Immuta enforces one policy across platforms
Zachary Friedman, associate director of product management at Immuta, on security in the modern data stack
The real value is not one more security rule, it is turning five different warehouse permission systems into one operating layer for data access. Large companies often run Snowflake for analytics, Databricks for data science, BigQuery or Redshift for specific teams, and Starburst to query across them. Immuta lets a central team define business rules once, then translates them into each platform’s native grants, row filters, and column controls, so teams do not have to rebuild the same rule five times in five syntaxes.
-
This matters most when access decisions change constantly. A bank or pharma company may need one analyst to see full records, another to see masked columns, and an external partner to see only certain rows. Immuta sits between identity systems like Okta and the data platforms, then applies those rules dynamically without making duplicate datasets.
-
The workflow advantage is concrete. Instead of a security team hand editing privileges in Snowflake, Unity Catalog, BigQuery, and Redshift, platform owners write one policy in business terms, then Immuta pushes the right native controls into each system. Its documentation shows policy enforcement across Snowflake, Databricks Unity Catalog, BigQuery, Redshift, and Starburst.
-
This is different from companies like BigID and Teleskope, which start with finding and classifying sensitive data across many systems. Those products help answer where sensitive data lives and what it is. Immuta’s core wedge is narrower and more operational, deciding who can query which table, row, or column at the moment of access.
The category is moving toward a control plane for data security, where discovery, policy, enforcement, and audit all connect. As enterprises add more warehouses, lakehouses, and AI workflows, the winning products will be the ones that let a company express access rules once, prove they were enforced everywhere, and keep self serve data use from turning into a security bottleneck.