Preserve Self-Serve Warehouse Access
Zachary Friedman, associate director of product management at Immuta, on security in the modern data stack
The real risk is not overspending on Snowflake, it is breaking the self serve workflow that makes a cloud warehouse worth paying for in the first place. Snowflake and Databricks are built so analysts, product teams, and business users can hit the same tables directly with SQL, notebooks, and dashboards. If security forces everyone through a separate proxy, cloned datasets, or custom views, every query becomes a change request and the warehouse turns from a shared system of record into a gated back office tool.
-
Immuta is positioned as a policy layer that lets a bank or pharma company write one access rule in business terms, then enforce it across Snowflake, Databricks, BigQuery, Redshift, and Starburst. That matters because large enterprises rarely run just one platform, and copying the same rule into each system creates both security drift and admin overhead.
-
The product level reason this works is that Snowflake row access policies and masking policies, and Databricks Unity Catalog row filters and column masks, apply controls at query time while keeping the underlying table name the same. Users run the same SQL against the same table, but each person sees only the rows and columns they are entitled to see.
-
This is also why Immuta is more complement than substitute to Snowflake and Databricks. As those platforms add better native policy primitives, Immuta gets a cleaner foundation to map high level business rules into platform native controls. The platform owns query execution, while Immuta owns the cross platform policy logic and audit context enterprises need.
The direction of travel is toward native, invisible governance built into the warehouse and lakehouse path, not bolted on in front of it. The winners in data security will be the layers that let companies open direct access to more employees, partners, and customers without multiplying copies of data or forcing analysts to learn a different way to query.