Data Access Platform Vendor Immuta Issues New Enhancements and Integrations
Boston-based data access platform provider Immuta unveiled a number of new capabilities and integrations for its Data Access Platform, including native integration with Google BigQuery, which brings Immuta capabilities to BigQuery customers. The release also includes three enhancements for Snowflake: External OAuth, improvements to table grant management, and data source ingestion. Audit log export to Amazon S3 and upgrades to policy onboarding for its Databricks integration round out the list of additional enhancements. The New Stack spoke with Immuta co-founder and CTO Steve Touw about the decision to invest in the native integration with BigQuery, as well as the details of the other capabilities included in the release.
Regarding the Google BigQuery tie-ins, Touw said that building the native integration allows Immuta to “go deep and… basically plac[e] a bet on a database vendor,” resulting in a stronger partnership and allowing Immuta to enforce policies natively in the database. This “non-invasive” policy enforcement renders Immuta essentially invisible to the end consumer, which Touw says is the key reason for building the native integration. This is in contrast to cases without native integration, where Immuta instead functions as a proxy in front of databases and re-writes queries. In addition, the native integration brings to BigQuery users core Immuta capabilities of data masking, data discovery and classification, scalable policy building through Immuta’s attribute-based access control model, and auditing of user and policy activity to generate compliance reports.
Keep Me Updated
The new release also includes a number of updated features for Snowflake. The first of these brings external OAuth to Snowflake: Immuta customers can use their identity provider (IdP) to authenticate to Snowflake without the customer having to share their credentials, generating a higher level of security for these customers’ workloads. Next, an update to Snowflake table grant management represents a slight change in the model of how Immuta brings access control to tables in Snowflake. Previously, table access was granted manually, and a user might have multiple different roles assigned to them, switching between these roles, with each role giving the user different access to different tables. Now, Immuta is introducing an algorithm that consolidates Snowflake role hierarchies assigned to each user under one role, with all the applicable policies underneath, which is designed to simplify the management of these roles. The third of the Snowflake-related enhancements adds the ability to perform metadata ingestion from Snowflake to Immuta, at scale, with API-based progress reporting.
As mentioned above, this Immuta release also includes audit log export to Amazon S3 and updated policy onboarding for Databricks users. The first of these allows exporting audit log data collected in Immuta to Amazon S3, where it can then be analyzed with tools such as Splunk. Users can then build dashboards across all their audit logs that were captured, allowing users to analyze historical trends on how data is being accessed, as well as how policies change over time. Touw says the introduction of this functionality represents the first step in an investment into helping customers understand and analyze patterns in their underlying data systems.
Finally, the update to policy onboarding for Immuta’s Databricks integration now decouples policy building from sensitive data discovery. With this new default, when users register tables, Immuta now leaves existing access controls as they are, allowing users to still run sensitive data discovery across the table, analyze results, and update and apply policies accordingly. This approach disaggregates the onboarding process into multiple steps, allowing users to take a more iterative approach.
Present Returns, Future Returns
Overall, Touw says that the audit log export to S3 function and the change to a default no-policy setting for Databricks are likely to deliver the most immediate returns to current customers in terms of addressing their existing pain points. Immuta also hopes that integration with BigQuery will allow it to open a market with BigQuery customers and bring its functionality to a wider audience. Security and privacy concerns are increasing worldwide. Bringing these capabilities to an expanding user base has the potential to broaden demand for data access management and embolden customers to implement it, proactively and successfully.