Workday’s AI Illuminate & Galileo: It’s a Worry

Workday’s AI Illuminate has been marketed as a groundbreaking step in integrating AI with HR data, offering predictive and operational insights that promise to revolutionize the workplace. But behind the promises, a troubling reality exists when we consider how this system interacts with Workday’s multi-tenant architecture for data. As AI technology accelerates, Illuminate's reliance on a shared infrastructure to handle sensitive operational and personal data exposes serious risks, especially regarding privacy and data security. To further complicate the issue, if the Galileo AI product is part of the AI architecture the risk is compounded.

While Galileo could enhance Workday’s value by offering strategic HR advice, the question of data privacy arises when it comes to the use of customer data. Galileo relies on machine learning models, and since it's developed by an external partner (Sana AI), there is potential for sensitive operational and personal data stored within Workday to be exposed to third-party systems.

Multi-Tenant Architecture is Not the Right Platform

Workday, like many other SaaS providers, operates on a multi-tenant architecture. Apart from the customisation limitations and lack of access to code, there are different models offering different database and schema configurations introducing different levels of privacy risk, such as:

1.??? Shared Database, Separate Schemas: In this model, there is a shared database, but each tenant has its own schema. This offers a greater level of separation compared to a single schema with tenant ID columns, but still, the data is housed in the same physical database.

2.??? Separate Databases for Each Tenant: In this model, each tenant has its own dedicated database. This provides the most secure and isolated approach but is typically more expensive and resource-intensive. It eliminates the risks of logical separation issues because data is physically separated.

3.??? Shared Database, Shared Schema (Single Database Approach): In this model, multiple clients share the same database and the same tables, and client data is separated by a unique identifier column, such as a tenant ID. This column indicates which data belongs to which tenant.

In the case of Workday, the model they operate on is (3) the shared database and schema. In practice, the "tenant ID" column in the shared database structure helps ensure that data from different clients (tenants) is logically separated. However, this approach requires very careful management of access controls and queries to ensure that data is not accidentally shared across tenants due to programming errors or security vulnerabilities. Workday primarily operates its own data centres in various global locations, such as Ashburn (Virginia), Lithia Springs (Georgia), Portland (Oregon), Dublin (Ireland), and Amsterdam (Netherlands), but it relies on Amazon Web Services (AWS) for part of its infrastructure to support its expansion. This means Workday's infrastructure is a mix of its own data centres and the use of AWS, which is shared infrastructure. While this method can be efficient, it carries inherent risks, particularly in large systems, where any code mistake, configuration error, or security breach could expose one client’s data to another.

While this architecture offers economies of scale and reduced costs, it poses a significant risk. The logical separation of data can be compromised by:

1.??? Programmable Errors: Logical separations can fail due to bugs, human error, or code flaws. In such cases, the potential for one company's data being exposed to another is heightened.

2.??? Data Breaches: Multi-tenancy inherently means that any breach of the server could lead to exposure across multiple clients. If one client's data is exposed, it raises the risk for others sharing the same server. This would be catastrophic in a system as complex as Workday, where sensitive HR data, including payroll, benefits, and personal employee information, is housed.

However, these multi-tenant models have operated successfully for the last two decades. The problem now is artificial intelligence introduces a new dimension to data management. The AI product Illuminate requires access to data to provide a meaningful AI experience.

AI Illuminate and the Source of AI Data

The AI Illuminate feature aims to bring AI-driven insights directly into Workday’s existing platform. This includes:

• Operational Data: Helping companies predict trends, such as employee churn or talent acquisition needs.
• Personal Data: Making recommendations based on individual employee performance, career progression, or even health and wellness metrics.

However, the way Illuminate interacts with Workday’s multi-tenant system creates additional risk:

1.??? Non-Transparent AI Agents: Illuminate operates using non-transparent AI models, meaning the internal logic used by these agents to access and manipulate data is largely opaque to users. This lack of transparency makes it difficult to audit exactly how data is being accessed, transformed, or stored.

2.??? Data Aggregation Across Clients: Because Illuminate draws from large datasets for machine learning, it's unclear how the AI distinguishes between datasets for each client. Even though Workday claims logical separation, the AI still interacts with data housed on shared infrastructure. Any potential flaw in the agent’s operation could inadvertently aggregate or expose data from different clients.

The Galileo Partnership Data Risk

If Workday Illuminate's AI solutions were to leverage the LLMs (Large Language Models) in Galileo, customer data from Workday might indeed flow into external AI systems for processing, potentially outside of the secure confines of Workday’s environment. This could further amplify the risk of data exposure and compromise the integrity of customer privacy, especially if these third-party systems use the data for ongoing model training.

However, the question is whether Illuminate relies on external AI models for certain functions, as Galileo would. While Illuminate is part of Workday's efforts to embed AI across its platform, it may still need to utilise external AI models (like Galileo or others) for specialised functions such as natural language processing (NLP), generative AI, or benchmarking. Galileo, powered by Sana AI, offers HR-specific insights, but Workday could also integrate or develop other models to handle different aspects of AI without relying exclusively on Galileo.

The Issue of Data Privacy Regulation Risk

One of the most alarming issues with Illuminate is the potential violation of data privacy regulations, especially in regions where stringent rules govern the collection, processing, and storage of personal data (such as GDPR in Europe or CCPA in California). Non-transparent AI agents that operate across a multi-tenant system risk violating these laws if they fail to guarantee data segregation:

• Data Localisation Laws: Countries with strict data sovereignty rules (e.g., European nations under GDPR) could view Illuminate’s handling of data as a breach if the system fails to demonstrate clear separation of data across clients.
• Risk of AI Bias and Ethical Concerns: In addition to security, the opaque nature of the AI model raises questions about bias and ethical use of data. Without insight into how decisions are being made or data is being used, clients cannot be sure whether the AI is delivering fair and equitable outcomes, particularly in recruitment or performance evaluations.

Programming Mistakes and Potential Fallout

Even if Illuminate is built with all the safeguards Workday claims, human and programming errors are always a risk. Consider the possibility of a simple code update going wrong, whereby a piece of one client's data mistakenly crosses into another’s dataset - an issue that could cause significant reputational damage and legal liabilities.

If an AI agent mistakenly identifies trends based on pooled data (even unintentionally), it could create misleading recommendations, such as hiring trends or retention strategies that are not applicable to a specific company but based on an aggregated view of multiple clients.

The Need for Greater Transparency

For Illuminate to work without posing an unacceptable risk to clients, Workday must offer:

1.??? AI Auditability: Illuminate’s AI algorithms must be auditable to ensure data handling follows strict privacy and security guidelines. Without transparency, it will be difficult for clients to trust that their data is handled securely.

2.??? Guaranteed Data Separation: Workday must demonstrate, beyond logical assurances, that data for one client cannot be accessed by another - even inadvertently. This includes proving that Illuminate’s AI agents only interact with and process data in fully segregated environments.

Could it be a Disaster Waiting to Happen?

Workday’s AI Illuminate, though ambitious, introduces significant risks tied to its multi-tenant architecture and non-transparent AI agents. By using shared infrastructure and logical data separations, the potential for data breaches, privacy violations, and programmable errors remains high. Without significant changes to transparency, auditability, and guarantees around data segregation, Illuminate could be more of a disaster waiting to happen than a groundbreaking innovation.

?