External reviews
External reviews are not included in the AWS star rating for the product.
White-glove, attentive and persistent services from humans in a technical world
What do you like best about the product?
Drata feels invested in their client's success when it comes to acheiving their compliance goals. It isn't often that you get attention from humans in today's world as everyone is trying to squeeze every penny out of every deal. You can also translate the previous sentance to, "everyone is trying to squeeze every human out of the production loop so you always get the same standard sub-par service, regardless of your actual needs". Drata is hands-on and even reviews information ahead of calls rather than showing up to calls with zero preperation or information. That is appreciated in today's impersonal world.
What do you dislike about the product?
The pricing is my least favorite part, but a high-quality service is rarely the most expensive and if time is money, I'd buy this again and again.
What problems is the product solving and how is that benefiting you?
Managing the compliance workflow and helping to maintain those compliance levels beyond the one-time tasks.
- Leave a Comment |
- Mark review as helpful
Great Product, Phenomenal Account Management and Follow-through
What do you like best about the product?
Drata is a well executed product for compliance automation. It is framed as a tool that helps your organization achieve a robust security and compliance posture and delivers on this promise. In general, the product is easy to use and improving at a steady pace.
What do you dislike about the product?
If there's no connector for a tool you use, the process of uploading evidence is manual. Most of ours were covered, but it's important to keep this in mind as you evaluate. New connectors are being built and improved all the time, but if several you need are missing, you should count on more hours spent.
If you are working on your first SOC2:
- Coming up with a system description is a manual process, even though many of the "component" parts already exist in the system, they don't provide a UI to compile them into the system description that is required by SOC2. This is a one-time pain and I can understand why they've prioritized other areas for improvement over this... better to improve the stuff that is an ongoing pain, rather than the stuff that comes up once and is done (until there is a major change to your architecture)
- Some of the boilerplate policies Drata ships with had minor typos (that was a few years ago and they've likely fixed them)
Finally, Drata's own security awareness training is straightforward and could use some improvement. They provided a lightweight solution that 100% works, but it's not as memorable and engaging as it could be.
If you are working on your first SOC2:
- Coming up with a system description is a manual process, even though many of the "component" parts already exist in the system, they don't provide a UI to compile them into the system description that is required by SOC2. This is a one-time pain and I can understand why they've prioritized other areas for improvement over this... better to improve the stuff that is an ongoing pain, rather than the stuff that comes up once and is done (until there is a major change to your architecture)
- Some of the boilerplate policies Drata ships with had minor typos (that was a few years ago and they've likely fixed them)
Finally, Drata's own security awareness training is straightforward and could use some improvement. They provided a lightweight solution that 100% works, but it's not as memorable and engaging as it could be.
What problems is the product solving and how is that benefiting you?
We mostly work with larger enterprise customers that are concerned with our security posture and our procedures, processes, and stable operation, even though our product is largely installed on-premises / hosted by our customers. For years we manually answered every security questionaire sent our way, by prospects and customers alike. This was a time consuming task and many of the same answers were provided over and over. Using Drata to help us achieve continuous SOC2 Type II compliance became our goal. We've now achieved it (with two successful third party attestations) and are moving on to new frameworks like ISO 27001 and HIPAA. Drata is at the center of all this work. It brings it all together. It's a product we can trust from a company that has proven they can execute quickly, at a high degree of competence.
The two CSMs we've worked with have been phenomenal. Shout out to Craig Macaraeg, our current CSM, who's consistently ready and willing to help, positive, informative, advocates for us, and follows up when he says he will. The entire Drata team is incredibly customer focused and obsessed with being the best at what they do. It's also important to keep in mind that the compliance automation vendor has leverage with their audit partners, and Drata has many of said partners. You want a solid relationship with both the vendor and the auditor you are working with, and you also want the automation vendor to be able to push on the auditor when necessary. For example, our auditor wasn't using the Audit Hub functionality in Drata. Once we brought this up with the Drata team they had a conversation with the auditor immediately and made sure they were committed to using the platform and all it's capabilities.
Ultimately, the Drata platform helps us build and maintain trust with our customers, which is incredibly valuable—and they are a solid partner as we navigate compliance in general, posessing a lot of inhouse knowledge about the various compliance frameworks, and constantly exanding those that are available, bringing new entrants to market as fast as they can. Our trust in Drata helps build our own confidence that we can build and maintain trust with our customers.
The two CSMs we've worked with have been phenomenal. Shout out to Craig Macaraeg, our current CSM, who's consistently ready and willing to help, positive, informative, advocates for us, and follows up when he says he will. The entire Drata team is incredibly customer focused and obsessed with being the best at what they do. It's also important to keep in mind that the compliance automation vendor has leverage with their audit partners, and Drata has many of said partners. You want a solid relationship with both the vendor and the auditor you are working with, and you also want the automation vendor to be able to push on the auditor when necessary. For example, our auditor wasn't using the Audit Hub functionality in Drata. Once we brought this up with the Drata team they had a conversation with the auditor immediately and made sure they were committed to using the platform and all it's capabilities.
Ultimately, the Drata platform helps us build and maintain trust with our customers, which is incredibly valuable—and they are a solid partner as we navigate compliance in general, posessing a lot of inhouse knowledge about the various compliance frameworks, and constantly exanding those that are available, bringing new entrants to market as fast as they can. Our trust in Drata helps build our own confidence that we can build and maintain trust with our customers.
Easy to Onboard and operate
What do you like best about the product?
