ICYMI at Drataverse: Enhanced Access and Control
We recently hosted our first ever Drataverse Digital, giving guests a first look at a variety of features and offerings that enhance the way organizations manage access and control within their compliance programs.
We recently hosted our first ever Drataverse Digital, giving guests a first look at a variety of features and offerings that enhance the way organizations manage access and control within their compliance programs. And for those that missed it, we’re recapping the whole thing. Let’s get into it.
Welcome From CEO Adam Markowitz
Adam set the tone for the event by emphasizing Drata's mission to build trust in the cloud. Our commitment to anticipating our customers’ needs as they establish and maintain compliance is what drives our product.
Moreover, Adam touched on the delicate balancing act many businesses face between freedom and governance, especially surrounding access, control, and the systems organizations use every day. How can businesses grant their teams the freedom they need to move fast, but also still control and consistently review employee access to these very systems?
Empowering teams to move fast helps achieve results, and with Drata’s new access and control features, you no longer have to risk the safety of your compliance and security posture in order to make serious strides.
But there’s no need to take our word for it. Adam kicked off the event the same way he kicks off our company meetings—with a customer quote.
“Most often the work to prepare for an IT diligence review, including completing responses to the security survey and meeting with the compliance team, falls on the APL tech team. This means that the sales team has to wait for the IT team to find time to collect the specific information the prospective school has requested. This may slow down the sales process and disrupt the development roadmap schedule.
To solve this problem, we knew we needed to pursue SOC 2 compliance and to find some way to easily document, track and report." —Chris Bake, CTO APL nextEd
Product Overview From Brian Elmi, VP of Product
Doubling down on our customer-centric values, Brian Elmi focused on just how much we factor customer feedback into everything we build.
Here’s a quick look at some of the feedback our customers gave us and how we solved for it with our new launch.
Customer Feedback | Our Solution |
|---|---|
Customers want to review access across their organization. Making sure the right individuals have access to the right apps with the correct permissions is time consuming and needs a streamlined process. | Centralized Access Review Centralized Access Review automates the access review process by pulling the apps, their users and access levels into Drata. We are starting this with Okta and expanding to other applications soon. For those using applications other than Okta, our partnership with Wing Security will support you seamlessly performing your access reviews. |
Customers want a proper control review and approval chain in their process. Having a control review and approval process is critical to ensure a consistent and standardized process that drives accountability across the organization. | Control Readiness Approval Control Readiness Approval adds an automated workflow to ensure your team member determines if a control is ready or not. |
Customers want to easily bring external evidence in. External evidence might be stored in shared cloud drives which customers need to access efficiently and bring into Drata without having to toggle between multiple tools. | One-Click Document Upload One-Click Document Upload syncs external documents stored in external cloud storage providers, removing the manual process of downloading and re-uploading documents. |
Customers want to keep their teams efficient while managing their access. Effectively managing the workload and access employees have to various parts of their organization’s GRC platform reduces risk and boosts productivity. | Role-Based Access Management and Control Role-Based Access Management and Control minimizes risk and protects business-critical data by ensuring the right people have access to the right information required for their job roles. Plus, employers can see their team’s workload in one place. |
Discovering the Future of Access and Control
One of the core announcements of Drataverse Digital was role-based access control (RBAC) and User Access Reviews (UAR) and their pivotal role in ensuring the security of your business.
Role-Based Access Control (RBAC)
Role-Based Access Control is an absolute must when it comes to keeping your teams efficient while reducing the risk of a security breach. Our three new predefined roles and enhancements make Drata even more flexible in configuring the right access based on your team members’ core responsibilities:
Control Manager: This role is designed for control owners, giving them access to view controls, provide evidence, and maintain compliance within their assigned controls.
Personnel Compliance Manager: Ideal for HR and People Operations personnel, this role enables the management of background checks and personnel employment status.
Policy Manager: Created for those responsible for creating, editing, reviewing, and approving policies, this role streamlines policy management in the Policy Center.
User Access Reviews (UAR)
User Access Reviews are an essential part of ensuring the right individuals have access to critical systems and data. We introduced several features to make UAR more effective and efficient:
New Dashboard: A user-friendly dashboard for Access Reviews to simplify the review process.
Integration With Identity Providers: Drata can now connect to over 500+ systems via your Identity Provider (e.g., Okta) to pull user access data.
Real-Time Compliance: Access reviews can now be conducted in real-time, ensuring that user access levels remain within compliance 24/7.
Control Readiness Approvals
Maintaining control readiness is crucial for organizations to proactively handle challenges and stay resilient and efficient in managing security and compliance. So, we built Control Readiness Approval:
Easy Setup: This capability allows organizations to set up internal reviews and approvals for controls before marking them as "Ready."
Customization: Users can assign approvers and set approval deadlines, and multiple approvers can be assigned if needed.
Visibility: The control drawer provides a clear view of the control readiness approval stage, list of approvers, and deadlines.
Task Management: A new task is automatically created in the Task List called "Required approvals," ensuring nothing falls through the cracks.
Evidence Library
There’s no question that evidence is the backbone of any compliance audit, and with Evidence Library, you can upload, manage, and renew all your evidence in one centralized hub:
Simplified Upload: Evidence can be uploaded directly from your cloud storage provider.
Renewal Management: Set creation and renewal dates to receive timely reminders.
Linking to Controls: Link evidence to the necessary controls to demonstrate compliance.
Performance Insights: The library offers clear insights into how your uploaded evidence impacts your readiness and facilitates easy updates.
Drataverse Digital showcased our emphasis on innovation in the GRC space and allowed us an opportunity to connect with customers and get their input on these new enhancements in real-time.
Stay tuned for our next Drataverse Digital, where we will be diving into the reimagination of the automation engine in Drata (you got a glimpse of this if you were at our in-person Drataverse in June). With what we’ve built, you won’t have to choose between automation and configurability—you’ll have both. This NextGen automation platform lets you tailor the automated monitoring and evidence collection in Drata, specific to your controls, environment, and your GRC program.
Have more questions? Be sure to tune in to our next Ask an Auditor webinar on Access and Control, where we talk with an audit expert from Top 6 audit firm RSM to discuss all things UAR in a live Q&A.
