Policy Enforcement Inside Data Warehouses
Zachary Friedman, associate director of product management at Immuta, on security in the modern data stack
The core advantage here is that Immuta is selling control that lives inside the warehouse, not security layered around it. Its product lets a bank or pharma company write one business policy once, then enforce row, column, and masking rules across Snowflake, Databricks, Redshift, BigQuery, and Starburst without forcing analysts onto a proxy or into new query workflows. That depth matters most for large enterprises with one copy of sensitive data and many internal users querying it in place.
-
Immuta grew up around warehouse enforcement. It started with highly sensitive public sector data, then moved into regulated enterprises, and focused on a small set of data stores with very deep integrations. The result is policy enforcement tied closely to platform features like Snowflake row and column controls and Databricks Unity Catalog.
-
That is different from adjacent players. BigID is centered on finding and classifying sensitive data, then feeding that context into security workflows. Wiz started with broad cloud risk detection across AWS, Azure, and GCP, then expanded into more products. Rubrik came from backup, recovery, and ransomware defense. Those products can overlap with Immuta, but they begin from different control points.
-
The practical buyer benefit is less change management. Earlier data security tools often sat in front of the warehouse as a proxy. Immuta instead aims to let analysts run the same SQL against the same tables while policies filter what each person sees. For a company spending heavily on Snowflake or Databricks, that is a much easier rollout than asking everyone to use a separate access path.
The market is moving toward bundles, but the wedge is still depth at the enforcement layer. As Wiz, BigID, Rubrik, and platform vendors broaden into data security, the companies that win durable budget will be the ones that both detect risk and take action directly inside the systems where data already lives. Immuta is pushing in that direction by adding Detect and Discover around its policy engine.