Drata Reviews

Name: Drata
Brand: Drata
Rating: 3.8 (9 reviews)

Vendor: Drata

3.8 out of 5

9 reviews
88% willing to recommend

Leave a review

What is Drata?

Drata is a powerful tool for automating compliance processes, effectively reducing audit preparation time and continuously monitoring security controls. It is highly valued for its ability to integrate seamlessly with existing tech stacks and manage security for remote teams, ensuring adherence to standards like SOC 2 and HIPAA. Drata enhances organizational efficiency, improves workflows, and supports real-time compliance monitoring, making compliance management less stressful and more accurate.

Get the Drata Buyer's Guide and find out what your peers are saying about Drata, Wiz, Microsoft Defender for Cloud and more!

Drata is the #5 ranked solution in top Compliance Management solutions. PeerSpot users give Drata an average rating of 7.6 out of 10. Drata is most commonly compared to Wiz: Drata vs Wiz. Drata is popular among the large enterprise segment, accounting for 43% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.

Helped 881,082 peers since 2012

Featured Drata reviews

Jonathan Samples

Chief Technology Officer at Revyse

Drata helped us manage our SOC 2 compliance by automating the monitoring of our infrastructure, but overall, the platform didn't work effectively at all. Being fairly new SOC 2 compliance, understanding how the platform worked was really difficult to use. In particular, their UI shows many false positives, indicating that requirements are taken care of even when they're not. This makes it really difficult to manage and understand where we were in the process without being a compliance expert myself. A specific example of when the UI gave us a false positive is that there were several controls within the Drata platform that were completely monitored, such as ensuring that our databases are encrypted at rest. However, there are other controls that are a combination of monitored controls and manual evidence required, and they don't show that secondary requirement at all, even though it's what an actual auditor would require. Using Drata to understand the full scope of what we needed to accomplish and what we needed to provide evidence on was unsuccessful. I went back and forth between the auditor a dozen times and talked to the Drata team multiple times about trying to sort that out to ensure I actually had a punch list of things to do so that they understood the scope of what we needed, but couldn't get there. We eventually tried to cancel the subscription, but they refused, despite the platform not providing the value they promised. We attempted to get their Slack integration working so that we would be notified in real-time of any monitoring issues that were out of compliance, but ultimately, we couldn't get that to work. Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time. The complications with Drata extended the entire process by about six months and cost me probably 10 hours a week while we were still trying to get Drata to work, totaling about 40 hours of my time. I think Drata could be improved by changing it so that it reports the actual status of the controls and are more proactive about helping organizations at our stage of business get to compliance.

Read full review

Ace Sklar

Chief Information Security Officer at Northstar Security Consulting

I consider my team and myself to be advanced users of Drata, continually pushing the boundaries of use cases and feature requests. We were actively involved in enhancements related to metrics from the risk register and compliance areas, focusing on visualizing trends in risk closure over time and assessing tolerance levels across different categories. We engaged with customer success on improvements for the Trust Center, seeking metrics like the most downloaded documents, visitor analytics, and insights into which verticals access our site most frequently. This information is crucial for identifying hotspots and areas for improvement across sectors such as K-12, higher education, corporate, and government. The readiness state of compliance frameworks can sometimes be misleading. For instance, despite having been in SOC 2 Type II compliance for a few years and being 36 months into using Drata, our readiness metric may still show around 60%. This often doesn't reflect our readiness, which is closer to 90-100%. The score can be impacted by recent policy revisions, such as updates made in Q3 or Q4, which may not yet be reflected in the system. These nuances often require additional explanation regarding the reported readiness status.

Read full review

Johnny Chen

SecOps Engineer III at FINIX PAYMENTS, INC

There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations.

