Privacy and compliance concerns are hurting organizations’ ability to provide timely access to data for their internal users, putting initiatives at risk. That’s the topline conclusion from Immuta and its 2025 State of Data Security report, which it released today. However, there are some bright spots in the report.
Immuta surveyed about 700 data leaders to get a sense about what’s keeping them up at night. Nearly two-thirds (64%) said they face “significant challenges” getting timely and secure data into the hands of users, up slightly from the 56% in the previous year’s report.
The top barrier facing data leaders in 2025, according to Immuta’s seventh annual data security report, are compliance and privacy, which were cited by 50% of the survey respondents. The presence of data silos and data fragmentation was cited as a top barrier by 45% of respondents, while 39% reported a need to address complex and unscalable data access policies and processes.
A lack of centralized data access management system was cited as a top barrier by 36% of survey respondents, while 34% said they don’t have the resources to handle data access requests. Another 34% cited a lack of agility with their legacy tools and processes, according to the Immuta report, which you can see here.
When it comes to centralized vs. federated approach to data governance controls, there was a fairly even split, with 44% respondents reporting a centralized approach, 36% a federated approach, and 20% listing “other.” Companies that have adopted the data mesh model may be freeing their users to control their own data, but at the price of decentralized control, Immuta warns.
(Source: Immuta 2025 State of Data Security Report)
“A lot of organizations have the goal to get to the federated model,” Immuta Field CTO Bart Koek says in the report. “It strikes a balance and allows the departments to settle their specific rules because they know how to control their data best while still complying with the global regulation.”
The good news is that data access times have actually gone down since the 2024 report. About one-third (37%) of respondents say it takes them at least one week to get access to data after they have requested it. That’s down from last year, when 44% of survey respondents said it took them seven days or more to get data. But we’re not out of the woods entirely, considering that “a third of data leaders say that data users can’t easily find, request, and access data without IT support,” Immuta says in its report.
The report makes it clear that data access represents both an opportunity and a challenge–an opportunity to use data to build AI applications, and a challenge to provide this data access without violating security and privacy requirements. Reconciling those two seemingly contradictory business mandates is the source of great heartburn for data leaders, while also providing an opportunity for companies like Immuta that build automated data governance tools.
“Legacy systems for provisioning data access are broken,” Matthew Carroll, the co-founder and CEO at Immuta, says in a press release. “Manual processes can no longer scale to meet the need for secure, timely access to data. The only way to enable faster decision-making–which could be the catalyst for a new life-saving drug discovery, preventing costly fraud scams, or even saving lives on the battlefield–is by putting an emphasis on establishing proven best practices for how data is provisioned as a core part of IT and business strategy.”
(Source: Immuta 2025 State of Data Security Report)
Two out of five companies aren’t meeting the minimum data access standards when it concerns people, process, and technology, the company says. Forty-four percent of survey respondents say too many people or teams are involved in data management, while 42% say they don’t have the right processes in place, and 41% say they don’t have the right tools. As the number of human and non-human users are growing, so will their data demands. “Enterprises are struggling to keep pace,” Carroll says.
Automation in data governance can help address some of these concerns. Data marketplaces such as the one that Immuta launched last fall, combine the data catalog experience for exploring data along with the security controls necessary to prevent bad things from happening when users get access to it, and have the potential to meet the seemingly contradictory goals of providing data access and data security at the same time.
“Greater visibility means data consumers aren’t fishing for access–they know what’s permissible and what’s not,” Immuta’s Vice President of Research Joe Regensburger says in the report. “Data governors know the job requirements of the internal customers who are asking for access. A marketplace helps scale because it looks across an organization and provides insights on every employee’s wants and needs to get everyone on the same page.”
You can access the report here
When the data access-security chain breaks down, there can be downstream consequences to the business. That could come in the form of missed internal goals (cited by 31% of survey-takers), lost revenue (30%), and lost collaboration opportunities (30%), Immuta says. Companies may not be able to launch a new product or offering, complete a customer request, or attract and retain talent, the company says in its report.
More than half (53%) of respondents say that most data governance processes are still done manually, while 62% say data governance processes slow users down. What’s more, 51% of respondents “feel overwhelmed” by data access control policies. Immuta attributes this feeling to “a wide swath of both internal and external regulations” at play in companies. Seven out of 10 data leaders are subject to 10 or more regulations, while a third are subject to 25 or more.
When the governance processes to comply with these regulations are manual, everything slows down, Immuta points out. But it doesn’t have to be that way, the company says.
“If you have the right privacy controls in place, you can actually give more data to more users instead of having to lock it down and keep it within certain domains or teams,” Koek says.
Related Items:
Why Immuta Is Moving Into Data Marketplaces
Immuta Report Shows Companies Are Struggling to Keep Up with Rapid AI Advancement
Making the Leap From Data Governance to AI Governance
The post Data Security and Access Obstacles Grow, But There Is Hope, Immuta Finds appeared first on BigDATAwire.