tanchao.xyz

Data Policy Overlay Vendors: Immuta, Privacera, OneTrust, and Lake Formation

By · · 10 min read
immutaprivaceraonetrustawslake-formationgovernancedata
TL;DR A policy overlay is a control plane beside the warehouse that compiles one policy into each engine's native primitives and centralizes audit. Immuta and Privacera earn their cost on heterogeneous, multi-engine estates; OneTrust fits privacy-program-led shops; Lake Formation is the AWS-native version. If you run a single warehouse and simple masking, native controls are usually enough.

Part of the overview: How Modern Data Platforms Protect Data. Sibling deep-dives: BigQuery · Databricks Unity Catalog · Governance-as-code with dbt + Terraform · The third-party auditor’s gap list

The native catalogs converged. BigQuery policy tags, Unity Catalog ABAC, and Snowflake masking policies now offer strikingly similar tag-driven, row-and-column access models. So the honest question is why policy overlay vendors still exist — and the honest answer is that they earn their place under specific conditions and add cost the rest of the time. This post is skeptical-but-fair: an overlay is another control plane to keep in sync, and it has to pay for that.

Overlays earn it in four situations: a heterogeneous estate where the same logical dataset is queried from three or more engines; purpose-based access, where entitlement is bound to a declared use case; regulatory evidence that has to live in one normalized place; and iteration speed, when you cannot wait for a warehouse vendor to ship the control you need. Everywhere else, native is usually enough.

What “policy overlay” actually means

A policy overlay is a control plane that sits beside the warehouse, translates a single authored policy into native warehouse primitives — masking policies, row access policies, grants — and centralizes the resulting audit trail. You author once; the overlay compiles to each engine. The point is not to replace the warehouse’s enforcement but to be the single place policy is written and evidence is read.

There are two enforcement shapes, and the distinction drives everything downstream:

  1. Compile-and-push. The overlay generates native objects in the target system (Immuta, Privacera PolicySync). The query never traverses the overlay at runtime — the warehouse enforces its own generated masking and row policies. Lower latency, but the overlay must stay reconciled with live state.
  2. Runtime intercept. The query passes through an enforcement layer embedded in the compute engine (the Apache Ranger plugin model). Enforcement is real-time and centralized, at the cost of sitting on the query path.

The trade is always the same: single-point policy authoring and one audit shape, versus adding another vendor to the dependency graph that must be reconciled, funded, and audited in its own right.

1. Immuta

Immuta was built for defense and heavily regulated workloads, and it shows in the model: everything is attribute-based, and access is expressed as policy rather than hand-grants. It splits cleanly into subscription policies (who can reach a table) and data policies (what they see inside it: row redaction, column masking, cell masking). User attributes and tags compose into the conditions on both.

Its distinctive idea is purpose-based access control (PBAC): access is bound to a declared purpose — “research,” “fraud investigation,” “marketing analytics” — through projects, so the same user sees different data depending on which purpose they have acknowledged. That maps directly to GDPR purpose-limitation language in a way plain role-based access does not.

1.1 Policy as code

Immuta’s V2 API accepts subscription and data policies as structured payloads, which is what makes a policy change a reviewable diff in a pull request instead of a click in a console. This is the property that matters for an audit: the policy that reached production is the one a reviewer approved, and you can show the diff. It also matters because — as the governance-as-code post covers — Immuta has no first-party Terraform provider, so this API is the seam you build your IaC around.

1.2 The masking matrix

Immuta’s real depth is the breadth of its masking matrix: the technique available at each (data type × platform) cell. It spans hashing, regex replacement, replace-with-null-or-constant, reversible (tokenization-style) masking, rounding, generalization, and cell-level masking conditioned on another column in the same row. Immuta also pioneered SQL-based enforcement of k-anonymization, suppressing groups smaller than k at query time — though it deprecated k-anonymization as a standalone data policy type in 2025, so treat it as part of the privacy-technique lineage rather than a current headline feature. The point stands: this matrix is deeper than what any single native catalog ships.

