A Recap of Drataverse Digital: Risk and RewardIn case you couldn't join us at our last Drataverse Digital, here's the breakdown of all the new capabilities you can now access through Drata.
We hosted our second Drataverse Digital last week, focusing on risk and reward. Companies today are facing more uncertainties and managing more risk than ever before, and the cost of managing those risks has been increasing at an unprecedented rate.
In fact, our Risk Trends Report found that 80% of companies fear they don’t have visibility into their third parties’ security posture, and more than 2 in 5 don’t have the proper staff or resources to thoroughly screen their resources in a timely manner.
Clearly, conventional third-party risk management and compliance methods just aren’t enough to keep up with the challenges companies face today.
Third-Party Risk Management
Proper risk management doesn’t mean we operate in a world without risk; quite the opposite, it means we operate effectively within a risk aware environment.
Our new Third-Party Risk Management (TPRM) program allows customers to onboard new vendors and assess and manage their risk. By leveraging insights from our massive network of trust centers and extended knowledge base, you can confidently interpret the risk of your vendors and track risk as part of your organization’s risk suite.
Plus, you can report on these risks to demonstrate how your GRC program is addressing and mitigating third-party risk over time.
Our TPRM program is just the beginning of our risk management journey—and part of our relentless pursuit of true end-to-end trust management.
NIST AI Risk Management Framework
Companies everywhere are leveraging AI to gain a competitive edge, but this comes with unique risks and challenges for companies and their GRC teams—including issues like bias, data privacy, and even environmental concerns. Addressing these risks ensures AI operates safely and ethically.
That’s why Drata is the first to support NIST AI Risk Management Framework (RMF), a voluntary framework that provides a comprehensive roadmap for navigating AI risks responsibly, ensuring that AI is a positive change in your business.
This framework includes:
Out-of-the-box control mappings.
New and updated policies.
Risks in Risk Library that have optimal control guidance specific to AI.
Implementing this AI framework within Drata is a critical first step toward building governance around AI development and usage while managing its risks.
We’ve also included an AI awareness training module that helps employees with their awareness and understanding of responsible AI practices as well as their obligations and responsibilities to comply with AI RMF. Rolled out and easily tracked within Drata, companies have the option to add this training to their onboarding workflow or deploy through independent URLs.
These are just a few of the steps you can now take within Drata to provide confidence in the sustainable and secure deployment of AI in your company.
SentinelOne and HRIS Integrations
On top of all of that, we are now extending support to 23 new HRIS systems. You can pull in critical personnel data within Drata to help you with onboarding, offboarding, and general personnel compliance.
We’ve also developed an entirely new category of integrations called end point detection and response—with SentinelOne as our first partner.
Once connected, SentinelOne pulls in device information and automatically maps it to your personnel using a serial number, making it easy to to see agent versions, health status, and assets.
Managing Risk Panel
Drata's VP of Customer Experience, Ashley Hymen, recently hosted a thought-provoking panel featuring esteemed industry leaders including Senior Manager of Information Security, Ty Nickel, CISO at Verkada, Kyle Randolph, and VP of Security Engineering & CISO at Jit, Chris Koehnecke.
The panel delved into the strategic deployment of compliance as a growth lever, showcasing its dual function as both a catalyst for innovation adoption and a confidence-building mechanism for engaging new customers and vendors. These industry leaders provided valuable insights into leveraging compliance frameworks not merely as checkboxes but as strategic tools for fostering organizational resilience.
The conversation also explored the evolving role of artificial intelligence in compliance, shedding light on its transformative potential in enhancing security measures and streamlining regulatory adherence.
Here’s a quick look at some of the questions asked and answered:
Are there ways GRC can actually be a growth lever?
What challenges have you seen at your organizations in shifting the mindset of using compliance and GRC as a growth lever?
What ways has your organization balanced the need for innovation with managing risk?
How do you address vendor management to ensure it contributes to sustainable growth?
What role will AI play in the future of risk management and AI in general? What are your companies looking at with AI?
What future GRC trends/challenges are you foreseeing?
Our customers are at the center of everything we do, and our continuous innovation comes from your continuous feedback. We read every email, review, and every product idea that you submit.
That’s why we ask so often for your comments, ideas, stories—they’re the rocket fuel powering Drata every single day.
It’s safe to say that our second Drataverse Digital was a success, and we’re looking forward to our next in-person Drataverse in San Francisco this spring. If you’re ready to start managing risk and reaping the rewards, book a demo today.