Drata - Experts & Thought Leaders

Drata, the continuous security and compliance automation platform, debuted the first look of a new capability to streamline and expedite security questionnaires at the company’s annual user conference, Drataverse. Drata AI Questionnaire Automation was showcased live to over 600 governance, risk, and compliance (GRC), IT, and cybersecurity professionals. AI Questionnaire Automation During sales cycles, organisations of all sizes often spend countless hours manually crafting replies to hundreds of questions to demonstrate a strong security posture, a process that demands extensive collaboration across multiple teams. The introduction of AI Questionnaire Automation significantly minimises this labour-intensive process by parsing and extracting questions, generating responses using existing data within the Drata platform, and allowing users to review, edit, and approve the AI-generated answers. As a result, organisations can expedite sales cycles and drive revenue growth by minimising delays in the security review process, while also scaling efficiently without sacrificing the quality of responses. Key features Automated Questionnaire Processing: Simply upload security questionnaires in formats like .xls, .csv, .pdf, and more, while Drata AI parses the document and extracts the questions automatically. AI-Driven Answer Generation: Using a rich knowledge base comprising information from the organisation’s Drata instance, the AI generates suggested responses to the extracted questions. Reducing sales friction “AI Questionnaire Automation empowers our customers to build trust quickly and efficiently,” said Brian Elmi, Drata's Senior Vice President of Product Management. “With this new capability, businesses can respond to security questionnaires in minutes instead of days, reducing friction in the sales process and allowing teams to focus on their core operations.” Compliance as Code The company will introduce new releases and enhancements to its risk management capabilities Drata also announced Compliance as Code is rolling out to customers starting today, enabling even more GRC teams to identify and remediate compliance gaps during code development. The company will also introduce new releases and enhancements to its risk management capabilities, including residual risk scoring, vendor intake with AI summary, risk owner notification, and Workspace support, as well as the ability to manage multiple Risk Registers in Workspaces. Drataverse 2024 Drataverse 2024, held at Pier 27 in San Francisco, was designed to bring industry pioneers together to collaborate and shape the future of GRC. This year’s “Chart Your Course” theme featured keynote presentations as well as 20 panel discussions and interactive sessions from A-LIGN, Eden Data, MJD Advisors, ASAPP, and Class Technologies among others, fostering discussions on navigating the complex GRC landscape. 

Drata, the pioneering compliance automation platform, announced that it has acquired oak9, a cloud-native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle. The acquisition positions Drata as the only platform of its kind that monitors compliance both before and after code is deployed to production. This capability, called Compliance as Code, will be demonstrated at RSA, May 6-9 in San Francisco. Cloud-native applications Acquiring oak9 and launching Compliance as Code in Drata now equips thousands of DevSecOps, GRC, and engineering teams with the power to identify and remediate potential compliance violations as code is developed, instead of after it’s deployed. GRC teams are routinely challenged to address compliance issues after changes are already in production, creating a backlog of issues to address after deployment. GRC teams are routinely challenged to address compliance issues after changes are already in show As DevOps teams grow bigger and more complex, the need to “shift left”, to address these compliance gaps earlier in the SDLC, has significantly increased in order to maintain compliance standards without sacrificing the speed of development. Oak9 specialises in infrastructure-as-code to build security and compliance into cloud-native applications as they are developed, and offered a catalogue of out-of-the-box blueprints that ensured that customers can meet their security and compliance objectives for any architecture on any cloud provider. Future of compliance automation “It’s time to break down infrastructure and application silos and transform compliance and security into one cohesive concept. This is the future of compliance automation and GRC and it’s here now,” said Adam Markowitz, Drata Co-Founder and CEO. “Drata Compliance as Code empowers developers, engineers, and GRC teams to save countless hours by shifting compliance left in the SDLC, collectively improving security and code quality while fostering a culture of compliance.” Key details for the GRC team  GRC teams will have shared visibility into their cloud infrastructure and be able to identify Integrating oak9's software brings Drata into crucial areas of the SDLC where changes happen, including the code repository, and the continuous integration and continuous delivery/deployment (CI/CD) pipeline. Pre-built tests map to an organisation’s compliance requirements by scanning their infrastructure code and flag gaps and anomalies with key details for the GRC team to resolve.  Now, GRC teams will have shared visibility into their cloud infrastructure and be able to identify failing controls within the code before it ever makes it into production, creating more efficiency and confidence leading up to an audit. Integrated into Drata’s platform   “Oak9’s mission from day one has been to address critical security gaps throughout the software development lifecycle, including gaps with compliance, which is all too often viewed as an afterthought. That mindset can be costly for the entire organisation,” said Om Vyas, Co-Founder and CEO of oak9. “Being integrated into Drata’s platform is exceptional validation of our team’s commitment to realising this mission. This sets a new standard in how teams tackle cloud-native security and compliance.” 

Drata, the pioneering continuous security and compliance automation platform, announced its Third-Party Risk Management (TPRM) offering, empowering customers to identify, evaluate, and monitor third-party risks in one centralised and integrated platform. TPRM and several other enhancements are showcased at Drataverse Digital on December 12, at 10 am PT, 1 pm ET. New Risk Trends Report Third-party risk has become a critical element of a strong governance, risk, and compliance (GRC) programme, especially when addressing sensitivities with data protection. Drata’s new Risk Trends Report found that 83% of security professionals have experienced negative consequences as a result of their current TPRM process or informal oversight process. But investment remains a challenge, with 44% of respondents saying their company may not have the appropriate staff or resources to thoroughly screen third parties. Drata’s new Risk Trends Report found that 83% of security experts shared negative impacts Drata’s TPRM offering provides security teams with a comprehensive tool for identifying, assessing, and continuously monitoring risks and integrating them with internal risk profiles. This holistic approach ensures a unified, clear view of potential exposures across the entire organisation to effectively and efficiently manage third-party risks. Drata’s TPRM capabilities The first phase of Drata’s TPRM capabilities include: Vendor Import via Okta SSO integration and Bulk Upload: streamline adding and updating vendors in a Vendor Directory. Vendor Impact Analysis: standardise the assessment of Vendor Impact and Impact Level by evaluating data access, operational impact, and more.  Vendor Questionnaire Responses: gain deeper insight into vendor risk posture. Vendor Risks: adding reminders, categorisation, and treatment to track and continuously assess the risk of vendors as part of an organization’s risk register.  Vendor Risk Overview: easily understand, prioritise, and act on all risks across vendors.  Vendor Insights Dashboard: keep stakeholders up-to-date on the overall risk impact of a current vendor ecosystem. Author's quote Drata’s latest offering extends the power of its best-in-class continuous control monitoring" “Drata helps us extract meaningful insights from across our vendor ecosystem, and prioritise time-sensitive tasks,” said Ylan Muller, Senior IT Manager at FireHydrant. “Our team is able to formalise the tracking and management of third-party related risks and consolidate this workflow into one tool, so that we can remain vigilant in keeping our security program running smoothly.” “It’s imperative for security professionals to have as much confidence in their third-party ecosystem as they do within the four walls of their own businesses,” said Adam Markowitz, Co-Founder and CEO of Drata. “Drata’s latest offering extends the power of its best-in-class continuous control monitoring to third-party vendors, taking TPRM to the next level.” New capabilities Drataverse Digital: Risk and Reward also features additional new capabilities including: NIST AI Risk Management Framework (RMF) to proactively set standards, collect evidence, and monitor controls to ensure proper governance of AI adoption across the workforce.  HRIS integrations, automating the evidence collection and control monitoring for 23+ Human Resources Information Systems.