25 Oct 2023

Drata, the pioneering continuous security and compliance automation platform, announced the launch of two highly anticipated capabilities: Role-Based Access Control (RBAC) and User Access Reviews (UAR). The addition of Role-Based Access Control enables even more partitioned access to various elements of the Drata platform to better manage compliance programmes. 

And with Drata's User Access Reviews offering, customers can automate the pulling of access levels of all employees across all the applications they use and easily review that access on a recurring basis. Both will be showcased at the company's inaugural Drataverse Digital, a virtual product launch event being held on October 24 at 10 a.m. PT, 1 p.m. ET.

Access management review process

Full visibility into a compliance programme requires managing and monitoring employee

Full visibility into a compliance programme requires managing and monitoring employee access and permissions—it's a fundamental capability that allows GRC teams to maintain compliance and build trust effectively. Role-Based Access Control gives Drata customers the ability to ensure that employees and teams only have access to the necessary information required for their job roles, minimising risk and protecting business-sensitive data. 

User Access Reviews automates the access management review process, making it easy to spot unwanted user access issues while integrating with common ticketing solutions such as Jira and ServiceNow to track and provide evidence of remediation across organisations. The addition of Role-Based Access Control and User Access Reviews to Drata allows multiple teams to securely work together, eliminating the use of time-consuming, fragmented tools to ensure that only the people who should have access to systems, have access.

 Author's quote

"Role Based Access Control is a must-have for us in order to help protect business-sensitive information. This latest addition from Drata provides us greater configurability to ensure that our teams and those involved only have access and visibility to what they need to, while still being able to collaborate on our compliance needs," said Brian Zabeti, Security and Compliance Manager at Pliancy.

Drata allows us to automatically pull relevant data from all of our Okta-connected integrations

"With User Access Reviews, Drata allows us to automatically pull relevant data from all of our Okta-connected integrations, giving us much needed granular visibility into the level of user access with critical systems," said Lesley Heizman, Risk and Compliance Manager at Lucidworks. "We're continuously impressed by the evolution of the Drata platform and how much we are able to further seamlessly manage our GRC programme."

Role-Based Access Control and User Access

In addition to Role-Based Access Control and User Access Reviews, Drata is also launching:

  • Control Readiness Approval enhancements that provide customers with greater flexibility and control when managing and determining a control's readiness status in Drata.
  • Evidence Library with Cloud Storage to simplify the control evidence upload, linking, and storage process. Evidence Library has been updated to allow customers to connect to a cloud storage provider (such as Google, Dropbox, OneDrive, etc.) and upload evidence directly from their cloud storage drive.

Latest enhancements

"Whether you're an emerging startup or enterprise organisation, all companies need to have a solid understanding and ability to govern the entry points and access levels to their systems; it's foundational in maintaining a healthy security compliance posture," said Adam Markowitz, Drata Co-Founder and CEO.

"Our latest enhancements give our customers the flexibility to proactively manage and automate access reviews within Drata as well as increase their control over their tech stack, all in one centralised platform."