Drataverse Digital: Access & Control [+] What’s New in Drata

Our latest additions to Drata provide enhanced access and control management, so you can protect sensitive information, reduce the risk of data breaches, and garner trust with your customers.
Media - Image - Shera Brady

by Shera Brady

October 24, 2023
What's New in Drata Header

Ready to take your GRC program to new heights? Our latest additions to Drata provide enhanced access and control management, so you can protect sensitive information, reduce the risk of data breaches, and garner trust with your customers.

Let’s take a look.

User Access Reviews

With User Access Reviews, customers using Okta as their identity provider can automate their quarterly access review process and actively monitor for any changes in user access in their organization. 

For customers using an identity provider other than Okta, we have partnered with Wing Security to offer access reviews and management through their best-in-class SSPM for compliance solution.

What Are Access Reviews?

We’re glad you asked. Access reviews are systematic evaluations of who within an organization has access to specific data, systems, or applications. 

This critical procedure helps organizations ensure that the right individuals have access to the right resources, reducing the risk of data breaches or unauthorized access. But let's face it, this process has often been a pain—that’s why we've revamped our Access Reviews.

What Does Drata’s Access Review Feature Look Like?

With Drata, the access review process is now more straightforward and efficient than ever:

  • Automated Review Process: Streamline access reviews to automate much of the process and save time and effort.

  • Transparency and Anomaly Detection: Identify unusual access patterns or unauthorized access promptly.

  • Continuous Control Monitoring: Ensure that access is regularly reviewed, minimizing potential risks.

  • Integrations: Drata connects to over 500 applications to automate the collection of user access data.

Role-Based Access Control

Role-Based Access Control (RBAC) is critical for organizations looking to streamline access management. The idea is simple but effective: people should have limited access to what they need to do their jobs.

What Is Role-Based Access Control?

RBAC ensures that users only have access to the information necessary for their specific responsibilities. It minimizes risk and protects your business-critical data.

What Does Role-Based Access Control Look Like in Drata?

Defining and managing numerous roles and permissions can be cumbersome and confusing (and a major time suck). Our expanded RBAC capabilities simplifies and streamlines the process for you, so you can focus on other business initiatives.

Here are a few key functions:

  • Improved Security: Limit access to only those who require it for their specific roles, reducing risk.

  • Access to Key Information: More granular control to ensure individuals are assigned to and have access to the information necessary to fulfill their responsibilities.

  • Streamlined Team Access Management: Easily manage multiple roles in Drata while obtaining key information at a glance from the revamped role admin page.

  • Enhanced Visibility: Provide "read-only" access and status updates to those who need it—even if they are not in Drata—without the fear of accidental changes being made.

To make managing multiple roles more granular as RBAC evolves, we also introduced three new predefined roles in the Role Admin page, including:

  • Control Manager: Responsible for making controls ready.

  • Personnel Compliance Manager: Handles permissions to make personnel compliant.

  • Policy Manager: Offers access to the Policy Center for editing and approvals.

With these updates, administrators have more role options to assign to team members, making managing certain visibility and access within Drata easier.

Evidence Library

Evidence Library is the all new destination for all of your manually uploaded evidence on Drata. It is your one-stop-shop for uploading, linking, and storing evidence—And now, it’s even better.

To further simplify the evidence upload process, Evidence Library can now connect to a cloud storage provider to upload evidence directly from the cloud.

Control Readiness Approval

Control Readiness Approval (coming soon) allows you and your team to set up an internal review and approval before a control reaches "ready" status. This saves you valuable time by bringing these steps and automating more of your compliance program right in Drata.

In Case You Missed It

Here’s a quick a look at all our releases for the quarter:

Cyber Essentials 

Drata supports Cyber Essentials through continuous monitoring with out-of-the-box control mapping and policies.

ISO 27017 and ISO 27018 

If you’re currently adhering to ISO 27001 and want to further demonstrate your commitment to security, you now have the ability to add ISO 27017 and ISO 27018 to your compliance program.  

CSA CCM 

Drata now supports CSA CCM through continuous monitoring, offering out-of-the-box control mapping and policies. 

Enhanced Task Capabilities

Tasks can now be attached to risks so that risk managers, tech govs, workspace managers, and admins can manage the steps being taken to manage risks. Additionally, you can filter by Task type.

Elevated Control Evidence Upload Experience in Audit Hub 

When an auditor requests evidence in Audit Hub, Drata users can now seamlessly upload evidence within a new request page, automatically notifying their auditor through both a system message and email. 

Custom Risk Scoring

Risk Management customers can now tailor their risk scoring to align with their specific risk program, in addition to other custom fields right within the module.

New File Formats

Drata now supports even more file formats including markdown, txt, zip, csv, and json.  

GitLab Ticketing

Connect your Gitlab application to create Gitlab tickets directly from your Drata App. 

New Fields in HRIS

Import additional fields from your HRIS including preferred name, personal email, and department.

Future Hire Date

Import future hire dates for personnel so Drata can exclude them from compliance checks until they start. 

Stay Tuned For More

We’re not done yet. Join us for our upcoming Ask an Auditor webinar where Drata experts and special guest, RSM, a top 6 audit firm, answer all your questions regarding user access review. 

Plus, Drata’s NextGen Automation is right around the corner and promises to take your compliance game to a whole new level.

To get started on your access and control journey, book a demo here.

Trusted Newsletter
Resources for you
What to Expect Thumbnail

What to Expect at Drataverse Digital: Access and Control

Next Generation Automation Drata

Preview: Next Generation Automation Platform From Drata

G2 Fall Reports Thumb

Drata Shines in G2 Fall Reports

CCM and ISO Blog Thumb Image

CCM, ISO 27017, and ISO 27018 Now Available in Drata

Media - Image - Shera Brady
Shera Brady
Related Resources
What to Expect Thumbnail

What to Expect at Drataverse Digital: Access and Control

Next Generation Automation Drata

Preview: Next Generation Automation Platform From Drata

G2 Fall Reports Thumb

Drata Shines in G2 Fall Reports

CCM and ISO Blog Thumb Image

CCM, ISO 27017, and ISO 27018 Now Available in Drata