1.3 Integrations and where they enforce

Immuta compiles to native controls across Snowflake (generated masking and row access policies), Databricks Unity Catalog, BigQuery, Starburst/Trino, and Redshift. The critical operational fact is that not every masking technique is available on every platform — the support matrix is a grid, not a checklist, so a policy that behaves one way on Snowflake may degrade or be unsupported on another engine. Read the data policy support matrix before you promise a control on a specific warehouse.

1.4 Detect and the Universal Audit Model

Immuta’s audit answer is the Universal Audit Model (UAM): one normalized event schema regardless of which warehouse the query ran against, with Detect providing activity monitoring on top. For an auditor working a multi-engine estate, this is the whole pitch — “who could read this column, and who did, on this date?” gets one answer in one shape, rather than one answer per warehouse in five different log formats.

2. Privacera

Privacera is the commercialization of Apache Ranger, built by the team behind Ranger, and that heritage defines it. Where Immuta is cloud-native and compile-and-push only, Privacera offers two enforcement modes and reaches deeper into Hadoop and on-premise estates that predate the cloud warehouses.

The two modes are worth stating precisely, because Privacera picks between them per platform (fine-grained access control overview):

  1. PolicySync — push the policy into the target system’s native constructs (Snowflake UDFs, Redshift, Databricks Unity Catalog, AWS Lake Formation). Enforcement happens in the warehouse; Privacera stays off the query path.
  2. Apache Ranger plugin — a lightweight Java library embedded in the compute engine (Spark, Trino, Presto, EMR) that authorizes and audits each request in real time.

Both normalize audit into the Apache Ranger format and centralize it, so you get one log shape across a genuinely mixed estate — the same value proposition as Immuta’s UAM, arrived at from the Ranger direction.

2.1 Deployment models

Privacera ships as PrivaceraCloud (SaaS) and as a self-managed platform. The self-managed option is not a footnote: for FedRAMP-tight or air-gapped estates that will not accept a third-party SaaS control plane touching their policy, self-hosting is often the deciding factor that rules Immuta out and rules Privacera in.

2.2 Connector example: Snowflake

The Snowflake connector illustrates the compile-and-push model concretely: Privacera discovers and classifies objects, then PolicySync compiles the central policy into native Snowflake masking policies and row access policies. Enforcement is Snowflake’s; authoring and audit are Privacera’s. That division is the whole overlay pattern in one connector — and it is why drift detection matters, since the generated Snowflake objects can be edited out-of-band in the console.

3. OneTrust

OneTrust is a different animal. It is a privacy and compliance platform first — DSARs, records of processing, consent — with data discovery and use-governance products layered on, rather than a warehouse-enforcement engine that grew privacy features. That origin sets both its strengths and its limits. Its DataDiscovery product classifies across structured and unstructured sources, and Data Use Governance applies purpose-aware controls that pair naturally with consent and processing records held elsewhere in the OneTrust suite.

One point of clarity, since the acquisition history invites confusion: Convercent, which OneTrust acquired, is an ethics-and-compliance product line, not part of the data-discovery story. If you are evaluating OneTrust for data protection, DataDiscovery and Data Use Governance are the relevant products.

3.1 When OneTrust is the right pick

OneTrust fits when you already run it for privacy-program operations and want classification and use-governance to share metadata and policy with that program — one system spanning consent, DSARs, and data-use controls. The anti-pattern is buying OneTrust solely for warehouse policy enforcement: Immuta and Privacera are meaningfully deeper at compiling and enforcing masking and row policies inside the warehouse. Pick OneTrust when the privacy program is the center of gravity, not when the warehouse is.

4. AWS Lake Formation: the AWS-native overlay

Lake Formation is the AWS-native overlay for estates built on the Glue Data Catalog — the governance layer for Athena, Redshift Spectrum, EMR, Glue ETL, and increasingly S3 Tables. It is not a cross-cloud product and does not try to be; inside AWS it gives you a coherent tag-and-grant model without a third-party control plane. Its model has three parts: LF-Tags for tag-based access control, data filters for row, column, and cell-level security, and cross-account sharing as a first-class flow.

A sharp edge worth knowing before you design. LF-Tags and data filters do not compose: data filters are not applied when you grant permissions through LF-Tags. To use row, column, or cell filtering you must grant on the named-resource path — the explicit database, table, and filter — rather than through tag-based access control. Teams routinely design a clean LF-Tag taxonomy, then discover their row filters silently do nothing on tag-granted tables. Plan the two mechanisms as separate tracks.