Read full review

Drata mindshare

As of January 2026, the mindshare of Drata in the Compliance Management category stands at 5.4%, down from 9.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Compliance Management Market Share Distribution
Product	Market Share (%)
Drata	5.4%
Wiz	19.4%
Microsoft Defender for Cloud	13.2%
Other	62.0%

Compliance Management

PeerResearch reports based on Drata reviews

Type	Title	Date
Category	Compliance Management	Jan 26, 2026	Download
Product	Reviews, tips, and advice from real users	Jan 26, 2026	Download
Comparison	Drata vs Wiz	Jan 26, 2026	Download
Comparison	Drata vs SentinelOne Singularity Cloud Security	Jan 26, 2026	Download
Comparison	Drata vs Vanta	Jan 26, 2026	Download

Valuable Features

Drata provides comprehensive integration within ecosystems like cloud services and HR systems enhancing compliance management automation. Its key features include specializing in security posture management, control editing, task management, and proactive audit processes. Users appreciate automated evidence generation and security scans. DCF mapping links controls effectively to frameworks like SAST and HIPAA. AI suggestions for infrastructure-as-code improve error resolution. Organizations find the platform valuable for InfoSec program building, despite some inflexibility in monitoring setup requirements.

"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."
"Drata offers APIs for every clause so that it can integrate into various platforms."
"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually.Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket.Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade.Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

Room for Improvement

Drata faces latency and high cost issues, with users experiencing difficulties in accessibility and user interface navigation. There are concerns about integration, real-time monitoring, and the accuracy of compliance readiness metrics. The platform's user experience is perceived as cumbersome, with challenging configurations and false positives. Customers find the new features underdeveloped and costly, while also struggling with API documentation and third-party interactions. Users recommend improvements in providing real-time insights and reducing the complexity of compliance management.

"Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."
"The existing features of Drata are already extensive and costly to integrate."
"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

ROI

Users reported significant benefits from using Drata, noting particularly that it streamlined their compliance processes and significantly reduced the time and resources needed for audit preparations. This efficiency translated into substantial cost savings and enhanced team productivity, which users felt positively impacted their ROI. They appreciated Drata’s automation capabilities for continuous compliance monitoring, which further minimized manual workloads and allowed them to allocate resources to other critical areas of development.

Pricing

Drata's pricing starts around $18,000 and can reach up to $30,000, depending on licensing and chosen frameworks. Many find it on the expensive side, but users emphasize its value if affordable. Small and medium-sized businesses typically find a sweet spot at $20,000. Cost-per-API contributes to its expensive nature. Compared to competitors like Vanta, Drata may be cheaper yet remains a costly tool. Pricing flexibility allows potential discounts through negotiation.

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."
"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."
"It's one of the more expensive options, but I think it's worth the money if you can afford it."

Popular Use Cases

Drata serves as a comprehensive platform for managing SOC 2 and ISO 27001 compliance, mitigating security vulnerabilities, and streamlining audit processes. Organizations utilize it to integrate seamlessly with cloud services, enhance security infrastructure, and efficiently store and manage audit evidence year-round. It is employed by companies to oversee internal security controls, achieve certifications, and operationalize compliance efforts, reducing reliance on disparate tools and auditors. Drata's integration aids compliance with standards like HIPAA, SOC 2, and PCI.

Service and Support

Drata's customer service has received mixed feedback. Some users praised the support team's technical expertise and quick response times, especially appreciating regular meetings and personal engagement. However, there were complaints about unresolved issues and unmet feature promises. The technical support generally received ratings between six and eight out of ten. TalkShare and auditing support are noted as efficient. Despite positive remarks about responsiveness, there were instances where solutions were not satisfactory.

Deployment

Drata's initial setup is described as user-friendly and accessible, benefiting individuals with security experience. Its integration wizard simplifies policy organization. Although some find accessing auditor permissions challenging, others acknowledge effective AWS integration. Bugs were encountered but resolved, with visibility into Drata's roadmap seen as a positive. Assigning a customer success manager aids in deployment. Five people are typically needed, and the setup process allows easy login through work emails or Google.

Scalability

Drata scores high for scalability, proving effective both for smaller firms and those aspiring for growth. Users appreciate its real-time monitoring, reporting, and task assignment features. It's ideal for small to medium-sized firms with limited employee numbers. While some users express satisfaction across different global locations and roles, others find some features could face challenges at a larger scale due to the lack of batch management capabilities.

