Depth versus Breadth in Data Security
Zachary Friedman, associate director of product management at Immuta, on security in the modern data stack
This overlap matters because the boundary between cloud security and data access control is moving up the stack, but the winning products are still built very differently. Immuta started inside the warehouse, where the hard problem is deciding which rows and columns each person can see at query time across Snowflake, Databricks, BigQuery, and Redshift. Wiz started from a broad cloud risk dashboard that scans AWS, Azure, and GCP for misconfigurations, vulnerabilities, and exposed assets, then expanded into data security from there.
-
Immuta is selling policy enforcement, not just visibility. A customer connects identity systems like Okta and data platforms, writes one business rule once, and Immuta translates it into native controls across multiple warehouses. That is why depth matters more than simple detection for teams that need day to day access decisions to work without changing analysts' SQL workflows.
-
Wiz is selling breadth first. Its core product gives security teams a read only scan of cloud environments, then layers on adjacent modules like entitlements, code, runtime, and data security. That broad starting point helped Wiz reach $500M ARR by July 2024, but it is a different job from being the control plane that sits directly in front of warehouse queries.
-
Redshift shows why the paths intersect. Amazon now offers native row level security and dynamic data masking, and Immuta has continued shipping deeper Redshift support, including viewless integration. As cloud warehouses add their own fine grained controls, the opportunity shifts to products that unify those controls across many platforms and connect them to policy, audit, and remediation workflows.
The market is heading toward consolidation around fewer security platforms that cover more of the stack. The durable winners will be the ones that can combine Wiz style breadth with Immuta style enforcement depth, so that a company can find risky data exposure, decide the right policy, and push that policy into live warehouse access without creating copies of data or breaking analyst workflows.