Security at Phaze

Phaze is a secure and high-performance remote desktop technology to access your workstations. Because security is so important when choosing a remote desktop technology, we do our best to protect customers from social engineering attacks, monitor vulnerabilities in our codebase, secure our protocol and software, and follow operational security best practices.

Social engineering attacks can target customers directly, or they can be used against our team. To protect you from social engineering attacks and reusing passwords, we provide the option and highly recommend customers authenticate with a passkey. Additionally, we use Bcrypt to hash our customer passwords to protect against inadvertent access to the password table in our database.

Internally, we also take many steps to protect our team from social engineering attacks. Whenever possible, we require passkey authentication to access our systems. We monitor systems with MDM and EDR tools. Access to internal systems is also protected by strict authentication controls and continuous monitoring.

Phaze recently underwent a white box penetration test conducted by Cure53. The penetration test was extremely helpful and gave us feedback on areas of concern. Our plan is to undergo routine white box penetration tests to ensure that we have a world-class team providing up-to-date feedback and remediation recommendations for our software. The recent tests were conducted against our backend infrastructure, networking protocol, and remote desktop client software. We also run vulnerability scans on dependencies with Github.

The Phaze networking protocol uses DTLS 1.2 to secure the protocol against man-in-the-middle attacks. We also offer Enterprise customers the option to manage their own private certs. Those that take advantage of this feature are protected even if the Phaze backend were to be compromised because the certs would be stored locally with the customers.

Backend infrastructure is built with modern cloud security best practices. All services run inside isolated private networks with no public access, protected by a web application firewall, DDoS mitigation, and HSTS to enforce HTTPS. Connections use TLS 1.2+ with TLS 1.3 support. Data is encrypted in transit and at rest, with backups retained for reliable recovery. We apply strict network segmentation, rate limits, and multi-zone redundancy, and continuously monitor with automated threat detection, vulnerability scanning, and centralized audit logging for comprehensive visibility and rapid response.

Phaze is currently undergoing a SOC 2 Type II audit. During the audit period, Phaze is required to demonstrate that the company meets the strict requirements of the SOC 2 Type II certification. When we have the SOC 2 Type II certification, the report will be available for review on our Trust Center. You can also view our updated and automatically monitored operational controls on the Trust Center.