Immuta Architecture

Immuta is designed to meet modern data security needs by offering a Data Access Platform designed to separate policy from compute, integrate seamlessly with the modern data stack, and enforce data policies with high performance.


Immuta Ecosystem

Immuta is a native plugin that integrates seamlessly with the major cloud data platforms, as well as other data security and governance tools such as IAM systems, data catalogs, and BI tools,as part of the modern data stack.

Separation of policy and compute

Flexibility – Multiple data sources and users means workflows might constantly need to change, thus requiring flexibility in policy creation and management.

Scalability – With more data and users comes more policies to manage. This can only be done effectively and securely at scale if the policy engine is independent of compute.

Complexity reduction – Managing thousands of policies across multiple platforms and users can be complex without a single point of control.

Native cloud integrations

Dynamically enforce policies to reduce the number of user roles required

Achieve high performance because processing is done 100% in the underlying platforms

Reduce risk by eliminating the need to move or copy data

Policy orchestration and enforcement

Fine-grained data security – Grant Uniform, Fine-Grained Authorization for Column-, Row-, and Cell-level Security

Dynamic data masking – Enforce queries at runtime without writing code or copying data

Attribute-based access controls (ABAC) – Map powerful ABAC and Purpose Based Access Controls (PBAC) models to primitive access controls that exist in the database


Immuta Data Access Platform

The Immuta Data Access Platform is centered around data security, providing authoring, orchestration, and privacy capabilities. In addition to the central Secure pillar, Immuta also provides data discovery and monitoring capabilities.


How ABAC Works

With Immuta’s attribute-based access control, data access is dynamically enforced at query runtime. The database checks with Immuta to verify entitlements and applies them as the query runs. Results are then logged automatically.