Immuta raises $8M to make data swaps fully legal exchanges


Data has two faces, representing a company’s most competitive advantage but also its biggest risk. In the wake of a frightful year of ransomware and cyber espionage, businesses in 2017 are on information lockdown, tangling data scientists in a mess of bureaucratic red tape.

Factor in the impending regulatory laws for data management and privacy under the General Data Protection Regulation, and the case is now made for hiring legal counsel just to oversee corporate data use. There are so many new considerations for corporate data management that operational bottlenecks are being created beyond datacenter architecture, tripping over the philosophic pitfalls governing any intent to contextualize consumer information.  

With a goal to navigate the merging worlds of law and computing, Immuta Inc. offers a unified data platform that lets data scientists and data governors share raw data safely and securely under current compliance code. The startup today announced an $8 million Series A round of funding, a major step in Immuta’s efforts to expand its business from the public sector to the enterprise. The round is led by Drive Capital with participation from Greycroft Partners and Conversion Capital, following a $1.5 million seed round in 2015.

From public to private sectors

Launched in 2014 by former National Security Agency technologists, Immuta claims big clients in the highly regulated industries of finance, telecom and national security, including General Electric Co. The idea is to de-risk the innovation process through dynamic, rule-based actions created by data owners. Immuta’s offering supports the major structured and unstructured data sources, on-premises or in the cloud, including Amazon S3, SQL, NoSQL, Hadoop and Spark. Data remains with the owner, who sets the refresh rate to Immuta’s system.  

“When regulations are baked into the data layer, it’s easier to collaborate,” said Matt Carroll (pictured), chief executive officer of Immuta. “You can enable the data science team, instead of hampering it. There is no risk of anyone seeing something they’re not supposed to see.”

Immuta is known for its BoData data management platform, which provides secure access to enterprise data “without forcing up-front data consolidation.” Another Immuta product is Bakula, which is described as a “reactive-data programming engine” that converts data state changes across an enterprise. With this funding, Immuta will expand its marketing efforts and develop its product line in the financial sector.

Immuta’s push into the enterprise is making an appeal for machine learning projects with highly sensitive data, where data scientists can create immediately regulated and compliant data sandbox environments that combine disparate data sources from within and across organizations. According to Immuta, the platform make it possible for companies to leverage big data without exposing all of the data, risking privacy leaks, damaging the original data (often in a data lake) or having to write new code handle permissions every time there’s a new request.

A first look

In its first demonstration to the public, Immuta unveiled a clean-cut interface for accessing, searching and playing with raw data.

“We do some caching in memory and on disc for latency, but we don’t store data. Data virtualization is a means to an end, and the end is doing data privacy dynamically,” Carroll explained in an interview. The process is based on the access pattern, pushing the query down to the data source every time and enforcing privacy policies on the fly. “You’ll always see the latest from the SQL connection. Data owners can set how often they want us to check for updated data,” Carroll said, noting the latter method is useful for static data.

Data ownership is the other monster Immuta tackles, providing several canned data sources users can expose, as well as support for custom data sources.  Some canned options aren’t SQL-based – this is another key point. Owners also get full audit access to log data in the system, able to view the activity of end users.

“This concept of purpose-based control is really important for GDPR regulations,” Carroll warned, noting log data’s ability to uncover the intentions behind an end user’s actions. “[The end user] will be accessing the data as he always was, and these purposes are logged and can be audited. Now data governance can quickly spit out a report for documentation.”

The legal engineer has arrived

Building software to train machines based on human interpretation of laws can be a bit much to wrap one’s head around. Immuta’s taken care to hire a chief privacy officer who doubles as the company’s legal engineer. Andrew Burt also hails from the public sector, working as a senior cybersecurity advisor for the Federal Bureau of Investigation. With a law degree from Yale and an early journalism career covering national security, Burt became increasingly interested in the intersection between the law and technology.

An extended interview with Burt followed many fascinating rabbit holes, the conversation bouncing from job automation to algorithmic bias. His presence at Immuta reinforces the heady responsibility of corporate data use today, as the startup faces real decisions on how to create code that addresses the countless scenarios possible when interpreting the law.

Burt will be the first to admit that Immuta, along with the whole of society, is still in the process of determining the most righteous law interpretations in today’s tech-obsessed, over-exposed culture. But he shared one theory: “Think about legal ambiguities as fixed variables. The idea that, for any given computation for what we’ve isolated as ambiguous, has one variable, but that variable can be assigned more than one value.

“It’s not foolproof and can’t replace human judgment, but it can proxy humans up to a point,” Burt said. “I think that’s the most promising approach.”