When proposing a Wi-Fi based occupancy and space utilization project, our clients typically encounter questions from the IT Department that are focussed on privacy, security, accuracy of the solution, device duplication (or deduplication) and network interference concerns. This paper is intended to address these concerns and facilitate an understanding of what the InnerSpace solution is and how it will impact the operational infrastructure.
InnerSpace is a SaaS platform that optimizes space utilization by leveraging existing Wi-Fi infrastructure. We collect information pertaining to your space. This includes the names of buildings/floors, floor plans, AP (Access Points) layout, different types of spaces, zone layouts and team home zones. In addition, we also use the telemetry data that you are already collecting through your access points. Wi-Fi RSSI data is pushed to InnerSpace through a location service webhook along with MAC Addresses, signal strength, timestamps, Wi-Fi bands, receiving APs etc.
We do not store any PII (personally identifiable information) through this part of the service. All MAC addresses of devices connecting to the customer’s network are immediately anonymized with a one-way hash and client-specific salts. The original MAC address is discarded and never stored.
Optionally, upon the client’s request we can also map MAC Addresses of company-issued devices to organizational departments as one of the ways for us to provide analysis of team behaviors.
Separate from the Wi-Fi RSSI ingestion point, as with any SaaS application, InnerSpace provides a portal application for approved employees (e.g. Workplace Strategists, Facility Managers) to access the promised space utilization insights. To enable this access we collect and store the name and email of these approved users. This information is fully encrypted at rest and in transit.
InnerSpace passively uses the existing Access Point infrastructure, with no software installed. Data is pushed through to the InnerSpace Cloud via a location service webhook to the end-user interface.
InnerSpace collects occupancy data along with any other metadata provided by the customer for analytics or visualization purposes (e.g. floor plans). There is no Personally Identifiable Information stored by the company for the occupants of the spaces covered by our solution.
The only personally identifiable data processed by our location and occupancy systems is a device MAC address. No names, user IDs or other identifiers are ever captured, processed or stored.
The MAC addresses are immediately anonymized by applying a one-way hash, with client specific salts. The original MAC address is discarded and never stored.
One-way hashes make it computationally infeasible to recreate the original MAC from its hash. A client specific salt ensures that the same MAC address results in a different hash if proceeded at different client locations, preventing cross-location tracking.
In addition to rigorous encryption and anonymization protocols, InnerSpace employs additional measures to protect against identity inference - the ability to infer identity from behavior.
Data is only made available in aggregate form and individual behavioral patterns - such as pathways or locations - are obfuscated, ensuring that individual identities cannot be inferred from behavioral patterns.
All data processing systems exist in a virtual private cloud and are not accessible to the outside world. This allows for highly secure data processing.
We conduct regular security assessments to ensure we are protecting our customer’s data and utilizing industry-standard security tools and processes.
InnerSpace is also certified to the SOC2 and ISO27001 information security standards. Certifying to these standards involves an independent audit confirming the security practices, policies, procedures and operations meet or exceed standards for protecting customer information.
Detailed compliance and infosec documentation is available upon request.
All InnerSpace customer data is stored in the Microsoft Azure cloud, in the East US region.
Azure uses multiple layers of security, including physical security measures, network security, and access control, to ensure the safety of customer data.
Additionally, all data is encrypted both in transit and at rest, and strict access policies are implemented to further enhance security. Microsoft undergoes regular security audits and certifications to ensure the ongoing robustness of their security posture.
InnerSpace leverages Azure’s PaaS managed services offerings. Firewalls and network security groups are monitored and managed by InnerSpace.
Customer data is partitioned logically in cloud services and databases. For an additional fee, InnerSpace can provide an end-to-end dedicated instance with physical data separation.
Adherence to industry standards and regulatory compliance frameworks such as SOC2, ISO27001 and GDPR ensures that best practices in data isolation and protection are followed.
InnerSpace is the new generation of Wi-Fi occupancy data. Our proprietary technology dramatically enhances location accuracy with Predictive Hyperbolic Location Fingerprinting (PHLF), making it the most accurate Wi-Fi-based location technology on the market today.
Traditional triangulation methods struggle due to signal obstructions and environmental variability. PHLF is a patented method to leverage a Received Signal Strength Indicator (RSSI) from fixed office equipment providing superior accuracy. PHLF significantly advances indoor location and offers a more reliable, accurate, and scalable solution for spatial intelligence achieving a location accuracy of within 1.3m, 90% of the time
To find out more about PHLF technology, see this whitepaper.
Because we use devices as proxies for “people” there is a concern that each device would be counted. The good news is that InnerSpace’s platform is able to deduplicate devices and ensure that multiple devices are counted appropriately as one person.
Our system learns over time that certain devices belong to one individual. We are able to differentiate as the devices separate, the one actively moving reflects the behavioral pathway whereas the stationary device is passively occupying space.
InnerSpace adds no additional clients or load to the existing Wi-Fi network, instead using data that is already collected by AP’s and forwarded to InnerSpace via existing 3rd-party integration paths through a location service webhook.
The amount of data forwarded to InnerSpace depends on the number of Wi-Fi AP’s and number of clients on the network, but for a standard 25k sq ft office floor plate, this is typically less than 100k per minute (~150MB per day).
InnerSpace is a way for you to provide your Corporate Real Estate, Workplace Services or Facilities teams accurate occupancy and space utilization data, at scale and without all the traditional hassle.. It has many potential benefits for IT teams such as: