Try our new research platform with insights from 80,000+ expert users
Drata Logo

Drata Reviews

Vendor: Drata
3.8 out of 5
Leave a review

What is Drata?

Drata is a powerful tool for automating compliance processes, effectively reducing audit preparation time and continuously monitoring security controls. It is highly valued for its ability to integrate seamlessly with existing tech stacks and manage security for remote teams, ensuring adherence to standards like SOC 2 and HIPAA. Drata enhances organizational efficiency, improves workflows, and supports real-time compliance monitoring, making compliance management less stressful and more accurate.

Get the Drata Buyer's Guide and find out what your peers are saying about Drata, Wiz, Microsoft Defender for Cloud and more!
Drata is the #4 ranked solution in top Compliance Management solutions. PeerSpot users give Drata an average rating of 7.6 out of 10. Drata is most commonly compared to Wiz: Drata vs Wiz. Drata is popular among the large enterprise segment, accounting for 45% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Buyer's Guide
Drata
August 2025
Get the report
Helped 866,300 peers since 2012

Featured Drata reviews

Read more reviews

Drata mindshare

As of August 2025, the mindshare of Drata in the Compliance Management category stands at 6.7%, down from 15.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Compliance Management Market Share Distribution
ProductMarket Share (%)
Drata6.7%
Wiz29.5%
Microsoft Defender for Cloud17.6%
Other46.199999999999996%
Compliance Management

PeerResearch reports based on Drata reviews

TypeTitleDate
CategoryCompliance ManagementAug 31, 2025Download
ProductReviews, tips, and advice from real usersAug 31, 2025Download
ComparisonDrata vs SentinelOne Singularity Cloud SecurityAug 31, 2025Download
ComparisonDrata vs WizAug 31, 2025Download
ComparisonDrata vs VantaAug 31, 2025Download
Suggested products
TitleRatingMindshareRecommending
Wiz4.529.5%95%22 interviewsAdd to research
Microsoft Defender for Cloud4.017.6%94%78 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Drata provides comprehensive integration within ecosystems like cloud services and HR systems enhancing compliance management automation. Its key features include specializing in security posture management, control editing, task management, and proactive audit processes. Users appreciate automated evidence generation and security scans. DCF mapping links controls effectively to frameworks like SAST and HIPAA. AI suggestions for infrastructure-as-code improve error resolution. Organizations find the platform valuable for InfoSec program building, despite some inflexibility in monitoring setup requirements.
  • "My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."
  • "Drata offers APIs for every clause so that it can integrate into various platforms."
  • "Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually.Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket.Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade.Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

Room for Improvement

Drata faces latency and high cost issues, with users experiencing difficulties in accessibility and user interface navigation. There are concerns about integration, real-time monitoring, and the accuracy of compliance readiness metrics. The platform's user experience is perceived as cumbersome, with challenging configurations and false positives. Customers find the new features underdeveloped and costly, while also struggling with API documentation and third-party interactions. Users recommend improvements in providing real-time insights and reducing the complexity of compliance management.
  • "Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."
  • "The existing features of Drata are already extensive and costly to integrate."
  • "There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

ROI

Users reported significant benefits from using Drata, noting particularly that it streamlined their compliance processes and significantly reduced the time and resources needed for audit preparations. This efficiency translated into substantial cost savings and enhanced team productivity, which users felt positively impacted their ROI. They appreciated Drata’s automation capabilities for continuous compliance monitoring, which further minimized manual workloads and allowed them to allocate resources to other critical areas of development. 

Pricing

Drata's pricing starts around $18,000 and can reach up to $30,000, depending on licensing and chosen frameworks. Many find it on the expensive side, but users emphasize its value if affordable. Small and medium-sized businesses typically find a sweet spot at $20,000. Cost-per-API contributes to its expensive nature. Compared to competitors like Vanta, Drata may be cheaper yet remains a costly tool. Pricing flexibility allows potential discounts through negotiation.
  • "Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."
  • "I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."
  • "It's one of the more expensive options, but I think it's worth the money if you can afford it."

Popular Use Cases

Drata serves as a comprehensive platform for managing SOC 2 and ISO 27001 compliance, mitigating security vulnerabilities, and streamlining audit processes. Organizations utilize it to integrate seamlessly with cloud services, enhance security infrastructure, and efficiently store and manage audit evidence year-round. It is employed by companies to oversee internal security controls, achieve certifications, and operationalize compliance efforts, reducing reliance on disparate tools and auditors. Drata's integration aids compliance with standards like HIPAA, SOC 2, and PCI.

Service and Support

Drata's customer service has received mixed feedback. Some users praised the support team's technical expertise and quick response times, especially appreciating regular meetings and personal engagement. However, there were complaints about unresolved issues and unmet feature promises. The technical support generally received ratings between six and eight out of ten. TalkShare and auditing support are noted as efficient. Despite positive remarks about responsiveness, there were instances where solutions were not satisfactory.

