Data in Transit
Data in transit refers to digital information actively moving between locations, such as from a user's browser to Surfly's Interaction Middleware proxy and then to a target website, with its security dependent on encryption protocols applied during this transfer.
What you need to know about Data in Transit
Data in Transit, also known as data in motion, is data that is actively traveling from one point to another across a network. This is distinct from "Data at Rest," which is data that is stored on a device like a hard drive or server. Because it is moving across networks, which can be public and insecure, data in transit is a common target for interception or eavesdropping attacks.
In any web interaction, data is considered "in transit" when it travels across a network. For a standard website visit, this is a two-way path between a user's client (browser) and the web server. Within the Surfly co-browsing architecture, this path is extended. A session involves three distinct points, and data moves between all of them:
- User to Surfly Proxy: The connection from a participant's browser to Surfly's Interaction Middleware.
- Surfly Proxy to Website: The connection from Surfly's middleware to the target third-party website.
- Surfly Proxy to other Users: The synchronized data sent from the proxy to all other participants in the session.
Protecting data across all these segments is a primary security consideration. Surfly's architecture treats each leg of this journey as a secure channel, applying encryption and security protocols to protect the integrity and confidentiality of the information as it moves through the system.
How Surfly Secures Data in Transit
Surfly employs a multi-layered approach to secure data throughout a co-browsing session. This security is not optional; it is an integrated part of the Interaction Middleware's design.
- End-to-End Encryption: All communication between user browsers and Surfly's proxy servers is encrypted using Transport Layer Security (TLS) 1.3 with 256-bit SSL certificates. This applies to the initial webpage content and all subsequent interactions.
- Secure WebSocket Connections: Real-time synchronization of actions (clicks, scrolls, typing) is handled via a persistent, encrypted WebSocket connection (WSS) over port 443. This maintains a secure and performant communication channel for the duration of the session.
- Zero-Storage Architecture: A core principle of the Surfly platform is that data in transit is never at rest. Information passes through the proxy servers for real-time rewriting and synchronization but is never written to disk or stored persistently. This removes the risk associated with stored data breaches.
The importance of Data in Transit
A Practical Example of Data in Transit
Frequently asked questions about Data in Transit
We’ve compiled answers to the most frequently asked questions about
Data in Transit
.
Surfly encrypts all data in transit using TLS 1.3 with 256-bit SSL encryption. This applies to the entire data journey: from the user to Surfly's proxy servers and from the proxy servers to the destination website. Combined with its zero-storage architecture, this ensures that sensitive information is protected as it moves across the web.
A MitM attack is a cyberattack where a malicious actor secretly intercepts and potentially alters the communication between two parties who believe they are communicating directly with each other. Strong, end-to-end encryption for data in transit is the most effective defense against this type of attack.
It depends entirely on the solution's architecture. A poorly designed proxy could introduce a weak point. However, a highly secure, purpose-built proxy like Surfly's can actually improve security by centralizing traffic through a system that enforces the latest encryption standards (like TLS 1.3) and maintains a zero-storage policy.
Both GDPR and HIPAA include explicit requirements to implement technical safeguards to protect personal and health information. Encrypting data in transit is considered a standard and necessary safeguard under these regulations. Using a platform that provides strong transit encryption is a major step in meeting these compliance obligations.