Product Overview

Universal Cloud Data Access Control

Immuta enables data engineers and operations teams automate data access control across their entire cloud data infrastructure at scale.

What is Immuta?

Data teams need to move fast. But, as data volumes grow and usage expands, it has become impossible to control who has access to what data, ensure proper compliance, and enable safe data sharing.

We built Immuta to give data teams the control and visibility they need.

Immuta is the universal cloud data access control platform, providing one platform to automate access control for any data, on any cloud service, across all compute infrastructure. It’s the only solution built for fast-moving DataOps environments that provides universal cloud compatibility and scalability.

-->

Immuta Architecture

Immuta integrates seamlessly into your architecture — no matter how complex — to allow consistent and scalable policy enforcement in the cloud, on premise, or with hybrid architectures.

Immuta Enterprise Architecture Graphic

DEPLOYMENT OPTION
SaaS

learn more

DEPLOYMENT OPTION
Self-Managed

request demo

Immuta Capabilities

Attribute-Based 
Access Control

Immuta’s policy builder empowers data teams to create automated policies to govern cloud data use – scaling user adoption, eliminating approval bottlenecks, and providing trust with compliance and governance teams.

Learn More

Discovery & 
Classification

Immuta automatically scans cloud data sources, detects sensitive data, and generates standard tagging across multiple compute platforms, reducing risk and improving data utility.

Learn More

Policy Enforcement & Auditing

Immuta enforces access control policies automatically on every query, and captures rich audit logs so data teams can be confident data is used securely, and can prove compliance with rules and regulations.

Learn More

Masking & Anonymization

Immuta’s advanced privacy-enhancing technologies (PETS) accelerate data sharing use cases by dynamically masking and anonymizing sensitive data, and are supported by Immuta’s expert team of legal engineers.

Learn More

Built for Agility and Simplicity

Enable data access in minutes not months

Rather that forcing data consumers to wait weeks or months before getting access to the data they need, Immuta enables data teams to unlock data access in minutes while still being confident they are in full compliance.

Increase permitted 
use cases by 4X

Immuta makes it much easier for data teams to safely share more data with more users, faster, by automatically anonymizing or masking sensitive data – unlocking new analytical use cases.

Make data access 100X simpler to manage

Immuta’s dynamic, policy-based access controls eliminate the need to create and manage hundreds or thousands of user roles – freeing up valuable time for data engineers and stewards.

Loved by Data Teams

"Databricks opens up many opportunities for self-service data analytics, data science, and enterprise reporting. Paired with Immuta, we can make all our data available to all types of business analysts, data scientists and data engineers."

Ajay Sahu
Director of Enterprise Data Management, J.B. Hunt

"Immuta is the go-to technology to implement our vision of an internal “Data & Analytics Marketplace”, enabling full transparency on the relevant data assets with secure and compliant data access."

Walid Mehanna
Head of Data & Analytics, Daimler

"With Immuta, we’ve been able to streamline data science and engineering teamwork, dynamically adapt in real time, and accelerate productivity."

Halim Abbas
Chief AI Officer, Cognoa

Built for the Modern Data Stack

Connect Immuta to an expanding universe of data sources.

View All

Data Access Control

Frequently Asked Questions

  • What is data access control and why is it important?

    Data access control refers to selectively restricting access to data so as to protect the privacy and security of the data subject, and ensure ethical data use. This is accomplished by setting parameters for who can access what types of data and dynamically enforcing controls to meet those parameters.

    With organizations collecting, storing, and using sensitive data more than ever before, data access control is now critical for all organizations that rely on data for analytics and decision making. Data use — especially sensitive data use — is increasingly regulated by federal legislation, data use agreements and contracts, industry guidelines, and internal rules, among others; ensuring its compliant use is necessary to avoid data leaks and breaches that could result in fines, legal action, and loss of reputation. Without data access control, organizations have no way of monitoring who is accessing what data, when, and for what purpose, jeopardizing the data’s security and privacy.

  • What is fine-grained access control?

    Fine-grained access control is a method of controlling who can access certain data by giving each piece of information its own access criteria. These criteria can be based on a number of specific factors, including the role of the person requesting access and the intended action upon the data. For example, one individual may be given access to edit and make changes to a piece of data, while another might be given access only to read the data without making any changes.

    Fine-grained access control is particularly important for organizations that store large amounts of data together in the cloud since it allows data to be stored in the same place without risking security and compliance.

  • What’s the difference between RBAC, ABAC, and PBAC?

    Role-based access control (RBAC) grants data access to users based on their role or function within the organization. This type of access control works for small organizations with few data sets and data users, but as roles, users, and rules change, data teams are forced to create new roles to accommodate organizational evolutions. As a result, a system may contain hundreds or thousands of roles that are difficult to manage and scale as organizations grow, which can lead to increased risk of data leaks and breaches.

    Attribute-based access control (ABAC) is an approach to data security that permits or restricts data access based on assigned user, object, action, and environmental attributes. In contrast to RBAC, ABAC has multiple dimensions on which to apply access controls. This makes attribute-based access control a highly dynamic model because policies, users, and objects can be provisioned independently, and policies make access control decisions when the data is requested.

    Purpose-based access control (PBAC) applies regulation-based restrictions to sensitive personal data, as detected by automated sensitive data discovery tagging. When combined with data masking tools, this reinforces confidence that the right people are accessing the right data at the right time, and for appropriate purposes. For regulatory compliance and data audit trails, this level of control is particularly powerful and critical for ensuring data is adequately protected and reportable to legal and compliance teams.

  • What are the four types of access control?

    The four main types of access control are discretionary, mandatory, role-based, and attribute-based. With discretionary access control (DAC), users create rules to determine who has access to the data through access control lists (ACLs) and capabilities tables. Mandatory access control (MAC), often regarded as the strictest type, takes a hierarchical approach to data access in which a systems admin regulates data access based on varying security clearance levels, and is widely used in the government and military. Role-based access control (RBAC) depends on a systems admin to grant access permissions based on a user’s role within the organization. Unlike RBAC, attribute-based access control (ABAC), enables data access based on attributes of the user, object, action, and environment, creating a dynamic system that vastly reduces the number of policies needed to enforce access control and avoids the need to create new roles for all changes to a data environment.

  • Why is there a need for data access control?

    The ability to store large amounts of information together is a substantial competitive advantage. However, this data can vary in terms of type, source, and security level. With organizations accelerating movement to the cloud and adopting multiple cloud data platforms, it’s imperative to maintain control over who can access what data and for what purpose. Without data access control to dictate that, organizations run the risk of experiencing data leaks, breaches, and otherwise unauthorized access that can be costly from a monetary standpoint — in the form of penalties for violating data use rules and regulations — as well as from a privacy standpoint, as data subjects’ personal information and proprietary business data may be exposed.Before the onset of cloud data use, when data types could be stored in separate locations with access dictated according to those locations, coarse-grained access controls worked sufficiently. But, as data is increasingly co-located in the cloud and use cases expand, fine-grained access control is essential to enable data use without running into security or compliance issues.

  • What is the strictest access control model?

    Mandatory Access Control (MAC) is considered the strictest access control model. Primarily used by the government and military, this form of access control takes a hierarchical approach to regulating data access. Security labels, denoting both classification and category, are placed on the available resources by system admins and cannot be changed by any other users. The same labels are attributed to the system’s users, so only those with the proper security credentials are able to access certain resources within the system.

Ready to get started?

Request a Demo Start a Trial