Immuta

Data access control / governance for cloud data platforms. Primary category: data-access-governance; also dspm.

One-liner — A data-access-control platform that enforces fine-grained, attribute-based access policies (masking, row/column filtering) natively inside Snowflake, Databricks, and other cloud data platforms, so the right users see the right data.

What it does

Immuta sits over your cloud data warehouse/lakehouse and centralizes who can query what. Instead of hand-coding per-table grants, you write attribute-based access control (ABAC) policies once and Immuta enforces them dynamically — dynamic data masking, row-level filtering, purpose-based access — pushed down into the underlying platform. It also discovers and classifies sensitive columns and provides monitoring/audit of data access. The claim (vendor) is that ABAC cuts the number of policies needed by ~75x vs. role-based grants.

Where it sits in the stack

Data layer — primary data-access-governance, secondary dspm. Risk role: controlling access to sensitive data — it constrains which sensitive data a human, service account, or AI/RAG pipeline can actually retrieve. Critical control for entitlement-aware analytics and entitlement-aware-rag when the warehouse is the knowledge source.

Deployment & architecture

SaaS control plane. Policy is pushed down into the data platform (native integrations with Snowflake, Databricks, Amazon Redshift, Google BigQuery, Azure Synapse, Starburst) rather than proxying queries — so enforcement happens in-engine and Immuta is not in the data path. Provides audit logs to SIEM.

Positioning & differentiators

Known as a leader in policy-as-data-access for the modern data stack, especially Snowflake/Databricks shops. Nearest neighbor collibra is governance/catalog-first (metadata, lineage, cataloging) whereas Immuta is enforcement-first (live access control). Versus pure dspm tools (cyera, sentra, bedrock-security, symmetry-systems) Immuta is less about posture discovery and more about runtime entitlement enforcement. Competes with native warehouse RBAC and with veza/sailpoint on the access-governance edge. Snowflake and Databricks are both investors and partners.

Ownership, funding & M&A

Independent, VC-backed private company. Total funding ~$267M. The $100M Series E (announced 2022-06-08) was led by NightDragon (Dave DeWalt) and Snowflake (Snowflake Ventures) at a $1B valuation; investors also include Databricks Ventures, Dell Technologies Capital, DFJ Growth, Intel Capital, March Capital, StepStone, Ten Eleven Ventures, Wipro Ventures, ServiceNow. NightDragon is a growth investor, not an acquirer — no acquisition occurred. Ownership confidence high.

CTO / hedge-fund lens

For a fund running analytics on Snowflake/Databricks, Immuta is a strong fit to enforce who-sees-what on sensitive data (MNPI segregation, PII, deal data, entitlement walls) without bespoke per-table grants. Day-2 in the generic stack but effectively Day-1 if you do warehouse-backed RAG or broad internal analytics on regulated data. SR 11-7 relevance is indirect (data-access governance supporting model inputs/audit), not model risk per se. Best fit for shops already standardized on a cloud data platform; overkill if your data is small or not centralized.

Competitors / alternatives

collibra, cyera, sentra, varonis, veza, sailpoint, bedrock-security, symmetry-systems, native Snowflake/Databricks RBAC.

Open questions / to verify

  • Latest valuation / any newer round since 2022 Series E.
  • Depth of Immuta’s own DSPM/discovery vs. dedicated DSPM tools (is the dspm tag earned or aspirational?).
  • Current revenue/scale.

Sources

History

  • [2026-06-28] Stub created from seed registry.
  • [2026-06-28] Researched; established independent (private), Boston, founded 2015, ~$267M raised, $100M Series E at $1B led by NightDragon+Snowflake. Clarified NightDragon is an investor, NOT acquirer — no M&A. Reordered categories (data-access-governance primary). Set ownership_confidence high, confidence high.