Skip to main content

3 Critical Steps for Implementing a Secure Data Mesh

Claude Zwicker
Immuta

As data insights continue to be the key factor in driving business innovation and growth, organizations are constantly refining their data strategies, exploring frameworks like data mesh to give more users self-service access in producing and consuming data. Recent data shows that nearly half of data leaders identified data mesh as a primary area of investment for 2023.

Data mesh has been revolutionary for many data-driven organizations. Before data mesh, teams had to coordinate data access and use through centralized IT bottlenecks, leading to long waiting times to access data and ultimately resulting in frustration for both data producers and consumers. With data mesh, teams can independently develop and manage their own data products through the decentralized data ownership and the enablement of domain experts. Not only does this allow organizations to boost their data-driven initiatives, but it also helps them enhance everything from data democratization to alignment between business operations and data resources, and sustain growth at scale.

Whilst the distribution and delegation of responsibilities promoted through data mesh has many benefits, achieving an implementation that fulfills data security standards is not without its challenges. Many organizations run into issues around data access, governance, and privacy. Let's explore these issues further and some steps organizations can take to help overcome them.

Data Mesh Security Challenges

The need to secure data mesh is only becoming more urgent as regulations increase and the US federal government continues to roll out more data privacy actions. What makes this a complex process is the fledgling nature of the data mesh combined with its distributed composition. Data security must be applied in a way that simultaneously protects individual domains and the entire ecosystem, without hindering data accessibility and innovation.

As data mesh implementations become more regular, there are three main challenges I see organizations experiencing when it comes to implementing and securing the architecture:

Decentralized ownership and access control. While the decentralized data ownership that comes with data mesh offers a range of benefits, it can also be difficult to keep track of who owns what when it comes to data collection, processing, sharing and use. Systems that are built to enable cross-domain data discovery, access and sharing can help address this challenge, but can also lead to a larger attack surface for bad actors. On top of this, it becomes more challenging for rules to stay consistent across data products, risking the security of the data.

Data governance. Along the same lines, it's no surprise that centralized ecosystems are easier to protect when it comes to data governance and compliance with regulations as opposed to decentralized environments. With distributed domains and data locations, security requirements become much more complex, requiring additional governance policies for each domain, and a way to oversee the security and compliance of the entire domain-based framework. Access and governance requirements are also federated, making it more difficult to consistently and effectively protect data.

Privacy in a self-service environment. Less oversight into data access and outdated/inadequate controls can also increase the likelihood of data misuse across domains. This is a growing concern as today's organizations collect increasing volumes of sensitive, personal data in order to provide consumers with more personalized products, experiences and services. Because this personal data — if exposed or accessed by an unauthorized party — can easily harm the data subject, modern data rules and regulations are requiring stricter privacy protections be enforced on data ecosystems.

Three Steps That Can Help

There are a few best practices organizations can follow to help achieve an efficient, secure, and distributed data ecosystem.

1. Maintaining consistent metadata. The first step in securing any data mesh architecture should be creating and applying a consistent metadata identification and tagging system. Why? Because users and administrators must have a thorough understanding of the resources at their disposal in order to protect and secure any data ecosystem.

Metadata allows them to identify and understand these ecosystem parts, from data sets to data users, by providing critical contextual information about resources or users that is vital to the system's operation. This helps with efficient access management, analytics, monitoring and compliance — all critical elements of data mesh. However, metadata is ineffective unless it can be consistently attributed and understood across domains.

To maintain consistent metadata, organizations can leverage tools that offer sensitive data discovery (SDD) capabilities, enabling teams to assess their data and ensure that it is tagged and classified appropriately. This helps data teams gain a better, holistic view of the resources across their distributed data mesh for enhanced data security.

2. Employing global & local policy management. Establishing a balance of both horizontal (global) and vertical (local) policies is crucial to data mesh security and governance. In the distributed domains of data mesh architectures, policies can be applied locally within specific domains. But these rely solely on domain-based policies, limiting consistency across the data ecosystem and requiring great manual effort and time to maintain. Applying policies globally across domains is not a perfect solution either — it improves consistency, but overlooks the unique requirements of each domain's purpose, users and specific data resources.

That's why finding the right balance of horizontal and vertical policy management, and maintaining them as scale, is key. A federated governance framework can help create, apply, and maintain policies at both the global and local level. Within this framework, domain-level policy management is delegated to the teams that own the data, and the responsibility of global policies remains with security and governance teams.

All teams must maintain rigorous activity monitoring across domains so that they can have complete oversight of global policy application and local policy enforcement within specific domains. This helps them respond to and manage security incidents as quickly as possible, and effectively manage both global and local data security.

3. Foster organizational alignment. Adopting a data mesh framework is an organizational change. In order to achieve true success, data teams, engineers and leaders must also be aligned and behind the initiative as well.

A large part of this involves organizations identifying internal data mesh champions to lead the charge and help teams adopt a data mesh mindset. Leaders must also learn to effectively collaborate and communicate with one another. Once technical, security, business and compliance stakeholders are aligned, virtually any organization can establish an effective and secure data mesh framework.

At the end of the day, every organization will have a different approach to data mesh depending on their industry, business needs, and data demands. But security remains a critical component across all data mesh strategies, at any stage. By following these steps, businesses can effectively jumpstart their data mesh strategy.

Claude Zwicker is Senior Product Manager at Immuta

Hot Topics

The Latest

According to Auvik's 2025 IT Trends Report, 60% of IT professionals feel at least moderately burned out on the job, with 43% stating that their workload is contributing to work stress. At the same time, many IT professionals are naming AI and machine learning as key areas they'd most like to upskill ...

