Encryption

Encryption is a method of transforming readable data (plaintext) into an unreadable, scrambled format (ciphertext) using an algorithm and an encryption key. Only entities possessing the correct decryption key can convert the ciphertext back into its original, readable plaintext form. This process is essential for protecting sensitive information from unauthorized access, both while it's being transmitted over networks (data in transit) and while it's stored (data at rest).

Surfly employs strong encryption mechanisms as a default for all its co-browsing sessions and communications. The primary standard used by Surfly for data in transit is TLS (Transport Layer Security), specifically TLS 1.3, which is the latest and most secure version of the protocol.

For every co-browsing session, all communication between participants and the Surfly Interaction Middleware is protected, making secure collaboration possible across the open internet. This application of strong, standardized cryptography is what makes the architecture viable for enterprise use, particularly in regulated industries.

Enabling the Proxy Architecture

Because all session data is centralized through the proxy, encryption of that data stream is the primary mechanism for ensuring confidentiality and integrity, making secure collaboration possible.

• Protects the real-time stream of Document Object Model (DOM) events, which is the mechanism Surfly uses to synchronize browser states between participants.
• Secures the connection from the end-user's browser to the Surfly proxy, which is important when a user is on an untrusted public or home network.
• Complements the zero-storage policy by securing data while it is in motion, which is the only state in which data exists on Surfly's servers.

Unifying Security Across All Communication Channels

A co-browsing session is often a multi-channel interaction. Encryption is applied uniformly across all communication methods within the session, providing a single, consistent security standard for every type of data exchanged.

• Safeguards the WebRTC streams used for integrated video and audio chat, protecting live conversations from being intercepted.
• Secures all uploaded files, reviewed documents, and e-signature workflows that occur within the session's secure container.
• Protects the real-time text chat log, ensuring that any information shared, such as account numbers or personal details, remains private.

Streamlining Enterprise Adoption and Compliance

For Surfly’s target market, the choice of encryption technology directly impacts the speed of procurement and deployment. Using current, widely accepted cryptographic standards simplifies the security vetting process required by large organizations.

• Helps organizations satisfy the technical safeguard requirements of compliance mandates like HIPAA, GDPR, and SOC 2, which specify rules for data in transit.
• Provides IT security teams with a clear, auditable control, which shortens the risk assessment and vendor approval process.
• Builds trust with end-users interacting with sensitive forms or processes, reducing abandonment rates related to security concerns.