Stability

Drata is described as having reliable stability, with ratings around nine out of ten. Users note occasional bugs, particularly after updates and for Mac systems, yet these are resolved swiftly. Minor issues like web UI bugs and an external Trust Center outage were reported. Users appreciate Drata’s speed and the absence of significant downtime or latency. While suitable for startups and medium-sized firms, larger enterprises may face more integration challenges.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Drata Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	5
Large Enterprise	2

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	92
Midsize Enterprise	29
Large Enterprise	93

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

18%

Financial Services Firm

10%

Manufacturing Company

Healthcare Company

University

Retailer

Transportation Company

Educational Organization

Outsourcing Company

Legal Firm

Consumer Goods Company

Comms Service Provider

Non Profit

Performing Arts

Real Estate/Law Firm

Construction Company

Energy/Utilities Company

Wholesaler/Distributor

Hospitality Company

Government

Media Company

Insurance Company

Pharma/Biotech Company

Recreational Facilities/Services Company

Compare Drata with alternative products

Learn more about Drata

Product Categories

Compliance Management

Popular Comparisons

Wiz vs Drata

Microsoft Defender for Cloud vs Drata

Varonis Platform vs Drata

Secureframe Comply vs Drata

Delve Automated Compliance Platform vs Drata

Hyperproof vs Drata

A-LIGN vs Drata

anecdotes vs Drata

Carbide Platform vs Drata

See all alternatives

Drata Reviews Summary
Author info	Rating	Review Summary
Chief Technology Officer at Revyse	0.5	I used Drata to manage our SOC 2 compliance, but the platform was confusing, inflexible, and time-consuming, with misleading UI and poor guidance, ultimately making the compliance process more difficult and extending it by several months.
Chief Information Security Officer at Northstar Security Consulting	4.5	I transitioned from spreadsheets to Drata for SOC2 compliance, appreciating its seamless integrations and automated control management. While it improved efficiency, readiness metrics can seem inaccurate. Despite this, Drata's trust enablement offers significant organizational value and cost-effectiveness.
SecOps Engineer III at FINIX PAYMENTS, INC	5.0	We use Drata as our GRC tool for audits like PCI and SOC 2 Type 2, benefiting from seamless integrations and improved security posture management. However, some new features need refinement, and the premium enhancements require careful consideration regarding costs and practicality.
Cyber Security Engineer at Rather Labs	4.0	I use Drata in my company for SOC 2 certification and AWS control tracking. I'd appreciate more granular configurations and better API documentation. Overall, the product serves its purpose, but there's room for improvement in specific functionality areas.
Independent consultant at Independent	4.0	I deploy services for compliance with standards like HIPAA and ISO 27001. Drata provides robust APIs and automation features, though it can be costly and complex compared to cheaper alternatives like ServiceNow. The support is excellent and responsive.
Founder at Viridis Security	4.0	I use Drata for compliance and audit processes, finding it valuable for simplifying evidence gathering and task management. However, better marketing is needed as it's often marketed incorrectly as a replacement for security experts.
Auditor at a tech vendor with 51-200 employees	4.0	I use Drata to obtain SOC 2 and ISO 27001 compliance. While helpful, improvements are needed, including comprehensive module access and bug fixes. I've tried other vendors, finding price and service balance crucial when choosing a compliance platform.
Senior Staff Auditor at a financial services firm with 51-200 employees	4.0	I use Drata as an information security auditor for SaaS and PaaS companies, appreciating its effective DCF mapping and secure Audit Hub. However, improvements like real-time monitoring are needed, and its interface navigation is time-consuming compared to other platforms.

Title	Rating	Mindshare	Recommending
Wiz	4.5	19.4%	96%	33 interviews Add to research
Microsoft Defender for Cloud	4.0	13.2%	93%	87 interviews Add to research

Drata Reviews

What is Drata?

Featured Drata reviews

Drata mindshare

PeerResearch reports based on Drata reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Drata with alternative products

Learn more about Drata

Related questions

Product Categories

Popular Comparisons