The data marketplace isn’t just an IT solution. It’s an enabler of scientific progress at AstraZeneca.
Gayathri Ramamoorthy, AstraZeneca
AstraZeneca’s mission is clear: unlock science for patients, responsibly. That commitment shows up in how they manage data, ensuring it’s “responsibly sourced, rapidly available, and always protected,” as Gayathri Ramamoorthy, Associate Director of Data Engineering at AstraZeneca, explained during a recent webinar.
That standard is hard to meet when research spans clinical trials, genomics, imaging, and real-world evidence across dozens of countries. Traditional, ticket-based access models slow researchers down or, worse, overexpose sensitive data. The team’s answer is a data marketplace, and it’s changing how AstraZeneca discovers, governs, and provisions access at scale.
From fragmented access to a governed marketplace
Gayatri walked through the operating model that got them unstuck. Incoming data lands in a raw zone for traceability, is standardized in a publish layer, and then appears as curated data products in the marketplace with rich technical and business metadata. Classification and anonymization are automated from the start so stewards aren’t hand-scrubbing columns after the fact.
Critically, AstraZeneca uses attribute-based access control (ABAC) to match access to context: who you are, what project you’re on, where you’re working from, and why you need the data. Birthright access covers baseline permissions.
Project-specific access is time-boxed by design: granted quickly, then automatically deprovisioned when the work is done. Researchers move, access follows. As Gayatri put it, the result is simple: the right people get the right data for the right reason, at the right time.
If a researcher moves teams, their previous access is instantly removed… Every access request, approval, and action is logged.
Gayathri Ramamoorthy, AstraZeneca
How Immuta connects discovery to delivery
Snowflake’s internal marketplace and organizational listings make discovery straightforward. But discovery without delivery is a dead end, especially when an approval requires context and the right controls. That’s where Immuta comes in.
Immuta is built for data provisioning at scale, using two complementary paths:
- Provision by policy: Governance teams define plain-language policies once (birthright entitlements, masking, and filters), and Immuta enforces them natively on Snowflake, so baseline access “just works.”
- Provision by request: When users need something outside of birthright access, they click Request Access from the listing. Immuta routes the request to the right approvers (or systems like ServiceNow/Jira), applies guardrails, sets an expiry, and provisions automatically. No manual grants. No ticket limbo.
In the session, Steve Touw, Immuta’s cofounder and CTO, framed it as a yin/yang model: policy where you can predict needs, request workflows where you can’t. He also showed guardrail policies that prevent accidental over-approval (e.g., finance tables remain masked unless the requester belongs to Finance), plus time-limited access that cleanly revokes when the window closes.
Steve also highlighted that this governed provisioning extends beyond Snowflake to other cloud environments, including AWS S3, where AstraZeneca manages certain sensitive datasets under the same unified policy framework.
The net effect for AstraZeneca: discovery in Snowflake flows straight into governed, auditable access without sacrificing speed.
What changes for researchers and stewards
For researchers, the experience feels like a modern product, not a process. They find the data product, read the documentation, and click Request Access. If they already qualify under policy, access is immediate. If not, they complete a short form that captures purpose and duration. Once approved, Immuta applies the right controls (masking, row filters, or anonymization) and access is live, often in minutes.
For stewards and approvers, Immuta shortens the heavy lifting. Requests arrive with context, data use agreements are baked in, and suggested determinations help scale decisions. Approvals are recorded automatically, and unified audit makes it easy to answer who accessed what, when, and why across roles and projects. Recertifications aren’t ad hoc; they’re part of the lifecycle.
Provisioning and onboarding are automated… governance is policy-driven and auditable, not manual.
Gayathri Ramamoorthy, AstraZeneca
Why this matters for AI
AI raises the stakes. Teams and agents need faster paths to high-quality data, but with stronger controls. AstraZeneca’s marketplace mode, with policy-driven access for the predictable and request-based access for the exceptional, keeps data both useful and trusted. Immuta’s automation ensures protections travel with the data, so whether the consumer is a person or an AI agent, access remains purposeful, time-bound, and logged.
And because Immuta works natively with Snowflake (leveraging tags, masking, row filters, Horizon, and Org Listings), organizations don’t have to choose between moving fast and staying secure. They get both.
The takeaway
AstraZeneca’s story shows what happens when discovery meets delivery: researchers spend less time waiting and more time working, stewards govern by policy instead of tickets, and compliance is continuous rather than reactive. It’s a practical blueprint for any enterprise building a governed, AI-ready data mesh on Snowflake, with Immuta powering the last mile of trusted, scalable data provisioning.
Want to see it in action? Watch the on-demand webinar for a walkthrough of Snowflake Horizon, Org Listings, and Immuta’s request-to-approve flows.
Find more success stories at immuta.com/customers.
