Drata Reviews

Name: Drata
Brand: Drata
Rating: 4.0 (10 reviews)

Vendor: Drata

4.0 out of 5

10 reviews
90% willing to recommend

Leave a review

What is Drata?

Drata is a powerful tool for automating compliance processes, effectively reducing audit preparation time and continuously monitoring security controls. It is highly valued for its ability to integrate seamlessly with existing tech stacks and manage security for remote teams, ensuring adherence to standards like SOC 2 and HIPAA. Drata enhances organizational efficiency, improves workflows, and supports real-time compliance monitoring, making compliance management less stressful and more accurate.

Get the Drata Buyer's Guide and find out what your peers are saying about Drata, Wiz, Microsoft Defender for Cloud and more!

Drata is the #5 ranked solution in top Compliance Management solutions. PeerSpot users give Drata an average rating of 8.0 out of 10. Drata is most commonly compared to Wiz: Drata vs Wiz. Drata is popular among the large enterprise segment, accounting for 43% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 883,760 peers since 2012

Featured Drata reviews

Jacqueline Segooa

Cybersecurity Governance Specialist at Suse

At the moment, integrating Drata with other AIs would be beneficial. I am not too sure if it is something that can be done or if it is possible, but I am not aware. Integrating it with AI where maybe with regards to evidence collection, I would not have to be collecting the evidence manually would be helpful. When you are managing a lot of frameworks, it is a lot of work to actually individually and manually upload all the evidence in Drata. If maybe there is an AI which can be able to automate that kind of a workflow, and obviously as human beings, we will have to do a human error check, I think it would be amazing. I am not too sure if maybe at the moment it is something that is in place and I am not aware of, but I think it would be great.Integrations within my team are managed by someone, but I do have an idea about Drata's automated control monitoring. For example, with tests, there are certain systems such as AWS that has been integrated with Drata, and it tests those systems and puts them as part of evidence. For example, data encryption at rest. We can put it a test and integrate it with AWS, and then it will automatically test the encryption in data at rest. If the test has failed, you will see it. When I log in to check all the controls that have failed, it will show on Drata that the test has failed. Then I will be able to coordinate with the relevant stakeholders and tell them that it needs to be fixed. I would like Drata to make the user interface more intuitive.

Read full review

Jonathan Samples

Chief Technology Officer at Revyse

Drata helped us manage our SOC 2 compliance by automating the monitoring of our infrastructure, but overall, the platform didn't work effectively at all. Being fairly new SOC 2 compliance, understanding how the platform worked was really difficult to use. In particular, their UI shows many false positives, indicating that requirements are taken care of even when they're not. This makes it really difficult to manage and understand where we were in the process without being a compliance expert myself. A specific example of when the UI gave us a false positive is that there were several controls within the Drata platform that were completely monitored, such as ensuring that our databases are encrypted at rest. However, there are other controls that are a combination of monitored controls and manual evidence required, and they don't show that secondary requirement at all, even though it's what an actual auditor would require. Using Drata to understand the full scope of what we needed to accomplish and what we needed to provide evidence on was unsuccessful. I went back and forth between the auditor a dozen times and talked to the Drata team multiple times about trying to sort that out to ensure I actually had a punch list of things to do so that they understood the scope of what we needed, but couldn't get there. We eventually tried to cancel the subscription, but they refused, despite the platform not providing the value they promised. We attempted to get their Slack integration working so that we would be notified in real-time of any monitoring issues that were out of compliance, but ultimately, we couldn't get that to work. Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time. The complications with Drata extended the entire process by about six months and cost me probably 10 hours a week while we were still trying to get Drata to work, totaling about 40 hours of my time. I think Drata could be improved by changing it so that it reports the actual status of the controls and are more proactive about helping organizations at our stage of business get to compliance.

Read full review

Ace Sklar

Chief Information Security Officer at Northstar Security Consulting

I consider my team and myself to be advanced users of Drata, continually pushing the boundaries of use cases and feature requests. We were actively involved in enhancements related to metrics from the risk register and compliance areas, focusing on visualizing trends in risk closure over time and assessing tolerance levels across different categories. We engaged with customer success on improvements for the Trust Center, seeking metrics like the most downloaded documents, visitor analytics, and insights into which verticals access our site most frequently. This information is crucial for identifying hotspots and areas for improvement across sectors such as K-12, higher education, corporate, and government. The readiness state of compliance frameworks can sometimes be misleading. For instance, despite having been in SOC 2 Type II compliance for a few years and being 36 months into using Drata, our readiness metric may still show around 60%. This often doesn't reflect our readiness, which is closer to 90-100%. The score can be impacted by recent policy revisions, such as updates made in Q3 or Q4, which may not yet be reflected in the system. These nuances often require additional explanation regarding the reported readiness status.

