reported checks for more than 9 months which equals to situation that we hands over the PC and than have no checks
2. During the audit the auditor was claiming that he don't see evidences that were uploaded on quarterly basis which was scary given the fact that we are not backing up evidences uploaded to Drata. Thankfully it was restored with support and provided extra to auditor. But finally we don't know what was a problem as acting via middleman is clumsy. We were instructed with support to raise it that additional training will be provided with auditor. But what I think would be more appropriate and well appriciated would be auditor communicating with drata folks directly either resulting in either additional training or restoring data. The result we got are ok we survived the audit, but I have no clarity whether it was problem with the auditor or with platform and I am afraid it will be repeated next audit.
The features that would be really appriciated and are missing is measuring SLAs for offboarding where a lot of focus is during the audit.
I would like to nore distribute the work accross the team but Drata permission model doesn't allow that though that was improved recently.
There was few shakes of trust that happend to us and we were loosing a trust to product little bit:
1. Drata agent - provide false sense of being on checked when we discovered that some HW haven't reported checks for more than 9 months which equals to situation that we hands over the PC and than have no checks
2. During the audit the auditor was claiming that he don't see evidences that were uploaded on quarterly basis which was scary given the fact that we are not backing up evidences uploaded to Drata. Thankfully it was restored with support and provided extra to auditor. But finally we don't know what was a problem as acting via middleman is clumsy. We were instructed with support to raise it that additional training will be provided with auditor. But what I think would be more appropriate and well appriciated would be auditor communicating with drata folks directly either resulting in either additional training or restoring data. The result we got are ok we survived the audit, but I have no clarity whether it was problem with the auditor or with platform and I am afraid it will be repeated next audit.
The features that would be really appriciated and are missing is measuring SLAs for offboarding where a lot of focus is during the audit.
What problems is the product solving and how is that benefiting you?
Continous monitoring and automatic evidence collection. Providing a sense of security in some aspects.
Drata Trust Center a smart way to share your company security posture
What do you like best about the product?
Apart from the main use of the Drata solution focused on compliance monitoring, the platform also provides an easy way to share with customers your company security posture thanks to the Drata Trust Center. Trust Center enablement is very easy and takes little time, moreover, the integration with Docusign is an added value.
What do you dislike about the product?
The Trust Center should have more customization capabilities, especially for the UX look and feel and the contents that may be published
What problems is the product solving and how is that benefiting you?
Once Drata is properly configured for cloud/security compliance the Trust center can be enabled with few clicks.
Fairly intuitive product
What do you like best about the product?
Really helpful complimentary documentation, especially for the policies. I did need to reach out to ask for help in order to find the right sections of this documentation but now that I know where it is, super helpful (could be useful to link out in the comments at the top of each policy). The UI is simple to use and has easy link outs ot more details.
What do you dislike about the product?
I expected a formal onboarding, which was never setup or suggested. This may be because I was familiar with similar tools and had already started asking questions, indicating I was already using the platform but it felt like I just suddenly had this tool and needed to find my way from day 1.
What problems is the product solving and how is that benefiting you?
Getting our SOC2 and ensuring constant monitoring as we work to get there.
Great Tool and Support!
What do you like best about the product?
Drata helped us to stay organized and aware of deliverables for continuous compliance.
- The platform is easy to use
- Interface is friendly
- Compliance Monitoring
- Ease of Implematation
- Customer Support
- The platform is easy to use
- Interface is friendly
- Compliance Monitoring
- Ease of Implematation
- Customer Support
What do you dislike about the product?
There isn't much to complain about.
Even though there were a minor issues with integrations, the team was still able to provide soultions to help with automated contols.
Even though there were a minor issues with integrations, the team was still able to provide soultions to help with automated contols.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
Great at reducing work across multiple audit frameworks.
What do you like best about the product?
I like the automated monitoring to be confident that we're compliant year-round. It's also really good at providing templates for commonly needed policies, risk reviews, and more. When you start with one framework like SOC 2 and add a second in the future like ISO 27001, you won't need to gather all-new evidence; each control is mapped to all applicable standards.
What do you dislike about the product?
