Frequently Asked Information Technology (IT) Questions About InnerSpace
When proposing a Wi-Fi based occupancy and space utilization project, our clients typically encounter questions from the IT Department that are focussed on privacy, security, accuracy of the solution, device duplication (or deduplication) and network interference concerns. This paper is intended to address these concerns and facilitate an understanding of what the InnerSpace solution is and how it will impact the operational infrastructure.
What data is captured by InnerSpace?
InnerSpace is a SaaS platform that optimizes space utilization by leveraging existing Wi-Fi infrastructure. We collect information pertaining to your space. This includes the names of buildings/floors, floor plans, AP (Access Points) layout, different types of spaces, zone layouts and team home zones. In addition, we also use the telemetry data that you are already collecting through your access points. Wi-Fi RSSI data is pushed to InnerSpace through a location service webhook along with MAC Addresses, signal strength, timestamps, Wi-Fi bands, receiving APs etc.
We do not store any PII (personally identifiable information) through this part of the service. All MAC addresses of devices connecting to the customer’s network are immediately anonymized with a one-way hash and client-specific salts. The original MAC address is discarded and never stored.
Optionally, upon the client’s request we can also map MAC Addresses of company-issued devices to organizational departments as one of the ways for us to provide analysis of team behaviors.
Separate from the Wi-Fi RSSI ingestion point, as with any SaaS application, InnerSpace provides a portal application for approved employees (e.g. Workplace Strategists, Facility Managers) to access the promised space utilization insights. To enable this access we collect and store the name and email of these approved users. This information is fully encrypted at rest and in transit.
Topology of the network
InnerSpace passively uses the existing Access Point infrastructure, with no software installed. Data is pushed through to the InnerSpace Cloud via a location service webhook to the end-user interface.
How private are InnerSpace’s data and connections?
InnerSpace collects occupancy data along with any other metadata provided by the customer for analytics or visualization purposes (e.g. floor plans). There is no Personally Identifiable Information stored by the company for the occupants of the spaces covered by our solution.
ANONYMIZING PII
The only personally identifiable data processed by our location and occupancy systems is a device MAC address. No names, user IDs or other identifiers are ever captured, processed or stored.
The MAC addresses are immediately anonymized by applying a one-way hash, with client specific salts. The original MAC address is discarded and never stored.
One-way hashes make it computationally infeasible to recreate the original MAC from its hash. A client specific salt ensures that the same MAC address results in a different hash if proceeded at different client locations, preventing cross-location tracking.
AGGREGATION
In addition to rigorous encryption and anonymization protocols, InnerSpace employs additional measures to protect against identity inference - the ability to infer identity from behavior.
Data is only made available in aggregate form and individual behavioral patterns - such as pathways or locations - are obfuscated, ensuring that individual identities cannot be inferred from behavioral patterns.
InnerSpace handles all customer data in accordance with GDPR regulations and best-practice security measures to protect personal data and reduce the risk of data breaches.
How secure is InnerSpace data?
All data processing systems exist in a virtual private cloud and are not accessible to the outside world. This allows for highly secure data processing.
We conduct regular security assessments to ensure we are protecting our customer’s data and utilizing industry-standard security tools and processes.
InnerSpace is also certified to the SOC2 and ISO27001 information security standards. Certifying to these standards involves an independent audit confirming the security practices, policies, procedures and operations meet or exceed standards for protecting customer information.
Detailed compliance and infosec documentation is available upon request.
WHERE OUR DATA IS STORED
All InnerSpace customer data is stored in the Microsoft Azure cloud, in the East US region.
Azure uses multiple layers of security, including physical security measures, network security, and access control, to ensure the safety of customer data.
Additionally, all data is encrypted both in transit and at rest, and strict access policies are implemented to further enhance security. Microsoft undergoes regular security audits and certifications to ensure the ongoing robustness of their security posture.
WHAT APPLICATION SECURITY BEST PRACTICES DOES INNERSPACE FOLLOW?