Read full review

Drata mindshare

As of March 2026, the mindshare of Drata in the Compliance Management category stands at 5.1%, down from 8.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Compliance Management Mindshare Distribution
Product	Mindshare (%)
Drata	5.1%
Wiz	17.4%
Microsoft Defender for Cloud	12.8%
Other	64.7%

Compliance Management

PeerResearch reports based on Drata reviews

Type	Title	Date
Category	Compliance Management	Mar 9, 2026	Download
Product	Reviews, tips, and advice from real users	Mar 9, 2026	Download
Comparison	Drata vs Wiz	Mar 9, 2026	Download
Comparison	Drata vs SentinelOne Singularity Cloud Security	Mar 9, 2026	Download
Comparison	Drata vs Vanta	Mar 9, 2026	Download

Valuable Features

Drata's integrations connect seamlessly with various systems, automating control management and simplifying compliance processes. The platform centralizes activities, supports security posture management, and offers an Audit Hub for safe data sharing. Features include infrastructure scanning, API support, and real-time dashboards. Drata's AI suggestions enhance compliance efficiency, and its control editing and task management streamline audits. The tool eliminates evidence gathering and facilitates effective GRC operations. Drata's robust integration capabilities reduce manual compliance efforts.

"Overall, Drata as a tool has brought a lot of improvements within the GRC team, and having to centralize everything in one system, mapping the controls within one system, performing audits within one system, monitoring policies within one system, and doing risk management within one system is something that in GRC, speaking from a GRC perspective in cybersecurity, has been very impactful and effective within the team."
"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."
"Drata offers APIs for every clause so that it can integrate into various platforms."

Room for Improvement

Users find the readiness metric can be misleading and require better accuracy in compliance frameworks. They experience UI issues, latency, and cost concerns. They express a need for real-time monitoring, better integration with AI, and enhanced API documentation. Enhancements in feature polishing and marketing are desired. Multi-tab functionality and improved management of manual evidence processes are sought for efficiency.

"There was one instance where our auditors could not access the Audit Hub in Drata, and it was not really something that was wrong from our company side."
"Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."
"The existing features of Drata are already extensive and costly to integrate."

ROI

Users reported significant benefits from using Drata, noting particularly that it streamlined their compliance processes and significantly reduced the time and resources needed for audit preparations. This efficiency translated into substantial cost savings and enhanced team productivity, which users felt positively impacted their ROI. They appreciated Drata’s automation capabilities for continuous compliance monitoring, which further minimized manual workloads and allowed them to allocate resources to other critical areas of development.

Pricing

Drata's pricing for enterprise buyers varies based on purchased frameworks and advanced capabilities. Prices range from $18,000 to $30,000 with many finding a balance around $20,000. While some consider it expensive, especially with API costs, others find it competitively priced versus competitors like Vanta and AuditBoard. Discounts may be available through negotiation. Users describe it as reasonable and valuable for businesses needing robust security assessment without dedicated teams.

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."
"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."
"It's one of the more expensive options, but I think it's worth the money if you can afford it."

Popular Use Cases

Companies use Drata primarily for managing SOC 2 compliance. They shifted from spreadsheets to this platform for organizing documents and schedules, ensuring effective security control checks, achieving SOC 2 and ISO 27001 compliance, and reducing infrastructure vulnerabilities. Firms benefit from its seamless integration with cloud services and centralization of audit evidence. Drata facilitates internal audit support, control mapping, and policy management, allowing external auditors easy access to necessary information within a unified system.

Service and Support

Customer service at Drata is praised for responsiveness and frequent interactions, creating a positive experience. Technical support receives mixed ratings, with some finding it excellent while others see room for improvement. Drata's team provides quick responses, especially for auditing issues, and is described as top-notch. While some users report unfulfilled feature promises, others find customer success meetings valuable. Responses are often quick, typically within an hour, enhancing user satisfaction.

Deployment

Users found Drata's initial setup straightforward and user-friendly. Some noted swift bug resolutions by their team, and visibility into the roadmap was appreciated. The integration wizard and customer success managers were valuable for organizing policies and addressing unready controls. Although some experienced issues with client permissions and auditor access, the tool was generally easy to use and integrated well with AWS services. Users appreciated the tool's ability to support their privacy and legal teams.