It's difficult to exclude some out-of-scope resources in an environment that's always changing, as exceptions are done on an individual resource basis. For example, if your AWS account has applications in scope for GDPR plus many others, they'll all get pulled into Drata and it's not easy to stay on top of the exceptions.
What problems is the product solving and how is that benefiting you?
It helps us get ready for security compliance audits. Saves hours of prep and saves time on calls with auditors by giving them a portal where they can see live status. However, it doesn't cover nearly all of what a thorough auditor will ask for, so it's not a magic bullet.
Good customer experience despite a rocky start
What do you like best about the product?
Knowledgeable customer success managers to help guiding our team through SOC2. Comprehensive software product, easy to integrate with our infrastructure.
What do you dislike about the product?
Some lost momentum in our SOC2 implementation, especially when it came to writing our policies. The template experience is overwhelming, and the Drata team took too long to identify that we needed help and an external partnership to succeed at writing our policies.
What problems is the product solving and how is that benefiting you?
Guiding our team through SOC2 compliance, starting with 0 knowledge.
Like a second-mind..
What do you like best about the product?
Drata is fantastic at allowing me to stay organized and aware of my deliverables for continuous compliance. I'm able to track and assign tasks to relevant parties, organize my thoughts on our control structures & get introspection on how the auditing criteria refer back to us. It's like having a second-helper who keeps track of everything & allows me to focus on policy creation & control creation/evaluation.
What do you dislike about the product?
Drata is fantastic if you have lots of industry-grade integrations but if you don't, your return on value might be lower. I still great utility out of it, but for the price point it wouldn't necessarily still be worth it. There are still small gotcha's in Drata, for instance the policy changelogs require manual updating- why are my changes to the policy not filling out the changelog itself? The Statement of Applicability in the ISO27001 frameworks are a large table, but most of that information should be part of the continuous compliance so why am I having to create so much? There are also lots of little things, like the Statement of Applicability, where I pulled things out of policy/out of Drata, and ended up creating a spreadsheet for them all over again because it's just going to be easier to maintain over time. Yes my Statement of Applicability will be uploaded to Drata as evidence, but I'd rather have something like this more built-in to the program rather then feeling that the best option is to create a spreadsheet & do it myself.
What problems is the product solving and how is that benefiting you?
Drata helps us with observability into our control infrastructure. I can see our management responsibilities, our technical controls, & plan for the future. In a very disorganized company, this is extremely effective for assisitng with holding people accountable to completing their responsibilities. Their support is fantastic & Hailee at Drata has been absolutely amazing. The Drata help articles are detailed & excellent when you are searching for something with only a few search terms. It is sometimes hard to find things if you don't know where they are- for instance, the templates used in vendor upload, business continuity/disaster recovery, etc & without Hailee's help, we would have never known about them. But our Customer Success Manager Hailee, was excellent at providing these documents. It would be nice if the Help Section had a dedicated Resources section for items like this.
Great platform, excellent support.
What do you like best about the product?
The support level is amazing and the platoform is easy to use.
What do you dislike about the product?
Nothing significant, I think that every platform has room for improvement. Although there are some issues with data import at times.
What problems is the product solving and how is that benefiting you?
Drata gives us an easy to use platfrom with a great UI. Compliance can be quite difficult but Drata helps to simplify the process.
a friendly UI to work on compliance, with acceptable automation
What do you like best about the product?
I think its interface is friendly, easy to understand and intuitive.
What do you dislike about the product?
Feature requests are not always taken into account (although I know they are compared against other clients) and the result of the review of an FR is not communicated in the best way, so that we can know the status.
However, some CSs have improved this process, but in the end, everything remains in a backlog.
However, some CSs have improved this process, but in the end, everything remains in a backlog.
What problems is the product solving and how is that benefiting you?
Maintain an optimal Security posture, which allows for streamlining business processes with new clients.
However, I must say that more work is required to minimize the efforts required in manual interventions as much as possible.
An example of this is that when I seek support to fix an issue, I am given a CSV template, which requires manually popularizing it. This doesn't make sense when you talk about automation.
However, I must say that more work is required to minimize the efforts required in manual interventions as much as possible.
An example of this is that when I seek support to fix an issue, I am given a CSV template, which requires manually popularizing it. This doesn't make sense when you talk about automation.
showing 71 - 80