4.1 LF-Tags vs Immuta/Privacera tags

LF-Tags are the closest AWS analog to Unity Catalog governed tags and BigQuery policy tags — attributes attached to catalog resources, with tables inheriting from databases and columns from tables. The limit is reach: an LF-Tag is meaningful inside AWS and invisible to Snowflake or Databricks-on-Azure. Immuta’s and Privacera’s tags can carry policy meaning across heterogeneous compute. So the decision is estate-shaped: LF-Tags are enough when the Glue catalog is your source of truth and you live inside AWS; you outgrow them when you go multi-cloud or need masking techniques Lake Formation does not offer.

4.2 Iceberg + Lake Formation governance

S3 Tables make Apache Iceberg a managed AWS storage offering, and Lake Formation governs them through the Glue Data Catalog — with the sharp operational caveat that enabling Lake Formation access control on S3 Tables revokes existing IAM-based access, so it is a maintenance-window migration, not a toggle. The audit upside is real: Iceberg’s snapshot history combined with Lake Formation’s grant model lets you reason about who could see which snapshot when. The open question — how do you honor a right-to-be-forgotten request on an append-only table format whose old snapshots still contain the row? — is exactly the kind of gap the auditor’s gap list takes apart.

When overlays earn their cost

  • You query the same logical dataset from three or more engines (Snowflake + Databricks + Trino, say), and per-warehouse policy maintenance has become the drift source.
  • You need purpose-based access tied to a declared use case, not just role membership.
  • You need masking techniques beyond what the natives ship — reversible/tokenization-style masking, generalization, cell-level conditional masking.
  • You need one normalized audit shape for SOC 2 or ISO 27701 evidence across the whole estate.

When native is enough

  • A single-warehouse estate: BigQuery-only or Unity-Catalog-only.
  • Hashing, nulling, or regex masking meets your requirements.
  • Tag-driven ABAC in the native catalog already expresses your access model.
  • Your audit evidence can stay in the native shape — Cloud Audit Logs or system.access.audit — without a normalization layer.

The overlay is a control plane. It earns its keep by removing per-engine drift and centralizing evidence. If you do not have per-engine drift and your evidence is already centralized, you are paying for a plane you do not fly.


Sources

All sources are linked inline throughout the post. Consolidated here by vendor for reference:

Immuta

Privacera

OneTrust

AWS Lake Formation

FAQ

What is a data policy overlay?
A control plane that sits beside the data warehouse, translates a single authored policy into each engine's native primitives (masking policies, row access policies, grants), and centralizes the audit trail. Overlays let you author one policy for a heterogeneous estate instead of maintaining separate policies per warehouse.
What is the difference between Immuta and Privacera?
Both compile a central policy into native warehouse controls. Immuta is cloud-native, built around ABAC subscription policies, purpose-based access, and a broad masking matrix. Privacera commercializes Apache Ranger and offers two enforcement modes: PolicySync (push policy into the native system) and Ranger plugins (runtime enforcement inside the compute engine), which gives it deeper Hadoop and on-premise coverage.
Does Immuta have an official Terraform provider?
No. As of 2026 the Terraform Registry lists no first-party Immuta provider — only a Snowflake data-warehouse scaffolding module. Teams manage Immuta policy through its V2 REST API, a provider generated from the OpenAPI spec, or an unmaintained community provider on GitHub. This gap matters for drift detection, covered in the governance-as-code post.
Can AWS Lake Formation apply row, column, and cell filtering through LF-Tags?
No. Lake Formation data filters (row-level, column-level, cell-level security) are not applied when permissions are granted via LF-Tags. To use data filters you must grant on the named-resource path — the specific database, table, and filter — rather than through tag-based access control.
When is a native catalog enough without an overlay?
When you run a single warehouse (BigQuery-only or Unity-Catalog-only), your masking needs are met by hashing, nulling, or regex, tag-driven ABAC in the native catalog covers your access model, and your audit evidence can stay in the native log shape. Overlays earn their cost on multi-engine estates, purpose-based access, advanced masking, or a single normalized audit shape.