Scalability

Drata has strong scalability, suitable for different roles in global companies. Its real-time reporting assists in monitoring and streamlining processes. It offers benefits for startups and smaller organizations, making communication and task assignment efficient. While suitable for mid-sized businesses, challenges exist for larger enterprises due to specific feature limitations. Users find Drata reliable for compliance across locations and appreciate its ability to centralize data and improve audit reporting.

Stability

Drata's stability receives mostly high marks, with users noting occasional minor bugs and outages. Some challenges arise during integration, particularly for larger enterprises, with updates introducing new bugs. Issues have been reported during auditor sessions, but typically, resolutions are swift. Mac users occasionally face more stability concerns. Users describe Drata as fast and reliable, without significant downtime or latency issues. Stability ratings range from eight to nine and a half out of ten.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Drata Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	5
Large Enterprise	3

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	86
Midsize Enterprise	29
Large Enterprise	88

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

10%

Manufacturing Company

University

Healthcare Company

Retailer

Educational Organization

Outsourcing Company

Transportation Company

Consumer Goods Company

Legal Firm

Comms Service Provider

Real Estate/Law Firm

Non Profit

Performing Arts

Construction Company

Wholesaler/Distributor

Energy/Utilities Company

Marketing Services Firm

Hospitality Company

Media Company

Recreational Facilities/Services Company

Pharma/Biotech Company

Compare Drata with alternative products

Learn more about Drata

Product Categories

Compliance Management

Popular Comparisons

Wiz vs Drata

Microsoft Defender for Cloud vs Drata

Varonis Platform vs Drata

Vanta vs Drata

Sprinto vs Drata

Thoropass vs Drata

Secureframe Comply vs Drata

Delve Automated Compliance Platform vs Drata

Hyperproof vs Drata

A-LIGN vs Drata

anecdotes vs Drata

Carbide Platform vs Drata

See all alternatives

Drata Reviews Summary
Author info	Rating	Review Summary
Cybersecurity Governance Specialist at Suse	5.0	I use Drata for control mapping, evidence uploads, audits, policies, and some risk work. It centralizes GRC tasks and gives clear compliance dashboards; integrations like AWS help automate tests. I want a more intuitive UI and AI-assisted evidence collection.
Chief Technology Officer at Revyse	0.5	I used Drata to manage our SOC 2 compliance, but the platform was confusing, inflexible, and time-consuming, with misleading UI and poor guidance, ultimately making the compliance process more difficult and extending it by several months.
Chief Information Security Officer at Northstar Security Consulting	4.5	I transitioned from spreadsheets to Drata for SOC2 compliance, appreciating its seamless integrations and automated control management. While it improved efficiency, readiness metrics can seem inaccurate. Despite this, Drata's trust enablement offers significant organizational value and cost-effectiveness.
SecOps Engineer III at FINIX PAYMENTS, INC	5.0	We use Drata as our GRC tool for audits like PCI and SOC 2 Type 2, benefiting from seamless integrations and improved security posture management. However, some new features need refinement, and the premium enhancements require careful consideration regarding costs and practicality.
Cyber Security Engineer at Rather Labs	4.0	I use Drata in my company for SOC 2 certification and AWS control tracking. I'd appreciate more granular configurations and better API documentation. Overall, the product serves its purpose, but there's room for improvement in specific functionality areas.
Independent consultant at Independent	4.0	I deploy services for compliance with standards like HIPAA and ISO 27001. Drata provides robust APIs and automation features, though it can be costly and complex compared to cheaper alternatives like ServiceNow. The support is excellent and responsive.
Founder at Viridis Security	4.0	I use Drata for compliance and audit processes, finding it valuable for simplifying evidence gathering and task management. However, better marketing is needed as it's often marketed incorrectly as a replacement for security experts.
Auditor at a tech vendor with 51-200 employees	4.0	I use Drata to obtain SOC 2 and ISO 27001 compliance. While helpful, improvements are needed, including comprehensive module access and bug fixes. I've tried other vendors, finding price and service balance crucial when choosing a compliance platform.

Title	Rating	Mindshare	Recommending
Wiz	4.4	17.4%	97%	37 interviews Add to research
Microsoft Defender for Cloud	4.0	12.8%	93%	87 interviews Add to research

Drata Reviews

What is Drata?

Featured Drata reviews

Drata mindshare

PeerResearch reports based on Drata reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Drata with alternative products

Learn more about Drata

Related questions

Product Categories

Popular Comparisons