Drata Reviews & Product Details

Drata supports the most common compliance frameworks. It effectively translates compliance requirements into readable control items. Each control item consists of a set of tests that are defined with clear specifications. For example, if an organization wants to adhere to the compliance NIST CSF, personnel responsible for achieving compliance simply focus on the control items of target compliance that Drata organized. Some tests can be shared across multiple compliance frameworks! It is easier for them to implement other compliances more efficiently in the future. Secondly, the most impressive design is the capability of automated evidence collection. With easy configuration on integrations to popular platforms, it can save effort when collecting the evidence of control items. To manage the overall readiness of compliance continuously, Drata provides efficient monitoring of controls, the status of tests, and the integrity of essential evidence. It provides users with real-time status and benchmarks in the dashboard. That helps internal or external auditors to track progress, identify gaps, and demonstrate compliance to key stakeholders. Finally, when I was new to Drata in the beginning, the Drata support team consistently delivered effective solutions to customer issues. The experience of customer support really touched my heart. Review collected by and hosted on G2.com.

The automated evidence-collection feature is a very productive design. However, it has both pros and cons. The limitations on integrations may become a burden if the target platform is not on the support list. Another thing that needs to be improved is the instructions for fixing the failed/error tests. Sometimes, I can not directly understand the root cause of the failed test. I hope the error information or solution instructions become more transparent or readable. Review collected by and hosted on G2.com.

The most valuable feature for us is the continuous monitoring and real-time alerts, which provide reassurance that our controls are consistently effective. Drata also simplifies evidence collection and audit preparation, helping us save time and reduce the risk of errors. As a result, we are able to maintain compliance proactively and dedicate more attention to strategic security improvements instead of getting bogged down by administrative work.

In terms of usability, the platform is highly intuitive and user-friendly, making it easy for even new team members to navigate and complete tasks. The implementation process was smooth and quick, thanks to clear instructions and minimal disruption to our existing workflows. Drata’s integration with our current tools and systems is seamless, which cuts down on manual work and keeps our data consistent across platforms. The customer support team is always responsive, knowledgeable, and eager to help, which greatly enhances our overall experience. We rely on Drata daily for monitoring and compliance activities, and it has become an essential part of our security operations. Review collected by and hosted on G2.com.

It would be great to have more available integrations, for example with popular observability tools such as Grafana. Review collected by and hosted on G2.com.

Drata let's us control all of our compliance/audit related requirements in one system–simple as that. The UX is great–it's easy to understand, easy to navigate, easy to add evidence, etc. The automation workflows are great–being able to automatically import all of our employees, devices, 2FA rules, etc. directly from our SaaS/PaaS products (e.g., Azure) is fantastic. The TrustCenter is quite helpful as well as a way of sharing sensitive documents (e.g. audit reports) with third parties in a tracked manner. It's a great tool tbh. Review collected by and hosted on G2.com.

It's a big system so it can be quite confusing at first. It's hard to know what's actually required for your various audit types–Drata gives you a template for nearly everything, but do you actually need everything in the template? Probably not. That's not Drata's fault, it's just the nature of being a generalized compliance tool that works across every industry. Review collected by and hosted on G2.com.

I like how easily and friendly the interface of Drata is. It's very clean, and everything is easy to find, which is important since we ask our employees to use this software once a year; having an easy-to-use interface is crucial. It ensures that they can complete courses and understand everything without spending a lot of time figuring out how the software works. The initial setup was easy too; we just needed to set some things, and it was working pretty well. Everyone can do the courses and make sure they're aware of the best practices, so it's easy-going software. Review collected by and hosted on G2.com.

I had some issues logging in, but the team was very helpful. They helped me, and I received a reply a few minutes after requesting some help. They can add an option to log in with social media to avoid issues, such as not receiving matching links because they end up in the spam folder. Review collected by and hosted on G2.com.

I like the pricing point of Drata, which is important as we are mindful about our budget while trying to achieve SOC2 compliance. The onboarding process was smooth, and we were guided through a series of workshops and onboarding sessions that provided us the tools to start using the platform effectively. The initial setup of Drata was also easy. Review collected by and hosted on G2.com.

The UI is a little confusing sometimes. As someone who has already done a SOC2 audit with a competitor product, I sometimes find the Drata platform a little confusing. It's not straightforward to see what tasks are missing and what specific things we need to fix. I think UX could be improved. Review collected by and hosted on G2.com.

