AstrumU Revolutionizes Data Insights in Higher Education with Immuta

Key takeaways

Native platform controls did not provide the level of granularity needed to enable data access while remaining compliant.

Securely enabling machine learning from 209M+ learner records with fine-grained access controls.

Achieving SOC 2 certification and simplifying compliance with FERPA and ad hoc contractual agreements.

Higher education is one of the largest investments many people make in their lifetimes. Yet, despite the cost of attending college, it historically has been unclear how skills, experiences, and credentials translate into professional success. Students want to make the right decision about their education and career path; academic institutions want to invest in the right people and offer them effective programs; and employers want to hire top talent that’s suited for their roles – but there is a dearth of information to help make these decisions.

Founded in 2017, AstrumU is on a mission to enhance workforce development and quantify the value of education for everyone. By providing a “predictive individual learning recommendation,” the Washington-based company aims to level the playing field between learning and working so that everyone, regardless of background, can unlock value from educational experiences.

AstrumU’s translation-as-a-service (TEaaS) platform, called AstrumU LevelSet, is built with a sophisticated indexing architecture that combines interoperability with performance. The technology captures multi-sourced content and activities to produce sharp insights, continuously indexes learner information with contextual inferences, leverages ML to make predictive individual learning recommendations, and is built to deliver functionality across any application and any major platform. Its products – LevelSet, LifeLong Learner Pathways, Education Value Index, and TagSet – provide multi-layer security so that data is protected, regardless where it lives or how it’s being used.


Since its early days, AstrumU has prioritized adherence to the highest standards for security, confidentiality, privacy, and processing integrity. While that objective might be commonplace now, the path toward achieving compliance with data privacy requirements was far from straightforward just a few years ago – especially for a small startup.

“As a startup in 2019, we embarked on a SOC 2 framework, which now everyone does as standard, but back then was considered madness. It was a signal to the market that we really did care about data, and we cared particularly about the privacy of their data.”

Kaj Pedersen Chief Technology Officer, AstrumU

In addition to SOC 2, AstrumU must also comply with strict guidelines from the Department of Education’s Family Education Rights and Privacy Act (FERPA), which protects student and educational data privacy, as well as other industry standards and contractual agreements. Pedersen’s team quickly realized that coarse-grained access controls were not suited to handle the complexity that came with managing various legal standards.

“We’re constrained by the FERPA regulations and oversights. There are a whole bunch of other regulations and private contractual obligations that institutions have around data, particularly with students,” said Pedersen. “We have to navigate that minefield of regulatory concerns.”


To reach its compliance goals while providing innovative solutions for its customers, AstrumU chose to integrate Immuta with Databricks. Immuta’s fine-grained access controls were more dynamic and scalable than competitors’, and its ease of integration supplemented Databricks’ capabilities without impacting performance. This simplified AstrumU’s compliance with SOC 2 and FERPA standards, both of which mandate access controls to mitigate risks to data.

“We looked at a number of options and Immuta came to the top for a number of reasons. One was the granularity of controls that we could have on the data across roles. At the time, nobody else was really able to accomplish that. That led us to understand that if we can get to that level of granularity, we can demonstrate that we’re applying controls across our customers’ data.”

Kaj Pedersen Chief Technology Officer, AstrumU

To maximize the benefit of these capabilities, AstrumU built its tech stack so that Immuta and Databricks sit within a processing engine in the data science environment that allows data to be securely accessed for analytics and machine learning. The company uses Databricks Unity Catalog as its data catalog, and Immuta’s integration leverages Unity Catalog primitives to abstract, centralize, and orchestrate data security controls without SQL or scalability limitations. This means AstrumU’s data scientists can efficiently access data for analysis and model development, but customers still have control over their personal information.

“Now, I get the value of this really powerful analytics engine coupled with a tool that will enable me to continue to deliver on my promise to my customers around their privacy.” said Pedersen. “For me, it’s an excellent example of how cloud services are going to start cooperating, and we as a customer will benefit from that.”


With Immuta integrated into its tech stack, AstrumU has achieved and maintained compliance with an array of rules and regulations, while continuing to innovate its suite of services. For instance, Immuta makes it easier for AstrumU’s sales team to demonstrate how their technology works, since customers are able to see how the LevelSet platform service works in production without being exposed to sensitive data.

“Immuta…enables us to have the access controls in place to work with the data in a way that doesn’t expose the PII.” said Pedersen.

With Immuta, AstrumU has:

  • Seamlessly built an integrated, future-proof modern data stack
  • Enabled scalable AI/ML use cases
  • Achieved regulatory compliance with standards like SOC 2 and FERPA
  • Built a mission-driven brand based on trust
  • Secured new business and opened new revenue streams

As the company continues to adapt to evolving regulations and innovate new ways to solve complex problems, its commitment to leveling the playing field across education and the workforce goes hand-in-hand with its dedication to customer privacy.

“If you don’t automate around your security and simplify it, the biggest problem you’re going to have is some human making a mistake,” said Pedersen. “I don’t have to worry about building security tools. The possibilities exist for us in a real sense because we can get to that level of finesse around our controls.”