1. What it is and why we need it
To reach SOC2 compliance everybody needs to install Drata Agent on their machines and keep it running at all times.
It checks & reports these things:
and makes our life a lot easier because we can tick a huge amount of SOC 2 boxes without doing anything. Also, we do not have to set up any additional device management tools, company app stores or antivirus software for now. Huge win! 😃
2. Q&A
- Can we add multiple computers or just one?
Yes, you can add multiple computers.
- If I work from my private laptop from time to time, do I need to run the agent on that at all times as well or can I turn it off when I’m not working?
Yes, please install Drata Agent on any machine that you use for accessing Checkly production systems. (Heroku most prominently, also database access, 1Password, etc.) As long as the computer has that access, please keep the agent running.
If you only use the private machine to write and push code to github, then you don’t need Drata Agent on it. Having write access to Github is a risk we accept as we allow to use personal github accounts
- How is it with 2 different user accounts on one laptop? If I create a Checkly user and a guest user for example, can I just install the agent on the Checkly user one?
That is an acceptable solution.
3. What about my privacy?
The agent will report the above settings, and a list of all applications you have installed on your machine and all browser plugins you have installed. Drata allows Checkly management to review those regularly. If you are using your machine in mixed private/work mode, make sure you remove applications or browser plugins you don’t want us to see before setting this up.
Example Drata Agent Payload for Daniel’s machine
4. OK, ready. How to install?
It’s easy! Just follow the instructions here: https://app.drata.com/employee