I like that Drata reminds us when to update and submit our evidence for the past 12 months. It's convenient to have one place to add all the evidence instead of having pieces stored in different locations. This organization makes it easier to refer back to the information submitted as evidence. The reminders are also helpful once the time to review the evidence is near. We have successfully integrated Drata with our other platforms like Office365, Jira, and Bitbucket. Review collected by and hosted on G2.com.

The audit option is a bit clunky as it's hard to differentiate who owns the control. In addition, we still need to double up on maintaining the policies. Once version in Drata and another soft copy we need to keep when it is required by our clients when we do proposals. Our Sales team will need access to the latest version. It took a while to fully understand what it did. Review collected by and hosted on G2.com.

I like Drata's simple login UX which makes onboarding users easy since they just need to go to the login screen and sign in with Google. The reporting feature is decent and allows me to track how many people are yet to install the agent. I also appreciate the ease of installing the agent software. The initial setup was fairly good, with simple integration of Google Workspace and Atlassian, and even though the integration with Hibob (HRIS) took a bit longer, Drata support was helpful in resolving this by providing the necessary third-party integration docs. Review collected by and hosted on G2.com.

More reporting options would be useful. More granularity with filters is needed; for example, I can filter by non-compliant devices, but I can't filter by a single non-compliant device-related item like a screen lock. Also, scheduled and saved reports are a must, which is missing currently. The initial setup with certain integrations like HiBob (HRIS) took a little longer because the guide we followed ended up missing a few steps. Eventually, Drata support helped by finding the third-party integration docs and forwarding them to me. Review collected by and hosted on G2.com.

Drata has a big range of features and covers a lot of usecases for us. Also, the integrations that exist are relatively easy to integrate. Review collected by and hosted on G2.com.

There are two downsides to Drata, in my opinion:

1) User Experience

The UX of the product is okay, but it's not great. There are multiple smaller paper-cuts: The UI is overall a bit slow, frequently presenting loading spinners. Controls/Monitors have individual URLs, but unfortunately when shared they get removed. I.e. even if I send a colleague a link to a specific /control/123 they will get redirected to all controls instead of the specific one.

2) Integration Limitations

The default integrations that come with Drata are a bit limited, e.g. we still haven't been able to connect a vulnerability scanner into Drata, as it comes with 14 different options by default and we use none of them. That's always an issue with these integration platforms, but it's not clear to us yet how we could build a manual API integration for this feature. Review collected by and hosted on G2.com.

Drata has been incredibly easy to use—simple, intuitive, and very well designed. Their support has been outstanding. We were paired with an onboarding specialist who stayed with us for nine months during our first year and guided us all the way through completing our audit. Setting up Drata was straightforward, and the automated monitoring features worked well with just a bit of tuning for our environment. The workflows make it easy to manage controls, maneuver through the platform, and upload evidence. Overall, Drata has helped us stay extremely organized and efficient with our PCI compliance program. Review collected by and hosted on G2.com.

One area that could be improved is the level of detail provided within the control environment. Drata goes one or two layers deep, but for more complex compliance programs, it would be helpful if the platform went further into the nitty-gritty details. Another area is around certain automated monitoring features that rely on specific applications. Expanding support to a broader range of third-party tools would make the monitoring even more flexible and effective. Review collected by and hosted on G2.com.

As a relatively small organisation, Drata has truly been a game-changer for us. Without a large compliance team, we have still been able to make steady progress toward our compliance goals, thanks to the platform. Working alongside a responsive auditing partner, we found the initial implementation straightforward and easy to get started with. The automation features for evidence collection and continuous monitoring have saved us countless hours of manual effort. We rely on Drata daily to ensure that any issues are promptly reported to the appropriate team and resolved quickly. We also value how smoothly it integrates with our core tools, such as AWS, Microsoft 365, and Intune, and how it offers clear dashboards and guided workflows that make preparing for audits much less stressful. Review collected by and hosted on G2.com.

The only real negative we’ve experienced is that support can sometimes be slower than we would like to respond. However, this has been more than mitigated by our highly responsive Customer Success Manager, who has consistently gone above and beyond to keep us moving forward. Overall, this balance has meant issues never become blockers. I wouldn't hesitate to recommend Drata to any organization. Review collected by and hosted on G2.com.