Immuta Architecture

Immuta the Data Security Platform designed to separate policy from compute, integrate seamlessly with the modern data stack, and enforce data policies with high performance.


Immuta Ecosystem

Immuta is a native plugin that integrates seamlessly with the major cloud data platforms, as well as other data security and governance tools such as IAM systems, data catalogs, and BI tools, as part of the modern data stack.

Separation of Policy and Compute

Flexibility – Multiple data sources and users means workflows might constantly need to change, thus requiring flexibility in policy creation and management.

Scalability – With more data and users comes more policies to manage. This can only be done effectively and securely at scale if the policy engine is independent of compute.

Complexity Reduction – Managing thousands of policies across multiple platforms and users can be complex without a single point of control.

Native Cloud Integrations

Dynamically enforce policies to reduce the number of user roles required

Achieve high performance because processing is done 100% in the underlying platforms

Reduce risk by eliminating the need to move or copy data

Policy Orchestration and Enforcement

Fine-grained data security – Grant uniform, fine-grained authorization for column-, row-, and cell-level security

Dynamic data masking – Enforce queries at runtime without writing code or copying data

Attribute-based access controls (ABAC) – Map powerful attribute- and purpose-based models to primitive access controls that exist in the database


Immuta Data Security Platform

The Immuta Data Security Platform provides three layers of protection – Discover, Secure, and Detect – to deliver scalable, comprehensive data protection without sacrificing data access.


How ABAC Works

With Immuta’s attribute-based access control, policies are dynamically enforced at query runtime. The database checks with Immuta to verify entitlements and applies them as the query runs. Results are then logged automatically.

  • Data security is automatically enforced at runtime
  • Policies can be created, verified and managed by distributed non-technical team
  • Eliminate data duplication
  • Inherit attributes from identity management system
  • Leverage metadata only (no data stored)
  • Data access is logged automatically
  • Reports answer who accessed what data and when, and how policies might have changed

Frequently Asked Questions

What are key data governance components for an effective governance framework?

The key data governance components for any effective governance framework include an understanding of your organization’s data maturity level, alignment of all key stakeholders within the organization (engineers, architects, data owners, compliance officers, analysts, auditors, etc.), and a platform that streamlines governance methods across your data stack. By facilitating stakeholder alignment and streamlining governance practices, these data governance components make for a system that manages data productively.

What makes for an effective cloud governance model?

An effective cloud governance model will govern data access and use across an organization’s various cloud storage, compute, and analysis platforms. This means that data will be controlled in order to manage its security, integrity, and quality regardless of where it lives in a data ecosystem. Universal applicability, powerful security, and comprehensible policies make for a cloud governance model that can span any range of cloud data resources.

How should I start building an access control framework?

Any data access control framework starts with the creation of access policies. After determining which access control method they want to use, a data team can assign user roles, attributes, etc. to their data users in order to describe their relevant characteristics. Then, data policies can be written that determine access based on any number of these identifiers. Teams should ensure that their access control framework not only meets internal needs, but subscribes to all applicable data rules, laws, and regulations meant to protect sensitive data.

What are the benefits of centralized access control?

Centralized access control is beneficial for a few distinct reasons. This form of access control unifies all of your required access management into a single, centralized system that can be applied across platforms. The benefits of this centralization include the simplification of access management, ease of oversight and activity tracking, and the universal application of access rules set by system administrators. It also eliminates the hassle of using disparate access models, and maintains a single standard of improved security while minimizing risk.

Architecture Guide

Read the Immuta Architecture Guide to dive deeper into the technology underpinning Immuta.