It goes without saying that employee engagement is a key indicator of organizational performance – Harvard Business Review reports that having happy, engaged employees increases productivity by 13%, not to mention its impact on retention and culture. Yet, studies show that employees are more dissatisfied and apathetic than before the pandemic. While many different factors contribute to this shift, a gap in skills and value are two that data can help solve.
AstrumU is helping start that effort well before a student becomes an employee. The software company leverages AI and ML to provide students, educators, and employers with tailored recommendations, aiming to maximize the value of education and close the gap between students’ skills and values, and employers’ preferences and expectations. Using student data to analyze potential outcomes and the top competencies for specific jobs, AstrumU can better translate skills into jobs, setting users up for long-term job satisfaction and career success.
“One of the challenges with HR departments today is that they tend to use brute force filters to find their talent…and there’s no nuance around the actual skills or capability of the individuals. These individuals join these companies, and in many cases find themselves ill-suited to the job,” said Kaj Pedersen, CTO of AstrumU. “If we can actually help the workforce side and the education side talk to each other, then that actually solves a big problem because we can bridge the skills gap.”
Pedersen spoke with Mo Plassnig, Chief Product Officer of Immuta, about the value of education data for solving some of today’s biggest workforce challenges – and why that can’t happen without a foundational data security strategy. Here are some of their key takeaways (and you can watch the full conversation here).
Organizations Have an Obligation to Protect Sensitive Data
It seems that the more ubiquitous data use becomes, the less people trust it. The near-constant stream of data breach and noncompliance headlines has conditioned us to assume the worst when it comes to how our data is used. Perhaps that’s why 82% of consumers report being highly concerned about how their data is collected and leveraged.
“We have an obligation to protect and secure the information as it comes through our system, which includes…when we work with customers, being able to show them their data,” said Pedersen. “This whole idea of tracking data lineage is an important piece, as well as the security of that data and who has access to [it]. So we can ultimately demonstrate to our customers that we are treating that data with respect.”
The ability to show how data has been used, adapted, and propagated throughout your organization’s data ecosystem can provide accountability for your team, and peace of mind for data subjects that their information is being used ethically and compliantly. Data lineage capabilities help by mapping data tables and views, so you can see how metadata is inherited in downstream tables and columns. This is key for delivering on the obligation to protect customer data because it provides visibility into where sensitive information lives within your ecosystem, so that the appropriate data access policies can be enforced.
“We need to treat it as if it’s our data we’re playing with. So in many regards, that sense of ownership around the privacy mindset is one of the hallmarks of what we have within our team. We continually train them every month, and we continually look at ways to make sure the data as it comes in is protected and secured.”
Security Is an Enterprise-Wide Effort
If organizations as a whole have an obligation to protect sensitive information, it is incumbent on everyone within the organization to help meet that objective. The responsibility of data security and governance is not limited just to the security team or the compliance officers. In fact, the 2024 State of Data Security Report found that 46% of organizations have six to 10 people managing security, and another third of respondents say 20 or more people are involved.
At AstrumU, the responsibility for data security extends beyond the data platform, security, and compliance teams – even the sales team is accountable. Why?
“Fundamentally, we don’t get any deals done if we don’t take care of our security and privacy. It’s that simple,” said Pedersen. From demoing AstrumU’s platform to winning the trust of customers and partners, ensuring the sales team is well versed in security standards and able to use data without exposing PII is an essential part of the business.
“We know that [bad actors] are always finding new ways to break in, or to access, or breach into systems and get access to that data, and everyone has to be vigilant around that,” said Pedersen. “It’s a constant race. And so partnerships with Immuta and others…enable us to stay ahead of the bad actors as best as we possibly can.”
See Pedersen explain how AstrumU arms its sales team with data security acumen – why he says deals don’t get done without data security.
The Rise in AI Development & Regulation
In 2023, we saw an explosion of rapid AI advancements – and a flurry of questions from regulators and legislators about how to control them. The EU’s Artificial Intelligence Act and the US’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence are two instances of policymakers taking the first steps toward AI regulation, but with so many unknowns about how AI will evolve, it remains to be seen what impact these standards will actually have.
For Pedersen, letting technological advances play out – free of regulatory oversight – is key to innovation. And without testing the waters of innovation, there’s no way to know the extent of AI’s capabilities.
“I think we’re starting to see larger companies – and, frankly, government regulators – coming in trying to control and manage the environment before it’s actually fully fleshed out. That is a concern to me because that’s essentially captivity by regulation,” said Pedersen. “That doesn’t mean we should lose sight of the value of privacy…but there’s room for us to try and learn from how we take advantage of the technology so that the creators benefit, [and] the people who are going to use it to improve our society and make it more productive, benefit.”
See Pedersen’s full explanation of the tension between AI innovation and regulation in this clip.
Investing in a Data Security Platform
“When you’re first starting out, you’re obviously reluctant to spend too much money because you want to try and squeeze out as much value as you possibly can for every penny that you spend,” said Pedersen. “So we started building our own tools and our own capabilities, but we realized very quickly that wasn’t a scalable solution.”
This scenario that AstrumU went through before investing in a data security platform is familiar to many data teams – and can serve as a cautionary tale for others. Often, especially at small or young companies, the idea of managing security with a homegrown solution seems feasible. As the business grows, however, scaling these solutions and the processes built around them becomes difficult and complex to manage, introducing additional risks and headaches.
For AstrumU, the decision to adopt Immuta alongside Databricks came down to three considerations: productivity, compliance, and cost.
“If I was to look at the cost of trying to do what Immuta does for me today and build that in-house, the cost would impact me in a number of ways,” said Pedersen. “One is the dollar cost, which I think would be prohibitive for us to be successful. But then there’s the cost of not getting to market on time, listing that ability to accelerate and scale.”
Pedersen acknowledges that data security is “a constant work in progress,” one which requires buy-in and participation from the entire organization. But with the right tools and a cultural understanding about the obligation to protect sensitive data – not to mention the value of doing so – achieving success does not have to come at the expense of productivity or security.
Read more about AstrumU’s story here, or check out the full Q&A.
