Drata unveils platform enhancements to automate GRC processes

Drata launched two highly anticipated capabilities: Role-Based Access Control (RBAC) and User Access Reviews (UAR).

The addition of Role-Based Access Control enables even more partitioned access to various elements of the Drata platform to better manage compliance programs. And with Drata’s User Access Reviews offering, customers can automate the pulling of access levels of all employees across all the applications they use and easily review that access on a recurring basis.

Full visibility into a compliance program requires managing and monitoring employee access and permissions—it’s a fundamental capability that allows GRC teams to maintain compliance and build trust effectively. Role-Based Access Control gives Drata customers the ability to ensure that employees and teams only have access to the necessary information required for their job roles, minimizing risk and protecting business-sensitive data.

User Access Reviews automates the access management review process, making it easy to spot unwanted user access issues while integrating with common ticketing solutions such as Jira and ServiceNow to track and provide evidence of remediation across organizations.

The addition of Role-Based Access Control and User Access Reviews to Drata allows multiple teams to securely work together, eliminating the use of time-consuming, fragmented tools to ensure that only the people that should have access to systems, have access.

“Role Based Access Control is a must-have for us in order to help protect business-sensitive information. This latest addition from Drata provides us greater configurability to ensure that our teams and those involved only have access and visibility to what they need to, while still being able to collaborate on our compliance needs,” said Brian Zabeti, Security and Compliance Manager at Pliancy.

“With User Access Reviews, Drata allows us to automatically pull relevant data from all of our Okta-connected integrations, giving us much needed granular visibility into the level of user access with critical systems,” said Lesley Heizman, Risk and Compliance Manager at Lucidworks. “We’re continuously impressed by the evolution of the Drata platform and how much we are able to further seamlessly manage our GRC program.”

In addition to Role-Based Access Control and User Access Reviews, Drata is also launching:

• Control Readiness Approval enhancements that provide customers with greater flexibility and control when managing and determining a control’s readiness status in Drata.
• Evidence Library with Cloud Storage to simplify the control evidence upload, linking, and storage process. Evidence Library has been updated to allow customers to connect to a cloud storage provider (such as Google, Dropbox, OneDrive, etc.) and upload evidence directly from their cloud storage drive.

“Whether you’re an emerging startup or enterprise organization, all companies need to have a solid understanding and ability to govern the entry points and access levels to their systems; it’s foundational in maintaining a healthy security compliance posture,” said Adam Markowitz, Drata CEO. “Our latest enhancements give our customers the flexibility to proactively manage and automate access reviews within Drata as well as increase their control over their tech stack, all in one centralized platform.”