Immuta and BigID discovery versus enforcement
Zachary Friedman, associate director of product management at Immuta, on security in the modern data stack
The overlap matters because data discovery is becoming table stakes, while the real product boundary sits at what happens after a field is identified. Immuta starts from access control inside cloud data platforms, then uses classification to drive policies on rows and columns. BigID starts from broad discovery and inventory across many systems, then layers privacy, governance, and remediation workflows on top of that inventory.
-
In practice, both products can scan data and recognize sensitive fields like names, emails, or addresses. Immuta then uses those tags to decide who can query that data in Snowflake and similar platforms. BigID uses the same scan step more broadly to map where sensitive data lives across warehouses, SaaS apps, files, and on prem stores.
-
That is why the two often coexist. BigID has been positioned as an enterprise system for discovery, classification, and privacy operations, and its company page notes customers may pair it with tools like OneTrust for adjacent workflows. The interview shows the same pattern with Immuta, where some customers use BigID alongside Immuta rather than replacing it.
-
The packaging also differs. Immuta describes Secure, Detect, and Discover as one platform whose modules feed one another around enforcement. BigID sells a wider discovery and governance layer, with pricing tied to users, scanned data volume, and advanced features. That points to different buying centers, with Immuta closer to data platform teams and BigID closer to privacy, governance, and compliance owners.
Going forward, the category is likely to converge around platforms that can both find sensitive data and do something immediate with it. Immuta is well positioned when the priority is enforcing live access rules in the warehouse. BigID is well positioned when the priority is building a full map of sensitive data across the enterprise and coordinating downstream privacy and governance work.