Veza Reviews

I have been using Veza for the past one and a half years, primarily for identity security and access governance. During this time, I have used it to gain visibility into permissions, understand who has access to what resources, and help improve access management across different systems.

In my day-to-day work, the common use case of Veza is access visibility and entitlement reviews. For example, I use it to identify who has access to critical infrastructure, cloud resources, and sensitive applications across the organization.

One significant benefit of Veza is how it helps centralize access visibility across different systems. Traditionally, access reviews require checking multiple applications, cloud platforms, and identity sources separately. With Veza, I can see permissions and relationships in a single place, which makes reviews much faster and more accurate. It is also useful for audit and compliance activities.

Veza offers great access visibility, identity intelligence, and governance capabilities. One of the standout features is end-to-end access visibility. Veza provides a clear view of who has access to what across cloud platforms, applications, data systems, and infrastructure, making it much easier to understand permissions and identify risks. Another key feature is its identity graph and relationship mapping.

Instead of looking at permissions, Veza allows me to directly show how users, role groups, and resources are connected. It is one of the most valuable features. Instead of simply showing that a user has access to a resource, it maps the entire relationship chain, such as the user, their group members, assigned roles, inherited permissions, and the actual resources they can access. This creates a clear picture of how and what access is granted.

Veza provides access risk analysis and least privilege recommendations. Beyond simply showing who has access, it helps identify excessive permissions, unused access, and potential security risks. This allows teams to proactively reduce their attack surface rather than waiting for an audit and security incident. I also appreciate its cross-platform visibility.

One of the biggest improvements since using Veza is that I have a much clearer understanding of who has access to critical systems and resources across the environment. This has significantly reduced the time spent on access reviews. I have also improved my least privilege initiatives by identifying excessive or unnecessary access and remediating it more efficiently. This has helped strengthen the overall security posture.

Veza is a strong platform, but there are a few areas where it could improve. One area is dashboard customization and reporting flexibility. Another improvement would be simplifying onboarding and initial integration, as well as adding advanced analytics and risk prioritization.

Additional points about needed improvements include the challenge I face in understanding very complex permission structures in larger environments. Another area of improvement is automation around implementing remediation. I would also like to see expanded integration coverage and out-of-the-box templates for access reviews, compliance reporting, and governance workflows.

I have been using Veza for the past one and a half years.

Veza is very stable for my organization, and I have not experienced any outages or issues.

Veza's scalability is very good. I have not faced any issues, and its elasticity is very good when compared to standard tools. I would recommend its scalability.

The customer support for Veza is very useful. It is a ticket-based system where I raise a ticket, and the respective teams help to review and solve the tickets. Overall, the experience with customer support is very good.

I did not use a different solution before. I only used native IAM tools, but this is the first switch that I am making.

I have seen measurable benefits with Veza, including a twenty-five to thirty-five percent optimization in access investigation and audit preparation, a thirty to forty percent reduction in access review efforts, and a twenty-five to thirty-five percent increase in speed for audits and investigations. It also reduced the manual overload for security and governance and improved productivity without needing any additional resources.

The pricing is very competitive. When comparing to the large providers, it is somewhat reasonable. The setup cost is also comparative to the infrastructure, so if I am using on-premises, then I need to only pay for the licenses. Otherwise, I have to pay for every infrastructure cost as well.

I did not evaluate any other options and went directly to Veza.

My advice for others looking into using Veza is to proceed with it, as it involves a very complicated graph relation. Overall, Veza is a very good platform. I would rate this review an eight out of ten.

My main use case for Veza is to use it for authentication and to determine who can access what and what can be accessed by the system or organization users. We set permissions for cloud platforms across the organization to our database and other tools using Veza, managing who can access the data, what they can access such as user roles and resource permissions.

The best features Veza offers in my experience are access visibility to see who can access what and which parts, relationship mapping of a user to roles, policies and resources, and risk detection such as over-permission and unused permission privileges. I can perform audit compliance using those features and the platform supports multiple platforms.

Out of those features, I find risk detection to be the most valuable in my day-to-day work because I can check who has over-permission or unused permissions and understand relationship mapping and access visibility.

Veza has positively impacted my organization by improving access for our users, allowing us to check the user and perform auditing for our system or organization. We are now able to implement least privilege practices, which has made our organization and system more secure.

Veza can be improved as it is currently not suitable for small projects due to its high cost, complex setup, and requirement for more integration with multiple systems. Additionally, there are no enforcement tools available, only visibility and insights, which I would like to see improved.

I have been using Veza for six to seven months.

In my experience, Veza is stable.

Veza's scalability is good.

The customer support is good.

We have not previously used a different solution.

I have seen a return on investment as fewer employees are needed because we are now able to manage access using Veza, which has made our work easier.

My experience with pricing, setup cost, and licensing is that the pricing is much higher and the setup is very complex.

Before choosing Veza, we decided to evaluate other options but selected Veza because of the ratings and reviews.

My advice to others looking into using Veza is that if they want to manage their system organization's access and policies, perform mapping from user to policy and resource, detect the risk for users' over-permissions and unused permissions, and audit multiple supported platforms, they should consider using it. I would rate this product an 8 out of 10.

We are currently in the implementation stages of Vanta. It's been challenging to build out as it is not as intuitive as OneTrust, especially in terms of scoping and needs.

Vanta has made the security questionnaire process much easier, thanks to AI. It automatically extracts answers and populates them within the SIG. 

The custom control framework allows me to incorporate our HITRUST controls and additional ISO twenty-seven thousand and one and financial controls.

Moreover, it includes a knowledge bank for questionnaires and RFPs, making information updates more streamlined.

The most valuable features of Vanta are the custom framework option and the support services. It's the only current GRC vendor with licensing rights for HITRUST 11.3 framework, and I've avoided expensive HITRUST licensing costs through a custom control framework.

The support experience could be better. We often need to escalate our issues to the account executive to receive a response, especially when support is needed for integrations.

We started using Vanta about three months ago.

So far, I would rate the stability of the product as ten out of ten, with no issues in that regard.

In terms of scalability, I would rate it better than OneTrust, giving it an eight out of ten. It accommodates small, lean teams or larger public organizations, providing a holistic view of compliance without being limited by capacity.

Although I've read that others have had issues with Vanta's support, our experience involves having to escalate matters to our account executive to get a response. 

The support team itself has been less responsive, which can be problematic when integrating and building out the platform.

Neutral

The overall price point of Vanta is commendable, especially considering the custom control framework that allows me to evade the high costs associated with HITRUST licensing.

The test feature of Vanta is great, making it a recommendable product to others.

I'd rate the solution eight out of ten.