Eugene Raynor

How to streamline compliance audits with Hexnode and Drata

Eugene Raynor

Sep 28, 2022

6 min read

When you are building a company from scratch, it is natural to prioritize certain things over others. However, there are some things you cannot compromise on. Regulatory compliance is one such thing. Any organization that has its operations worldwide must be compliant with numerous regulatory guidelines, frameworks, and standards. These include HIPAA, GDPR, SOC2, PCI DSS, and many more.

Non-compliant organizations usually end up paying hefty penalties. That’s not the worst of it. Failing to adhere to compliance standards also reduces the reliability and your brand reputation as a whole in the industry. Hexnode recognizes the need for compliance and has continually taken measures to ensure compliance for its customers since its inception.

Recently, Hexnode and Drata joined hands together to help Hexnode users in their compliance journey.

Learn how Hexnode helps you achieve regulatory compliance

What are compliance audits?

A compliance audit involves the review of an organization’s procedures, processes, controls, and configurations to determine if they are in alignment with the regulatory guidelines. It assesses the security policies, risk management processes, and user access controls of an organization.

Why do companies need them?

Compliance audits are a crucial part of the journey towards regulatory compliance because they help companies identify weaknesses and vulnerabilities within their regulatory compliance processes and show them valuable insights on opportunities to improve.

Compliance audits determine the number of compliant versus non-compliant processes and provide recommendations to perform corrective actions and prevent future non-conformities.

Essentially, a compliance audit simply verifies if your company is doing what they said they’d do.

Performing poorly on an external compliance audit that’s carried out by regulatory authorities may attract potential penalties ranging from formal reprimands and hefty fines to even a major fallout for the entire organization. Which is why it is advised to regularly commission (or in this case, automate) internal compliance audits to uncover any potential vulnerabilities, before subjecting your organization to an external audit.

This is where Hexnode and Drata can help businesses out.

Internal vs external compliance audits

Internal audits, or self-audits are carried out internally by the company to evaluate overall security posture, identify risks, and ensure that the company is following all the regulatory guidelines.

External audits, on the other hand, are formal compliance audits that are commissioned by regulatory officials or independent third parties. These audits verify if the company is following the compliance regulations being assessed, and the results of the report are used by regulators to assess compliance status, and issue potential fines for non-compliance.

How does Hexnode help businesses in their compliance journey?

From desktops to mobile devices to IoT, an organization may use all manner of endpoints to store and access protected information. Enforcing the right protections and controls on these endpoints is crucial to ensuring your organization conforms to the regulatory guidelines.

Moreover, with many of these endpoints scattered across different locations, companies must adopt the right tools to gain sufficient visibility over these devices.

Hexnode’s Unified Endpoint Management solution offers all the tools necessary to secure, manage, and monitor endpoints across its entire lifecycle, and ensures that corporate endpoints are protected with the right controls and configurations to maintain regulatory compliance.

How UEM help companies meet regulatory compliance requirements

What is Drata?

Drata is an advanced security and compliance automation platform helping thousands of companies streamline over 10 compliance frameworks (such as SOC 2, ISO 27001, GDPR, and more) through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for annual audits.

Hexnode-Drata integration for automating your compliance journey

Hexnode’s partnership with Drata helps businesses streamline and automate the path to compliance audits.

How to integrate Drata with Hexnode

Integrating Drata and Hexnode takes just a few minutes. Let’s take a look at the steps involved.

Step 1 – Log in to the Hexnode portal and take note of the following details.

  • API server: The API server is simply the URL of your Hexnode portal. Eg:
  • API key: You can find the API key by navigating to the ‘admin’ tab in the Hexnode portal.

Step 2 – Once you’ve taken note of the above-mentioned information, log in to Drata and navigate to the ‘connections’ tab. Locate Hexnode from the list of connections and click on ‘connect’. Enter the API URL and API Token and click on ‘Save & Test Connection’.

Step 3 – Next, you must navigate to the ‘Internal Security’ tab and turn on ‘Automated via Hexnode MDM’ while switching off ‘Automated via Drata Agent’. This will ensure that employee compliance data related to that device will come from the Hexnode Agent installed on the device.

Once you’ve performed the following steps, Drata can directly pull the data from Hexnode via an API connection, and collect it to streamline compliance audits.

How does Drata help Hexnode users?

The Hexnode and Drata integration helps administrators automate the following processes.

  • Evidence gathering
  • Device monitoring

Evidence gathering involves documenting an organization’s compliance processes and outcomes. Drata gathers evidence by extracting data from Hexnode UEM. This includes information like the policies applied on devices, such as

  • Encryption policies
  • Password policies
  • Screensaver and auto-lock policies
  • Firewall policies
  • OS update management policies
  • Restrictions and security configurations

Once it has completed the evidence gathering processes, Drata continuously monitors all endpoints and collects information regarding each of the associated policies and their compliance status, thereby providing admins with a seamless monitoring experience.

Currently, only desktop (macOS, Windows) devices support the Hexnode and Drata integration features.


The partnership with Hexnode and Drata brings together efficient device management strategies and seamlessly connects them with automated compliance monitoring and evidence gathering processes. Together, Hexnode and Drata save companies hundreds of hours per year on streamlining and automating their compliance journey.

Eugene Raynor

Seeking what's there lurking over the horizon.

Share your thoughts