Founders in Focus: Matthew Carroll of Immuta

Welcome to our Founders in Focus series, where each month we highlight one of the founders of Okta Ventures’ portfolio companies. You’ll learn more about them and how they work with Okta. This month we’re speaking with Matthew Carroll, CEO and co-founder of Immuta.

What is Immuta and what is your mission?

Immuta’s mission is to enable organizations to unlock the value of their data without compromising security, compliance or privacy. Founded in 2015, Immuta has built and commercialized the leading universal cloud data access control platform. Our founding team spent over a decade working with the U.S. Intelligence Community, tackling some of the most complex and sensitive data governance problems. We founded Immuta to help all organizations across a range of industries to unlock the value of their data in a diverse cloud data ecosystem – safely, securely, legally, and ethically.

Today, Immuta is the leading platform for data access control. It powers compliant Business Intelligence, analytics, data sharing and data science for the world’s most data-driven organizations. Data engineering and operations teams use Immuta to extract data-driven outcomes, faster, by dynamically adapting data views for each user based on intelligent data policies in a DataOps environment. Immuta’s automated and scalable approach makes it easy to discover sensitive data, build and apply access control policies, catalog data for self-service access and collaboration, and audit data use across any cloud data ecosystem.

What were you doing prior to Immuta that led you to this moment?

I served as an officer in the U.S. Army. I went through basic training and did Officer Candidate School, then a military intelligence officer course. Then, I got deployed to Iraq. While there, I learned firsthand about the power of connecting information about people and data and the difference it can make.

It all changed when the military began to figure out how to make sense of the flood of seemingly disparate pieces of information flowing in each day. For active counterinsurgency operations, it completely transformed everything we did. 

After the Army, I remained involved in the Intelligence Community, eventually serving as CTO of the Defense Intelligence Group at Computer Sciences Corporation (CSC). At CSC I ran data fusion and analytics programs and advised the U.S. Government leadership on data management and analytics issues. I left them to found Immuta with my co-founders, Steve Touw and Michael Schiller, bringing together all of my experiences with data analytics and the importance of strong data governance.

What is the Immuta solution? What challenge does it solve? 

Today’s companies maintain and analyze massive amounts of customer, product, and business data, but face significant challenges in unlocking the utility and competitive advantage within their data without increasing security risk, jeopardizing privacy, or incurring significant costs. Put simply, there are too many data sources and too many policies. 

Additionally, we’re seeing new cloud services grow at record speed and DataOps emerge as a parallel function to DevOps. While DataOps teams are still concerned with big data, they are increasingly concerned with the “little data” being generated across an organization as a result of the rapidly growing number of users, platforms, and data sources. Controlling access to thousands of little data products in real-time in a manageable, scalable way is impossible with the existing tools. 

As the leading platform for universal data access control, Immuta gives data engineers and data scientists a simple, scalable way to automatically apply policies across their entire data ecosystem – it works across any data platform, on any cloud. This enables them to be compliant with regulations and increase data sharing. It means they don’t have to think about data security and they can focus instead on maximizing its usage. 

Why did Immuta want to work with Okta?

A partnership between Immuta and Okta made too much sense not to pursue. As we continue to scale as a business, having Okta as both a technology partner and investor is a natural fit.

From a technology perspective, every organization needs to authenticate their users in order to give them access to cloud data platforms (which is what Okta does). But they also need to provide dynamic access to the data being managed on those platforms (this is what Immuta does). 

Through our work together we have married the three “A’s” of security – authentication, authorization, and access control – and created an end-to-end, easy-to-implement solution that our joint customers have been really pleased with. Historically, implementing those three A’s was not easy. Due to the bespoke authentication and access control systems that exist across different data platforms, from a security and data privacy perspective, it was a time-consuming, risky process. So, not only are we reducing cost and time, we’re making it possible for customers to take advantage of different cloud data analytics platforms—without giving up centralized control, security, and identity management. 

One important component worth mentioning is the important role that Okta Lifecycle Management Workflows play in the implementation. It enables administrators to automate the most complex identity-centric processes without code. Immuta’s technology expands this unique functionality by automating equally complex data governance and privacy controls, also without code. Together it’s a seamless, low-code/no-code approach to security and governance across any cloud.

How is Immuta working with Okta? What support do you look for in a corporate partner?

Okta securely connects the modern workforce to every application. Immuta extends this to securely connect the workforce to their data for analysis. As two companies, we have parallel visions for automating related forms of secure access. 

Okta’s mature process for selecting and onboarding high-value partners was extremely attractive to us and a primary driver informing the working relationship. Our joint solution will provide transparent integration and enhance the offerings of both companies.

What trends do you expect to see in the data governance industry? 

There are a number of growing trends I’m seeing right now: 

  • Automation – I expect to see both solution providers and users prioritize cloud automation above all else. It’s the only feasible way for organizations to protect and operationalize their data as the number of data sources, consumers, and queries grows. 
  • Identity Management – Users need to have a single identity, whether internal or external to the organization. This requires having strong interoperability between various cloud services and platforms that organizations use. 
  • Data sharing – Data-driven organizations must be able to easily and quickly share data, with the least amount of risk possible. 
  • Unified access management – Organizations must understand who is asking what of their data and why.

We’re working hard, and through our work with Okta we’re making the above possible, as we expand our cloud footprint and interoperability. With strong partnerships, we’re building a more connected cloud ecosystem. For organizations looking to seamlessly apply governance controls to data analytics and set the pace of innovation, this ecosystem is vital.

Interested in joining Okta Ventures? Check out our FAQ here and feel free to reach out to our team or submit your business for review.