From badge swipes for building access to Wi-Fi connectivity logs with device and user-identifiable information, facilities constantly generate sensitive data. This spans areas like occupancy, energy usage, maintenance, and asset performance. While it’s critical for optimizing operations, reducing costs, and enhancing occupant experience, it also introduces security risks if not properly protected. Security incidents and unauthorized access to facility data can lead to operational disruptions, financial losses, and compromise safety. As building become more connected, the attack surface expands, making robust data security measures essential.  

Facility teams are now also thinking through how Generative AI handles sensitive building data, especially how LLMs interact with and learn from operational information. It’s a priority to prevent data leakage, unauthorized access, and ensure that AI-generated outputs don’t inadvertently expose confidential patterns or Personally Identifiable Information (PII). 

Effective data security in facility management involves secure access controls, continuous monitoring, and compliance with industry standards. What used to be an IT concern has now become a core business priority that safeguards both physical and digital assets. Organizations prioritize security to build trust and ensure resilience, and Willow plays a key role in that journey. 

What Data Does Willow Use? 

The specific datasets brought into Willow depend on the scope of the Willow Activate Packs selected and the availability of data from the building and assets. These datasets span three broad segments: spatial, static, and live. Spatial data includes elements such as 2D CAD files, 3D models or Building Information Models, and geographical information. Static data covers asset registers, construction documents, operations and maintenance manuals, datasheets, warranty details, commissioning, and design documentation. Live data encompasses operational technologies like HVAC, refrigeration, and building access management systems. It also includes IoT sensor data for environmental and occupancy monitoring, along with external sources like weather and grid carbon intensity. 

By integrating these diverse data streams, Willow creates a comprehensive digital representation of the built environment, enabling Insights and automation while maintaining rigorous security and compliance standards. All customer data stored in Willow’s Knowledge Graph, along with any documents uploaded into the platform, is utilized to deliver AI-powered features. Willow also collects customer usage data to provide observability and continuously enhance the product experience. 

Securing Customer Data 

Customer data managed and secured in Willow falls into four key categories. Let’s walk through each of them. 

  • Operational Data refers to data generated by equipment and related to building systems. Examples include sensor outputs, control set-points, and HVAC connections. operational data excludes any PII or customer-proprietary details. Willow uses this data to improve the platform with continued development and training. At times, operational data may be used to create predictive models that are shared across all Willow customers. 
  • Personally Identifiable Information, or PII, refers to any data that can be used to identify, contact, or locate a person. This data may be used alone or combined with other information. Examples include names, usernames, email addresses, phone numbers, physical addresses, and login credentials. Within the Willow platform, PII is only used for authentication, authorization and notification services. No PII is used in any of Willow’s GenAI features. 
  • Customer Proprietary Data refers to information that is unique to customer operations, facilities or assets, and not available publicly. This includes room names, floor plans, equipment specifications, equipment warranties, and internal configurations. Willow leverages customer proprietary data for product improvement areas like training numeric ML models. However, any such improvement is used exclusively for the specific customer’s instance of Willow and is not shared with other customer instances. 
  • Support Data refers to text, sound, video, image files, or software that is provided to Willow to obtain technical support. This includes files uploaded when submitting feedback on product or reporting an issue, and is only used to provide technical support. 

Security Model for GenAI 

Willow is built on Azure PaaS, with most services spun up to have a dedicated instance in the customer’s single tenant environment. A handful of services use compute shared across customers but retain data isolation. Willow’s security model has a foundation of zero-trust principles to ensure that customer data remains protected at every stage. It combines rigorous compliance with industry standards, continuous monitoring, and secure data pipelines to safeguard both static and live building data, as well as AI-driven features. This includes the Knowledge Graph and documents leveraged by Willow Copilot. 

Let’s walk through how Willow supports each of these areas: 

  • Industry Standards: Willow’s underlying security architecture is aligned with key guidance from the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS).
  • Model Use: AI experiences in the product are powered predominantly by Azure Open AI. Customer data is never used to train the base LLM models. 
  • Network Isolation: Willow supports secure network isolation through full VNET integration and Private Endpoints. This allows all traffic between services and resources to stay within a virtual network, eliminating exposure to the public internet, with secure, granular control over connectivity. 
  • Data Residency: Prompts and responses for GenAI features like Willow Copilot as well as all other customer data stays in the selected Azure Region for the customer’s Willow instance. 
  • Access Control: Roles and groups can be configured to manage end user permissions with fine grained Role-Based Access Control (RBAC).
  • Logging and Monitoring: Spanning across product features, logs are generated and monitored with Azure Monitor and Azure App Insights. Security Incident and Event Monitoring (SIEM) software is deployed to collect and analyze these logs, providing real-time threat detection and security visibility. Logs are stored and retained for a minimum 1-year period.  
  • Compliance: Willow maintains current, independently audited ISO 27001 and SOC 2 Type 2 certifications with ongoing management and continuous improvement of security practices. Willow is fully compliant with TX-RAMP, meeting the required certification standards under Texas Department of Information Resources. Willow also adheres to local privacy legislation in all operating jurisdictions, including the GDPR standard and local state privacy requirements such as California CCPA.
  • Identity Federation: Willow supports integration with a customer-preferred Single Sign On (SSO)provider by default. 
  • Proactive Defense: Willow maintains a dedicated cybersecurity team for continuous risk management, regular internal and external penetration testing is performed on all solutions. 

Conclusion 

As Generative AI transforms the way facility teams interact with building data, security remains the cornerstone of Willow’s approach. By aligning with industry standards and enforcing zero-trust principles, Willow ensures that customer data is protected without compromise. From network isolation and data residency to robust access control and continuous monitoring, Willow incorporates all these principles in its security posture. As a result, customers can confidently unlock the full potential of their built environments.