The implementation of Drata, coming from a previous solution, was really ease: simple staged onboarding steps, precanned policies to review (and leverage which saved us $$$ in technical writing review costs) combined with easy agents to configure for employee devices. The integrated approach with our SaaS ecosystem helps reduce the operational time and speeds our compliance activity. In fact, I'm happy to dive into Drata on a daily basis and their customer support is both interactive and human!
What do you dislike about the product?
One minor issue I have is that while there may be an integration in place for a specific area, many companies have multiple systems in place. This allowing only one integration per category becomes difficult and forces other internal effort that may complicate rollouts.
What problems is the product solving and how is that benefiting you?
As a financial services technology company, measuring our compliance performance is important. It's also important to provide that transparency to our prospective and existing customers to support business development and build trust. By automating much of the compliance activity we are more nimble and agile as an operator.
Excellent tool for achieving security compliance
What do you like best about the product?
Our Drata customer success representative is outstanding. Through the whole process, she's communicated what we need to do very cleary, has been patient with our shifting timelines and responsive to our questions.
The Drata security center has become a fundamental part of our tooling when it comes to evaluating our security posture and it's easy to notice when something falls out of compliance.
The integrations with the multitude of tools we use simplifies our day-to-day security operations as well.
The Drata security center has become a fundamental part of our tooling when it comes to evaluating our security posture and it's easy to notice when something falls out of compliance.
The integrations with the multitude of tools we use simplifies our day-to-day security operations as well.
What do you dislike about the product?
The Drata agent occasionally won't recognize certain requirements that have been fulfilled on our employees computer; this issue has been fairly infrequent, so it's barely enough to even mention :)
What problems is the product solving and how is that benefiting you?
Making sure that we are compliant with multiple different security frameworks.
Time saver in a busy world!
What do you like best about the product?
Making sure that I have full visibility in all areas that require security compliance is key for me and my company. Drata allows me to have that visibility in an organized and easy to use portal. The ability to use their well written policy templates, controls, evidence management and notifications features saves me a lot of time and effort. I am also a fan of their support and commitment to find improvement and offer new features.
What do you dislike about the product?
Their policy editor could still use more improvements. I found some issues working with large policies. Also, the ability to export policies to other formats would be nice to have. Drata was helpful providing a work around and sharing my feedback with the development team.
What problems is the product solving and how is that benefiting you?
Being a small security team, having Drata as a tool has allowed me to minimize the effort needed to manage and monitor my Information Security Management System making governance more efficient.
Drata - Best in Class Compliance Automation
What do you like best about the product?
Ease of use, completeness of features, and excellent technical and customer support.
What do you dislike about the product?
Occasional bugs, but they are addressed reasonably quickly.
What problems is the product solving and how is that benefiting you?
Drata enables a small security and privacy staff to more efficiently manage compliance with various regulations.
Drata walked us through the maze of attaining compliance
What do you like best about the product?
Drata has features that connect to your systems to confirm compliance in critical areas. They monitor it regulary and report outward when a system fails. It makes it easy to see what you need to focus on and your possible gap areas. They have compliance analysts and auditors ready to answer any questions along the way. It is easy to use and implemente.
What do you dislike about the product?
Additional connections to various systems would be helpful.
What problems is the product solving and how is that benefiting you?
Being SOC2, GDPR and CCP compliant is a feature required by many of our B2B prospects.
Worth every spend
What do you like best about the product?
Available documented resources/tools to help navigate.
Timely and relevant response from customer service agaents.
Regular information on updates to the platform
Timely and relevant response from customer service agaents.
Regular information on updates to the platform
What do you dislike about the product?
Separation of modules e.g my framework has a risk assessment but need to subscribe for risk management.
What problems is the product solving and how is that benefiting you?
It is solving the manual approach of drafting policies, documenting controls and monitoring progress.
It is an immense benefit because i can focus on some other function while Drata takes care of and provides information regarding my compliance status for improvement on areas lacking behind.
It is an immense benefit because i can focus on some other function while Drata takes care of and provides information regarding my compliance status for improvement on areas lacking behind.
Drata made our first audit possible
What do you like best about the product?
The guidance and built in workflow for on boarding gets you started very quickly. Quickstart is the Easy Button for our SOC2 journey, making our implementation efficient.
The automation makes keeping your controls in place much easier. The dashboard helped us understand how we were progressing on our journey. The staff were knowledgeable, friendly, and provided clear guidance on where to go next. Direct integration with our various service providers and the automation around that significantly reduced the time to get started.
The automation makes keeping your controls in place much easier. The dashboard helped us understand how we were progressing on our journey. The staff were knowledgeable, friendly, and provided clear guidance on where to go next. Direct integration with our various service providers and the automation around that significantly reduced the time to get started.
What do you dislike about the product?
Sometimes it was hard to understand how the automated controls worked and wy they were failing. We figured most out in the end, but the automated offboarding evidence was unclear why it was failing. mostly I think it is just. missing a refresh button to force another query against Jira.
What problems is the product solving and how is that benefiting you?
Drata enabled us to get started on our SOC2 type 1 audit and to prepare for our Type 2 audit later this year.
10/10 experience working with Drata
What do you like best about the product?
-Well designed and intuitive product
-Exceptional account management. Our account manager, Elizabeth, has proved invaluable. We have biweekly check-ins with her and she kept us on track for SOC2 Type II compliance and provided critical introductions to external vendors.
-Exceptional account management. Our account manager, Elizabeth, has proved invaluable. We have biweekly check-ins with her and she kept us on track for SOC2 Type II compliance and provided critical introductions to external vendors.
What do you dislike about the product?
Our experience has been overwhelmingly positive.
What problems is the product solving and how is that benefiting you?
We used Drata for our SOC 2 Type 2 audit
showing 91 - 100