April 22, 2025 9:00 AM Eastern Standard Time

1Password and Drata’s Strategic Partnership Closes the Access-Trust Gap with Unified Security and Compliance

New integration delivers a modern approach to trust at scale, combining real-time visibility, device posture enforcement, and automated audit readiness

TORONTO – 1Password, a leader in Extended Access Management (XAM), today announced a strategic partnership with Drata to redefine how modern businesses meet critical compliance requirements while ensuring employee and company data remain secure. The new 1Password Extended Access Management and Drata integration simplifies and accelerates the journey to compliance through continuous monitoring, secure access enforcement, and real-time insights without slowing productivity.

“Security and compliance are inseparable, especially as SaaS sprawl and AI adoption introduce new layers of complexity and risk,” said David Faugno, Co-CEO of 1Password. “Organizations can’t achieve lasting compliance without securing how people, devices, applications, and AI agents access their critical business data, and you can’t secure access without continuously verifying compliance. This partnership with Drata helps unify these efforts, giving companies the ability to enforce strong security policies across all identities, applications, and devices—both managed and unmanaged—while staying continuously audit-ready. It’s a step toward a more modern, automated, and resilient approach to trust at scale.”

Integrated Security and Compliance for the Modern Workplace

Modern compliance frameworks like SOC 2, ISO 27001, and CMMC require dynamic and ongoing verification of controls. But most organizations still rely on fragmented tools and static policies, while the explosion of SaaS and AI-powered applications—many adopted outside of IT’s purview—has led to a surge in ungoverned access across unmanaged devices, unsanctioned apps, and autonomous agents. These behaviors create an Access-Trust Gap—the security risks posed by unfederated identities, unmanaged devices, applications, and AI-powered tools accessing company data without proper governance controls. 1Password Extended Access Management closes this gap by securing access across all users, devices, and applications—ensuring even unmanaged apps and devices are brought under governance and aligned with compliance standards. Paired with Drata’s robust trust management platform, businesses gain continuous monitoring and real-time evidence collection to stay audit-ready and strengthen their security posture. 

“The consequences of non-compliance are undeniable, including data breaches, hefty fines, and the potential loss of key customers and markets,” said Adam Markowitz, Co-Founder and CEO of Drata. “Modern organizations are inundated with employee-owned devices, shadow IT, and shadow AI operating outside traditional governance, making compliance more elusive, audits more costly, and governance more critical than ever. By partnering with 1Password and integrating with their Extended Access Management platform, businesses can proactively mitigate compliance risks without compromising their growth or slowing their teams down.”

A Future-Ready Approach to Governance, Risk, and Compliance

The new integration between 1Password and Drata empowers IT and security teams to proactively manage compliance risks by combining device and credential-level security with automated monitoring and audit readiness. As productivity in the modern workplace often relies on SaaS apps brought in from the edge, AI-driven tools, and employee-owned devices, this integration provides a scalable path to continuous compliance. With this integration, businesses gain:

• Frictionless compliance at scale: Accelerate audit readiness and reduce operational overhead with Drata’s AI-powered compliance assistance, which generates responses for security questionnaires based on automated evidence collection. With real-time visibility into device posture and credential-level security, teams can maintain continuous alignment with frameworks like SOC 2 and ISO 27001—freeing up time, reducing human error, and scaling compliance with ease.

• Proactive risk reduction across credentials and devices: Minimize credential-related risks posed by both human and machine identities and strengthen security posture by combining 1Password Extended Access Management with Drata’s automated compliance tracking. Empower IT and security teams to proactively identify and mitigate threats while upholding industry best practices across regulatory frameworks.

• Real-time transparency that builds customer trust: Gain instant visibility into compliance posture and effortlessly share proof of compliance through Drata by Safebase’s Trust Center. Foster lasting credibility with prospects and customers by turning security posture into a competitive advantage.

• Contextual access control to protect company resources: Ensure only secure, compliant devices can access sensitive company data. By aligning access decisions based on pre-set device compliance requirements by Drata, organizations can strengthen data protection, reduce risk exposure, and meet evolving regulatory requirements with confidence.

“We’ve long relied on both 1Password and Drata to help us scale securely and stay audit-ready,” said Tom Townsend, Head of Compliance at ShipHero. “1Password gives us confidence that our employees’ access across identities, apps, and devices is protected, while Drata automates the evidence and monitoring we need to prove compliance. This integration brings those strengths together, allowing our team to move faster, stay compliant, and focus on what matters most.”

"Today’s organizations often operate across multiple jurisdictions, navigating a complex and constantly evolving regulatory landscape," said Sam Abadir, IDC Research Director for Risk, Financial Crime and Compliance. "To stay ahead, businesses need a flexible, risk-based, and auditable approach to compliance—one that can adapt as requirements change. By adopting modern solutions designed for today’s dynamic environment, organizations can better manage risk, demonstrate accountability, and unlock new opportunities for efficiency and innovation."

To learn more about 1Password Extended Access Management and the new integration with Drata, visit our website and our blog. 

About 1Password

Trusted by over 165,000 businesses and millions of consumers, 1Password pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. Our mission is to unleash productivity without compromising security. The 1Password Extended Access Management platform secures every sign-in, to every app, from every device, including the managed and unmanaged ones that legacy IAM, IGA, and MDM tools can’t reach. Leading companies such as Asana, Associated Press, Aldo Group, Canva, IBM, MongoDB, MediaComm Communications, Octopus Energy, Slack, Salesforce, Stripe, Under Armour, and Wish rely on 1Password to close the Access-Trust Gap: the security risks posed by unfederated identities, unmanaged apps, devices, and AI agents accessing sensitive company data without proper governance controls. Learn more at 1Password.com.

Contacts

Media contact: [email protected]