Skip Navigation

Data flow: Accessing a cloud-based application or Internet destination

This data flow describes how data travels between devices and a cloud-based SaaS application or public Internet destination using
CylanceGATEWAY data flow for accessing a cloud-based application.
The above diagram shows the following sequence.
  1. The user enables Work Mode and opens an app and attempts to access a cloud-based application or destination over the public Internet.
  2. The
    CylancePROTECT Mobile
    app or the
    agent on the device sends the encrypted data through a secure tunnel to
    in the
    BlackBerry Infrastructure
  3. CylanceGATEWAY
    performs the following actions:
    1. Determines, based on the access control list (ACL) rules, whether the user has access to that location.
    2. If the user has access, sends the data to the SaaS application or allows access to the Internet destination.
    3. Applies Network Address Translation (NAT) to flows that access SaaS apps and Internet destinations by replacing the source IP address.
  4. If source IP pinning is enabled, the SaaS application verifies that the connection is coming from an IP address that is associated with your
    tenant before allowing access.