Security / Trust Management & GRC Automation
Main Offerings:
Feature Breakdown: • Continuous compliance monitoring dashboards
• Automated evidence & audit workflows
• Vendor Risk Management AI Agent
• Policy templates & employee attestation
• Trust Center to share certifications
• API + 400+ native integrations
• Risk register & reporting (Departments: Security, Risk, Compliance, GRC, DevOps, IT)
Business Industry Gearing: Tech/SaaS, Financial Services, Healthcare, any cloud-native org needing compliance
Certifications: Platform helps customers obtain/maintain SOC 2; Drata itself is SOC 2 Type II certified, ISO 27001, GDPR, HIPAA, PCI-DSS, CCPA, HITRUST (certifications supported for customers)
Vendors/Tools: Built on AWS/GCP; uses Cloudflare, etc.
Risk Profile:
Aggregated Reviews: G2 4.8/5 (500+ reviews); Capterra 4.7/5
Adoption Insights:
Metrics: NPS 75+ (per vendor blog); high retention >120% net dollar retention
Barriers: Cost for small startups; limited flexibility for very custom frameworks
Revenue Model: SaaS subscription (annual), tiered plans (Essential $7.5k, Foundational $15k, Advanced enterprise custom)
Pricing: Essential, Foundational, Advanced/Enterprise (Sources: Sprinto blog 2025; Vendr marketplace; user quotes)
Market Context:
| Name | Description | X Account | |
|---|---|---|---|
| Adam Markowitz | Co-Founder & CEO; former aerospace engineer; founded Portfolium (acq. by Instructure) | https://www.linkedin.com/in/markowitzadam | https://twitter.com/AdamLMarkowitz |
| Daniel Marashlian | Co-Founder & CTO; serial tech entrepreneur; ex-CTO Portfolium | https://www.linkedin.com/in/daniel-marashlian | |
| Troy Markowitz | Co-Founder & COO; ex-Instructure, operations & GTM leader | https://www.linkedin.com/in/troy-markowitz |
Key Metrics Update:
News/Trends:
Target Market: Cloud-native companies 25-2500 employees; heavily tech/SaaS, fintech, healthcare
Target Users & Personas: CISO, CTO, Security & Compliance Managers, GRC teams
User Experience Level: Entry-level to power users; UI guides novices, APIs for advanced
Key Use Cases:
Measurable Outcomes:
Fit Assessment: Best for fast-growing tech firms needing audit-ready compliance quickly; enterprise-grade at cost
Custom Rec Flags: