Use Case

Federated Governance for Data Mesh

What is Data Mesh?

Data mesh is an architectural approach to managing data within distributed organizations. In contrast to the “data monolith” where a single team is responsible for enterprise-wide data management, data mesh has a decentralized and domain-oriented data architecture. This gives each business domain ownership of its data to create context-aware data products, govern their data, increase self-service, and improve collaboration.

Read this blog to learn more about the four key pillars of data mesh.

The Data Mesh Security Challenge

With dozens of data owners and hundreds of data products, data governance is the hardest part of managing, scaling, and deploying a data mesh. Distributed environments require guardrails within domains and global governance. This is why organizations need Federated Data Governance – a key pillar of data mesh.

Federated Data Governance upholds standards for security, privacy, and compliance without reverting to inefficient, centralized data management controls. In other words, some controls are distributed (aka “federated”) but domains still share governance responsibilities.

Data Domain Ownership & Centralized Governance

Immuta gives you control over your data with an easy-to-use plain language policy builder. Now, you can tag and create domain-specific access policies, as well as global policies that apply to all domains. This combination provides centralized governance with the ability to enforce polices across domains.

Designed to Secure 100s of Data Products

With Immuta, you can document and register data products for discovery and access, centralize tag taxonomy, and automate access via metadata-driven policies. This enables self-service access via data product owner approval, helping to securely scale eliminated complexities in managing highly distributed data operations.

Self-Service Data Access That’s Still Compliant

Immuta allows you to quickly create, manage, and enforce policies across data products, without complex access controls or administrative bottlenecks. With Immuta’s always-on data monitoring, you can track how data products are consumed to detect threats and prove compliance.


Secure Data Mesh at Roche

Roche built a data mesh on Snowflake and produced 200+ data products in less
than two years.

“With Immuta, we can give our data product team tools to govern their own policies and access control. It allows them to do it a little quicker, a little more efficiently, and they understand their own data.”

Paul Rankin
Paul Rankin Head of Data Management Platforms
Immuta Features

The Immuta Advantage

Immuta provides the necessary data security capabilities to successfully implement data mesh.


Easily implement domain-specific products with repeatable data access control patterns that require fewer policies and are more transparent.

Domain-Specific Policies

Manage data access using pre-built tags and create domain-specific policies that accelerate time to access data.

Attribute-Based Access Control

Leverage ABAC to build unique vertical policies and enable scalable data access so the right users can access the right data.

Learn More
Standardized Policy Frameworks

Remove the centralized IT bottleneck with standardized framework of data access policies that are applied across all domains for federated governance.

Unified Auditing and Reporting

Monitor data access with unified audit and reporting across all domains for ease of proof of compliance.

Learn More
Real-Time Monitoring

Improve data security posture management across all domains with data and user activity monitoring for real-time behavior analysis and faster remediation.

Learn More
Distributed data stewardship implementation for data mesh architecture.

Get the Most Out of
Data Mesh

Without Immuta With Immuta
Data access policies are either overly broad or overly restrictive
Mitigate risk as you open up data access

Legacy approaches are inefficient and suboptimal for data mesh
Increase efficiency and productivity

Managing policies across domains is highly complex
Simplify data policy management across all data domains

Manually managing distributed data access creates delays
Accelerate data access by 100x

Frequently Asked Questions

What's a straightforward data mesh definition?

Given its similarities to architectural models like the data fabric, it can be difficult to find a straightforward data mesh definition. Data mesh is an architectural approach rooted in decentralized data ownership and the ability for domain experts to independently develop and manage their own data products. This architecture emerged as an alternative to the centralized, monolithic models of legacy platforms that are often rigid and difficult to scale. The data mesh enables manageable distributed data storage and control, while promoting distributed access and use.

What are the four data mesh principles?

The four data mesh principles are:

  1. Domain-Centric Ownership & Architecture: Domain ownership and management are shifted to teams that work most closely with and possess the most knowledge about each respective data domain.
  2. Data-as-a-Product: Teams create data products that are well-documented, maintained, and designed to meet the specific needs of different domain and consumer teams.
  3. Self-Service Data Platform: Teams implement consistent, low maintenance, and easy-to-understand access and security measures to create a structure that is both clearly defined and repeatable across efforts/domains.
  4. Federated Computational Governance: Teams need to balance the delegation of domain-based policy management with the enforcement of centralized, consistent security standards to ensure informed data protection and compliance across domains.
What's a working data mesh example?

One working data mesh example is that of Roche Diagnostics, which sought to restructure its legacy data ecosystem to distribute data stewardship and remove data access bottlenecks. To do this, Roche’s team worked with cross-functional stakeholders to ensure that their new architecture would be informed and leveraged by both technical and non-technical teams. This cultural alignment, when paired with a technical overhaul, helped Roche’s new data mesh architecture snowball into more efficient, business-driving data usage across teams.

Read more about Roche's data mesh example

Have 29 Minutes?

Let us show you how Immuta can transform the way you govern and share your sensitive data.