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...

3 Critical Steps for Implementing a Secure Data Mesh

Claude Zwicker
Immuta

As data insights continue to be the key factor in driving business innovation and growth, organizations are constantly refining their data strategies, exploring frameworks like data mesh to give more users self-service access in producing and consuming data. Recent data shows that nearly half of data leaders identified data mesh as a primary area of investment for 2023.

Data mesh has been revolutionary for many data-driven organizations. Before data mesh, teams had to coordinate data access and use through centralized IT bottlenecks, leading to long waiting times to access data and ultimately resulting in frustration for both data producers and consumers. With data mesh, teams can independently develop and manage their own data products through the decentralized data ownership and the enablement of domain experts. Not only does this allow organizations to boost their data-driven initiatives, but it also helps them enhance everything from data democratization to alignment between business operations and data resources, and sustain growth at scale.

Whilst the distribution and delegation of responsibilities promoted through data mesh has many benefits, achieving an implementation that fulfills data security standards is not without its challenges. Many organizations run into issues around data access, governance, and privacy. Let's explore these issues further and some steps organizations can take to help overcome them.

Data Mesh Security Challenges

The need to secure data mesh is only becoming more urgent as regulations increase and the US federal government continues to roll out more data privacy actions. What makes this a complex process is the fledgling nature of the data mesh combined with its distributed composition. Data security must be applied in a way that simultaneously protects individual domains and the entire ecosystem, without hindering data accessibility and innovation.

As data mesh implementations become more regular, there are three main challenges I see organizations experiencing when it comes to implementing and securing the architecture:

Decentralized ownership and access control. While the decentralized data ownership that comes with data mesh offers a range of benefits, it can also be difficult to keep track of who owns what when it comes to data collection, processing, sharing and use. Systems that are built to enable cross-domain data discovery, access and sharing can help address this challenge, but can also lead to a larger attack surface for bad actors. On top of this, it becomes more challenging for rules to stay consistent across data products, risking the security of the data.

Data governance. Along the same lines, it's no surprise that centralized ecosystems are easier to protect when it comes to data governance and compliance with regulations as opposed to decentralized environments. With distributed domains and data locations, security requirements become much more complex, requiring additional governance policies for each domain, and a way to oversee the security and compliance of the entire domain-based framework. Access and governance requirements are also federated, making it more difficult to consistently and effectively protect data.

Privacy in a self-service environment. Less oversight into data access and outdated/inadequate controls can also increase the likelihood of data misuse across domains. This is a growing concern as today's organizations collect increasing volumes of sensitive, personal data in order to provide consumers with more personalized products, experiences and services. Because this personal data — if exposed or accessed by an unauthorized party — can easily harm the data subject, modern data rules and regulations are requiring stricter privacy protections be enforced on data ecosystems.

Three Steps That Can Help

There are a few best practices organizations can follow to help achieve an efficient, secure, and distributed data ecosystem.

1. Maintaining consistent metadata. The first step in securing any data mesh architecture should be creating and applying a consistent metadata identification and tagging system. Why? Because users and administrators must have a thorough understanding of the resources at their disposal in order to protect and secure any data ecosystem.

Metadata allows them to identify and understand these ecosystem parts, from data sets to data users, by providing critical contextual information about resources or users that is vital to the system's operation. This helps with efficient access management, analytics, monitoring and compliance — all critical elements of data mesh. However, metadata is ineffective unless it can be consistently attributed and understood across domains.

To maintain consistent metadata, organizations can leverage tools that offer sensitive data discovery (SDD) capabilities, enabling teams to assess their data and ensure that it is tagged and classified appropriately. This helps data teams gain a better, holistic view of the resources across their distributed data mesh for enhanced data security.

2. Employing global & local policy management. Establishing a balance of both horizontal (global) and vertical (local) policies is crucial to data mesh security and governance. In the distributed domains of data mesh architectures, policies can be applied locally within specific domains. But these rely solely on domain-based policies, limiting consistency across the data ecosystem and requiring great manual effort and time to maintain. Applying policies globally across domains is not a perfect solution either — it improves consistency, but overlooks the unique requirements of each domain's purpose, users and specific data resources.

That's why finding the right balance of horizontal and vertical policy management, and maintaining them as scale, is key. A federated governance framework can help create, apply, and maintain policies at both the global and local level. Within this framework, domain-level policy management is delegated to the teams that own the data, and the responsibility of global policies remains with security and governance teams.

All teams must maintain rigorous activity monitoring across domains so that they can have complete oversight of global policy application and local policy enforcement within specific domains. This helps them respond to and manage security incidents as quickly as possible, and effectively manage both global and local data security.

3. Foster organizational alignment. Adopting a data mesh framework is an organizational change. In order to achieve true success, data teams, engineers and leaders must also be aligned and behind the initiative as well.

A large part of this involves organizations identifying internal data mesh champions to lead the charge and help teams adopt a data mesh mindset. Leaders must also learn to effectively collaborate and communicate with one another. Once technical, security, business and compliance stakeholders are aligned, virtually any organization can establish an effective and secure data mesh framework.

At the end of the day, every organization will have a different approach to data mesh depending on their industry, business needs, and data demands. But security remains a critical component across all data mesh strategies, at any stage. By following these steps, businesses can effectively jumpstart their data mesh strategy.

Claude Zwicker is Senior Product Manager at Immuta

Hot Topics

The Latest

According to Auvik's 2025 IT Trends Report, 60% of IT professionals feel at least moderately burned out on the job, with 43% stating that their workload is contributing to work stress. At the same time, many IT professionals are naming AI and machine learning as key areas they'd most like to upskill ...

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...