Deployment

Drata's initial setup is described as user-friendly and accessible, benefiting individuals with security experience. Its integration wizard simplifies policy organization. Although some find accessing auditor permissions challenging, others acknowledge effective AWS integration. Bugs were encountered but resolved, with visibility into Drata's roadmap seen as a positive. Assigning a customer success manager aids in deployment. Five people are typically needed, and the setup process allows easy login through work emails or Google.

Scalability

Drata scores high for scalability, proving effective both for smaller firms and those aspiring for growth. Users appreciate its real-time monitoring, reporting, and task assignment features. It's ideal for small to medium-sized firms with limited employee numbers. While some users express satisfaction across different global locations and roles, others find some features could face challenges at a larger scale due to the lack of batch management capabilities.

Stability

Drata is described as having reliable stability, with ratings around nine out of ten. Users note occasional bugs, particularly after updates and for Mac systems, yet these are resolved swiftly. Minor issues like web UI bugs and an external Trust Center outage were reported. Users appreciate Drata’s speed and the absence of significant downtime or latency. While suitable for startups and medium-sized firms, larger enterprises may face more integration challenges.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Drata Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business5
Large Enterprise2
By reviewers
By visitors reading reviews
Company SizeCount
Small Business138
Midsize Enterprise46
Large Enterprise153
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
20%
Financial Services Firm
8%
University
7%
Manufacturing Company
6%
Retailer
6%
Healthcare Company
5%
Comms Service Provider
4%
Insurance Company
4%
Educational Organization
4%
Performing Arts
4%
Energy/Utilities Company
4%
Outsourcing Company
3%
Real Estate/Law Firm
3%
Legal Firm
3%
Non Profit
3%
Wholesaler/Distributor
3%
Construction Company
3%
Hospitality Company
2%
Government
2%
Transportation Company
2%
Consumer Goods Company
2%
Media Company
1%
Recreational Facilities/Services Company
1%
Pharma/Biotech Company
1%
Logistics Company
1%

Compare Drata with alternative products

Go!

Learn more about Drata

Related questions

  • 20
When evaluating Compliance Management, what aspect do you think is the most important to look for?
  • 21
Why is Compliance Management important for companies?

Product Categories

Product Categories
Compliance Management

Popular Comparisons

Popular Comparisons
Wiz vs Drata Logo
Wiz vs Drata
Microsoft Defender for Cloud vs Drata Logo
Microsoft Defender for Cloud vs Drata
Varonis Platform vs Drata Logo
Varonis Platform vs Drata
Vanta vs Drata Logo
Vanta vs Drata
Sprinto vs Drata Logo
Sprinto vs Drata
Thoropass vs Drata Logo
Thoropass vs Drata
Secureframe Comply vs Drata Logo
Secureframe Comply vs Drata
A-LIGN vs Drata Logo
A-LIGN vs Drata
Hyperproof vs Drata Logo
Hyperproof vs Drata
See all alternatives
 
Drata Reviews Summary
Author infoRatingReview Summary
Chief Information Security Officer at Northstar Security Consulting4.5I transitioned from spreadsheets to Drata for SOC2 compliance, appreciating its seamless integrations and automated control management. While it improved efficiency, readiness metrics can seem inaccurate. Despite this, Drata's trust enablement offers significant organizational value and cost-effectiveness.
Chief Technology Officer at Revyse0.5I used Drata to manage our SOC 2 compliance, but the platform was confusing, inflexible, and time-consuming, with misleading UI and poor guidance, ultimately making the compliance process more difficult and extending it by several months.
SecOps Engineer III at FINIX PAYMENTS, INC5.0We use Drata as our GRC tool for audits like PCI and SOC 2 Type 2, benefiting from seamless integrations and improved security posture management. However, some new features need refinement, and the premium enhancements require careful consideration regarding costs and practicality.
Independent consultant at Independent4.0I deploy services for compliance with standards like HIPAA and ISO 27001. Drata provides robust APIs and automation features, though it can be costly and complex compared to cheaper alternatives like ServiceNow. The support is excellent and responsive.
Auditor at a tech vendor with 51-200 employees4.0I use Drata to obtain SOC 2 and ISO 27001 compliance. While helpful, improvements are needed, including comprehensive module access and bug fixes. I've tried other vendors, finding price and service balance crucial when choosing a compliance platform.
Founder at Viridis Security4.0I use Drata for compliance and audit processes, finding it valuable for simplifying evidence gathering and task management. However, better marketing is needed as it's often marketed incorrectly as a replacement for security experts.
Cyber Security Engineer at Rather Labs4.0I use Drata in my company for SOC 2 certification and AWS control tracking. I'd appreciate more granular configurations and better API documentation. Overall, the product serves its purpose, but there's room for improvement in specific functionality areas.
Cloud and DevOps Engineer at Betaque4.5I used Drata for a project requiring SOC 2 compliance, finding it effective in identifying and addressing security loopholes. While it seamlessly integrates with cloud services and provides valuable guidance, it suffers from latency issues and is quite costly.