External reviews
1,104 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Streamlined process to achieve SOC2
What do you like best about the product?
Integrations with various cloud providers
What do you dislike about the product?
We can probably improve notifications/alerts a little bit more.
What problems is the product solving and how is that benefiting you?
We are trying to get a SOC2 compliant. Less hassle to provide the proof for each control.
Drata review
What do you like best about the product?
I like the UI, it's very clean, nice looking, and understandable. I really like how we can use it as a unification tool for compliance, keeping all of our policies in the same location that we sign off on them is very convenient. I'm looking forward to having audits go smoother.
What do you dislike about the product?
I don't love that the connection to background checks requires a lot of manual interaction. We do background checks with Checkr before hiring a candidate so its always completed before they are in the Drata system, this makes it so we have to individually status each person instead of it being detected automatically. I realize that this is probably completely a limitation of Checkr.
What problems is the product solving and how is that benefiting you?
Easy compliance auditing
Drata Review
What do you like best about the product?
Ease of use and implementation, very straight forward and user friendly.
What do you dislike about the product?
Appears to be the odd sync issue across some of the employees and compliance, but it seems to be intermittent and self-correcting over time.
What problems is the product solving and how is that benefiting you?
Preparing for your SOC 2 Type 2 certification.
Easy tool, valuable support
What do you like best about the product?
The team is always available to help with support and answering questions anytime
What do you dislike about the product?
Impossible to update personnel data uploading a csv
Some minor bugs with the system
Some minor bugs with the system
What problems is the product solving and how is that benefiting you?
Guide to get soc 2 compliance, automation
Amazing Support; Maturing Functionality
What do you like best about the product?
Our client success manager has really made our experience with Drata worth it. He is quick to reply with training and information, and when he doesn't have the answer, he finds it out. On a couple of items where Drata is unable to meet our needs, he hasn't ghosted us or left us in the dark--he has been honest and straightforward, which is an undervalued virtue when bearing bad news (more info on that in the next question).
What do you dislike about the product?
The AWS integration currently does not support access to our GovCloud region within the VPC. They are currently studying the regulations around this type of architecture, and I am assured that it will be supported in the future. They simply must do their due diligence--that's a good thing.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
What problems is the product solving and how is that benefiting you?
So much is automated, and this is our first SOC 2 Type II audit, so I can't really say what life would be like with versus without Drata, but our CPA firm did provide a discount price on the audit when we told them we are using Drata as our readiness platform. The integrations are helpful, and either help us know where we can improve or affirm that our security controls are properly configured.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
Recommendations to others considering the product:
Referring back to my two issues, Drata is not yet mature enough to easily handle:
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
Nice fit for startups and small companies
What do you like best about the product?
Policy Templates, solid monitoring and automation
What do you dislike about the product?
Custom control capabilities are light. HIPAA compliance mapping is not yet available.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
Drata an excellent tool for security and compliance automation
What do you like best about the product?
Straightforward layout, easy to navigate and understand what's about. The material is well prepared and consistent. The tool for editing also easy to use.
What do you dislike about the product?
I don't dislike anything. Here and there, I find some things I would do differently, but that's not a major issue.
What problems is the product solving and how is that benefiting you?
Developing consistent policies for data and systems security and coordinating the review and approval of the policies among team members.
Great software for easing the SOC2 audit process
What do you like best about the product?
It's easy to see at a glance what criteria we need to satisfy for SOC2, and for many criteria, whether we're meeting them.
What do you dislike about the product?
Sometimes the UI is a little cramped, with the drawer that opens to show information on a particular entry (employee, policy, criteria, etc.) being relatively narrow when more of the screen could be used to display more information.
What problems is the product solving and how is that benefiting you?
We're in the process of getting SOC2 compliance and Drata has helped us pin down what we need to do to achieve this.
Easy SOC2 Preparation and Monitoring
What do you like best about the product?
Great support and easy to use interface which is perfect for beginners. Drata is the easiest solution to go from zero to being ready for SOC2 for a small startup.
What do you dislike about the product?
Only SOC2 compliance for now and no support for other compliance frameworks. The security program that Drata recommends is harder to customize for existing security programs or more complex use cases.
What problems is the product solving and how is that benefiting you?
As a startup that is new to SOC2 compliance, we found the individual tests provided by Drata and explanations to address them very easy to follow and setup. Furthermore, the recommendations provided by Drata to achieve SOC2 compliance are sensible to adopt and didn't require our organization make large changes to existing procedures. Without an extensive background in security, we were able to figure out what we needed to do from the generated SOC2 policies, support resources, and automated tests. Finally, we have high confidence that we are staying in compliance over the course of the year for our SOC2 Type 2 audit since Drata is continuously evaluating our configuration every night.
Great SOC 2 readiness experience with best-in-class customer service
What do you like best about the product?
I’m a Drata customer and have prepped for SOC 2 Type 2 with other readiness platforms in the past.
Drata is more automated than its competitors with a much more intuitive UX. They've really thought through what it means to meaningfully advise on security for their customers, rather than simply prepare for audits or adhere to compliance frameworks. With Drata I feel like I have a trusted partner to help me navigate security and compliance.
They also have best-in-class customer success, including access to an auditor to ensure you're doing everything you can to prepare for a successful audit. 10/10 recommend!
Drata is more automated than its competitors with a much more intuitive UX. They've really thought through what it means to meaningfully advise on security for their customers, rather than simply prepare for audits or adhere to compliance frameworks. With Drata I feel like I have a trusted partner to help me navigate security and compliance.
They also have best-in-class customer success, including access to an auditor to ensure you're doing everything you can to prepare for a successful audit. 10/10 recommend!
What do you dislike about the product?
Nothing, honestly working with them is a pleasure - which is the first time I've ever used the word "pleasure" to describe anything compliance-related.
What problems is the product solving and how is that benefiting you?
We are using Drata for SOC 2 Type 2 audit readiness. Drata has helped us prepare for an audit quickly, find an auditor, and develop policies internally that strengthen our overall security posture.
Recommendations to others considering the product:
If you're thinking about using a compliance readiness platform, don't discount the importance of customer success and trusted partnership. Drata really cares about their customers' business outcomes.
showing 301 - 310