Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance Endpoint Security Overview and Architecture
  4. What is CylanceGATEWAY?
  5. How CylanceGATEWAY sends data using Work Mode
  6. Data flow: Accessing a cloud-based application or Internet destination

Data flow: Accessing a cloud-based application or Internet destination

This data flow describes how data travels between devices and a cloud-based SaaS application or public Internet destination using
CylanceGATEWAY
.
CylanceGATEWAY data flow for accessing a cloud-based application.
The above diagram shows the following sequence.
  1. The user enables Work Mode and opens an app and attempts to access a cloud-based application or destination over the public Internet.
  2. The
    CylancePROTECT Mobile
     app or the
    CylanceGATEWAY
     agent on the device sends the encrypted data through a secure tunnel to
    CylanceGATEWAY
     in the
    BlackBerry Infrastructure
    .
  3. CylanceGATEWAY
     performs the following actions:
    1. Determines, based on the access control list (ACL) rules, whether the user has access to that location.
    2. If the user has access, sends the data to the SaaS application or allows access to the Internet destination.
    3. Applies Network Address Translation (NAT) to flows that access SaaS apps and Internet destinations by replacing the source IP address.
  4. If source IP pinning is enabled, the SaaS application verifies that the connection is coming from an IP address that is associated with your
    CylanceGATEWAY
     tenant before allowing access.