Compliance without access control is incomplete. Security without continuous compliance is inadequate. With 1Password® Extended Access Management and Drata, companies can finally unify these efforts—closing the Access-Trust Gap while accelerating audit readiness, improving security posture, and building trust overall.
“Security and compliance are inseparable, especially as SaaS sprawl and AI adoption introduce new layers of complexity and risk,” says David Faugno, Co-CEO of 1Password.
Indeed, maintaining cybersecurity compliance has never been easy and has become even more complex in recent years. There’s a vast landscape of global regulations and standards to keep track of, including SOC 2, ISO 27001, NIST, and CMMC, to name just a few. Understanding the requirements of these disparate standards is challenging enough, and actually achieving compliance is even more difficult, especially at a time when businesses often lack visibility into how sensitive resources are being accessed.
IT and Security teams face increasing complexities as they secure the various users, devices, and applications their company uses. Today’s admins have to contend with the explosion of SaaS and AI-powered applications. Many of these are adopted outside of IT’s purview, leading to a surge in ungoverned access that widens the Access-Trust Gap and blocks compliance goals.
By design, Drata and 1Password Extended Access Management help teams manage the complexities of modern cybersecurity. Drata provides streamlined automation to help teams achieve, maintain, and prove compliance. 1Password Extended Access Management secures every sign-in, to every app, from every device, by giving admins visibility and control over all applications, devices, and user and machine identities that access their resources.
Now, through a new integration, Drata and 1Password are partnering to do even more to support your compliance journey.
How the 1Password and Drata integration works
Drata is a leading trust management platform that helps companies automate governance, risk, and compliance (GRC) workflows to pass audits and maintain compliance with frameworks such as SOC2, GDPR, and many others. The platform allows teams to pursue multiple compliance standards simultaneously through built-in controls and a library of compliance requirements.
Even when an audit isn’t actively taking place, Drata automates and simplifies GRC through continuous monitoring and real-time evidence collection. Drata’s continuous control monitoring gives teams a complete view of their compliance status at all times, helping them to maintain security posture and prioritize critical compliance issues as they arise.
1Password Extended Access Management’s platform includes several integrated products that manage different forms of access: applications, devices, and credentials. One of those products is 1Password Device Trust, which ensures that only devices that are in a trusted state can access business applications and sensitive data.
To qualify as “trusted,” a device must first be known by the organization, meaning that devices without the device trust agent can’t authenticate at all. Then, the device must pass a series of device posture checks according to the organization’s compliance policy. Untrusted devices cannot authenticate to a company’s SaaS applications until the security issue is resolved and the device is compliant.
1Password Device Trust has a library of over 100 pre-built checks, which admins can implement to ensure that devices meet requirements like installing the latest OS update, having the firewall turned on, etc. Admins can also write their own custom Checks according to their needs.
Drata’s integration with 1Password Device Trust leverages the Checks API to continuously monitor five key Device Trust Checks that are particularly important for meeting compliance frameworks such as SOC 2, ISO 27001, CMMC, and NIST.
These Checks validate that an end user’s device has:
- A password manager installed
- Antivirus software installed and running
- An updated operating system with the latest security patches
- Hard drive encryption enabled
- Screensaver lock properly configured
The integration then enables Drata to retrieve detailed 1Password Device Trust Check results from all devices. From there, Drata can provide insights into device compliance and overall security posture.
Key benefits of the integration
This powerful integration can provide several key benefits to a company’s security and compliance program. For companies that have rolled out both Drata and 1Password Extended Access Management, this integration allows each solution to better safeguard company data and access.
Reduced security risk
The five Checks included in this integration help resolve some of the most critical security risks organizations face today, stemming from compromised credentials, shadow AI, and vulnerability exploits.
For instance, the 2024 Verizon DBIR reports that stolen credentials have factored into almost one-third of breaches over the last ten years. This concern is only more pressing with the rise of AI. AI agents, for instance, often need to interact with enterprise systems. These agents can’t use biometric MFA and don’t support SAML flows. In practice, developers often disable MFA, or borrow employee credentials just to make the agents function. All of this creates massive blind spots in credential security.
That’s why compliance frameworks and standards like NIST and PCI DSS require that employees use complex passwords and other forms of multi-factor authentication.
Password managers provide a secure way for companies to share and secure credentials with both employees and AI agents while also enabling the transition to passwordless authentication. For this reason, the 1Password® Enterprise Password Manager is a critical part of the 1Password Extended Access Management platform. However, to take advantage of this security benefit, companies need to ensure that every device at their company has the password manager installed. The password manager Check included in this blocks access to any device that doesn’t pass, thus delivering a win for compliance and security.
In addition to the blocking mechanism, the integration allows Drata’s automated compliance monitoring to track and alert IT and security teams of any device or security posture problems in real time, allowing them to mitigate risks and resolve compliance issues quickly.
Real-time insights into device compliance
Ensuring compliance across a distributed workforce requires that IT and Security teams gain oversight of both managed and unmanaged devices. As such, any compliance program requires admins to contend with the Access-Trust Gap. The Access-Trust Gap refers to the security risks posed by unfederated identities, unmanaged devices, applications, and AI-powered tools accessing company data without proper governance controls.
Many standards, such as HIPAA, require that organizations prove that they enforce specific security standards on contractor and employee personal devices. Unfortunately, these devices fall beyond the scope of traditional security and compliance solutions like mobile device management (MDM).
1Password Device Trust is uniquely able to run Checks across every device at a company, whether managed or unmanaged. At the app level, Trelica by 1Password can uncover unsanctioned apps or AI usage across all devices. It can then monitor and manage user access to these apps to ensure that permissions align with organizational policies.
Through the integration with Drata, companies can verify that every device meets the security requirements for each standard.
Automated evidence collection and audit-readiness
Compliance auditors require specific and thorough records proving the security controls that companies have implemented. Assembling these records manually can often require significant time and work from IT and security teams to collect screenshots and log exports.
Drata automates evidence collection and gathers proof of device compliance, streamlining continuous audit readiness across employee devices. The system then maps this evidence to relevant compliance controls across different guidelines. Trelica by 1Password is also able to provide security reports for discovered and managed apps across the company, including overviews of each app’s compliance profile.
With the integration, teams can also proactively address device compliance with AI Questionnaire Assistance. Drata’s AI-powered compliance assistant helps generate responses for security questionnaires based on the evidence it has been collecting. This saves teams even more valuable time during the compliance process.
This integration allows businesses to assemble compliance records for multiple frameworks at once. The company improves security while working toward various compliance goals, and systems are always kept audit-ready.
Better together: simplifying compliance, strengthening security
Cybersecurity compliance has always been complex, and the past few years have only made it more complicated. IT and security teams need the support of strong but flexible solutions that can meet the needs of many users and devices across a hybrid, cross-platform organization.
Through this new integration, 1Password Extended Access Management and Drata deliver streamlined compliance, improved security, and reduced manual effort for companies during their compliance journey.
As Adam Markowitz, Co-Founder and CEO of Drata, puts it. “By partnering with 1Password and integrating with their Extended Access Management platform, businesses can proactively mitigate compliance risks without compromising their growth or slowing their teams down.”
Discover how 1Password and Drata’s integration can support your compliance requirements at scale. Reach out for a demo!
Rachel Sudbeck
Content Associate
Tweet about this post