- Regular application penetration tests targeting OWASP top 10
- Continuous application vulnerability scanning
- Static code analysis on every build and release
- Automated security monitoring including intrusion detection using Azure Security Center
- Automatic gateway container vulnerability scanning using Qualys
- Regular security & compliance reviews
- Regular access review of all pertinent systems
HOW MUCH OF THE ENVIRONMENT DOES AZURE CONTROL?
InnerSpace leverages Azure’s PaaS managed services offerings. Firewalls and network security groups are monitored and managed by InnerSpace.
HOW DOES INNERSPACE ISOLATE CUSTOMER DATA FROM THEIR OTHER CLIENTS?
Customer data is partitioned logically in cloud services and databases. For an additional fee, InnerSpace can provide an end-to-end dedicated instance with physical data separation.
Adherence to industry standards and regulatory compliance frameworks such as SOC2, ISO27001 and GDPR ensures that best practices in data isolation and protection are followed.
How can Wi-Fi utilization data be accurate?
InnerSpace is the new generation of Wi-Fi occupancy data. Our proprietary technology dramatically enhances location accuracy with Predictive Hyperbolic Location Fingerprinting (PHLF), making it the most accurate Wi-Fi-based location technology on the market today.
Traditional triangulation methods struggle due to signal obstructions and environmental variability. PHLF is a patented method to leverage a Received Signal Strength Indicator (RSSI) from fixed office equipment providing superior accuracy. PHLF significantly advances indoor location and offers a more reliable, accurate, and scalable solution for spatial intelligence achieving a location accuracy of within 1.3m, 90% of the time
To find out more about PHLF technology, see this whitepaper.
What about duplication?
Because we use devices as proxies for “people” there is a concern that each device would be counted. The good news is that InnerSpace’s platform is able to deduplicate devices and ensure that multiple devices are counted appropriately as one person.
Our system learns over time that certain devices belong to one individual. We are able to differentiate as the devices separate, the one actively moving reflects the behavioral pathway whereas the stationary device is passively occupying space.
Is there potential for network interference?
InnerSpace adds no additional clients or load to the existing Wi-Fi network, instead using data that is already collected by AP’s and forwarded to InnerSpace via existing 3rd-party integration paths through a location service webhook.
The amount of data forwarded to InnerSpace depends on the number of Wi-Fi AP’s and number of clients on the network, but for a standard 25k sq ft office floor plate, this is typically less than 100k per minute (~150MB per day).
How does InnerSpace help me in my role?
InnerSpace is a way for you to provide your Corporate Real Estate, Workplace Services or Facilities teams accurate occupancy and space utilization data, at scale and without all the traditional hassle.. It has many potential benefits for IT teams such as:
- Being sensor-free - No hardware to procure, install and service.
- Better uptime - if the Wi-Fi is working, so is InnerSpace.
- More scalability - deploy to more spaces with minimal configuration changes instead of pulling cable and installing sensors..
- More robust space utilization insights - Using existing Wi-Fi also unlocks superior analytics insights, such as department-based behavioral analysis, not possible through badge-scans or traditional sensors.
- Quick deployment - Up and running in less than 24 hours using existing infrastructure.
- Happier customers - Superior insights from InnerSpace help your Real estate, workplace and facilities teams gauge the impact of real estate and space planning decisions
How does InnerSpace help my service clients?
- Corporate Real-estate: Easy to use web-based dashboard that delivers all the occupancy and utilization data needed for informed real-estate decisions about building and design projects.
- Human Resources: Helps inform leadership teams on the success of RTO and Hybrid work initiatives.
- Operations: Helps solve hybrid work scheduling and resource management issues and increased meeting room productivity.
- Facilities and building operations: Track space usage for sustainability initiatives, cleaning rotations, temperature and air quality tracking.
Interested in learning more about InnerSpace?
Want more insights?
Sign up to the InnerCircle about the hybrid workforce, what’s new in smart tech, innovative workplace strategies. Sent straight to your inbox, monthly!