Encryption
Encryption is the process of converting data into a secure, unreadable format that can only be deciphered with a specific key. In Surfly's architecture, encryption is a core security measure, protecting all data transmitted during co-browsing sessions—including web content, communications, and shared documents—to ensure privacy and compliance.
What you need to know about Encryption
Encryption is a method of transforming readable data (plaintext) into an unreadable, scrambled format (ciphertext) using an algorithm and an encryption key. Only entities possessing the correct decryption key can convert the ciphertext back into its original, readable plaintext form. This process is essential for protecting sensitive information from unauthorized access, both while it's being transmitted over networks (data in transit) and while it's stored (data at rest).
Surfly employs strong encryption mechanisms as a default for all its co-browsing sessions and communications. The primary standard used by Surfly for data in transit is TLS (Transport Layer Security), specifically TLS 1.3, which is the latest and most secure version of the protocol.
The importance of Encryption
For every co-browsing session, all communication between participants and the Surfly Interaction Middleware is protected, making secure collaboration possible across the open internet. This application of strong, standardized cryptography is what makes the architecture viable for enterprise use, particularly in regulated industries.
Enabling the Proxy Architecture
Because all session data is centralized through the proxy, encryption of that data stream is the primary mechanism for ensuring confidentiality and integrity, making secure collaboration possible.
- Protects the real-time stream of Document Object Model (DOM) events, which is the mechanism Surfly uses to synchronize browser states between participants.
- Secures the connection from the end-user's browser to the Surfly proxy, which is important when a user is on an untrusted public or home network.
- Complements the zero-storage policy by securing data while it is in motion, which is the only state in which data exists on Surfly's servers.
Unifying Security Across All Communication Channels
A co-browsing session is often a multi-channel interaction. Encryption is applied uniformly across all communication methods within the session, providing a single, consistent security standard for every type of data exchanged.
- Safeguards the WebRTC streams used for integrated video and audio chat, protecting live conversations from being intercepted.
- Secures all uploaded files, reviewed documents, and e-signature workflows that occur within the session's secure container.
- Protects the real-time text chat log, ensuring that any information shared, such as account numbers or personal details, remains private.
Streamlining Enterprise Adoption and Compliance
For Surfly’s target market, the choice of encryption technology directly impacts the speed of procurement and deployment. Using current, widely accepted cryptographic standards simplifies the security vetting process required by large organizations.
- Helps organizations satisfy the technical safeguard requirements of compliance mandates like HIPAA, GDPR, and SOC 2, which specify rules for data in transit.
- Provides IT security teams with a clear, auditable control, which shortens the risk assessment and vendor approval process.
- Builds trust with end-users interacting with sensitive forms or processes, reducing abandonment rates related to security concerns.
A Practical Example of Encryption
Frequently asked questions about Encryption
We’ve compiled answers to the most frequently asked questions about
Encryption
.
Surfly primarily uses TLS 1.3 with 256-bit SSL encryption for all data in transit. For data at rest (e.g., optional session recordings), industry-standard algorithms like AES-256 are employed.
Both HIPAA and GDPR mandate strong security measures to protect sensitive personal data. Surfly's use of TLS 1.3, 256-bit encryption for data in transit, and encryption for data at rest (for optional recordings) are technical safeguards that help organizations meet these regulatory requirements for data protection.
Even if the target website is HTTP, the connection between all participants and Surfly's proxy servers is always encrypted over HTTPS. Surfly will fetch the HTTP content, but deliver it to all participants through its own secure, encrypted tunnel.
Yes, when documents are uploaded or shared within a Surfly session, the transmission of these documents is encrypted using TLS, just like other web content. If session recording is enabled and includes these documents, they would also be encrypted at rest.