During testing, Sauce Connect Proxy establishes highly secure tunnels for communication between the machine where it's running and the Sauce Labs API and browser cloud.
Data transmitted by Sauce Connect is encrypted through the TLS protocol, which uses perfect forward secrecy for maximum security. Sauce Connect Proxy also uses a caching web proxy to minimize data transfer. You can disable this with the command-line option
Running Sauce Connect in a Demilitarized Zone (DMZ)
Within your infrastructure, Sauce Connect Proxy must be able to reach the application or server you want to test via your network, but can be firewalled from the rest of your internal network.
We recommend running Sauce Connect Proxy in a firewall DMZ on a dedicated machine and setting up firewall rules to restrict access from that DMZ to your internal network. Use caution when locating and configuring Sauce Connect in a DMZ. For more information, please see the Wikipedia entry on DMZ configurations.
Under the topic Getting Started with Sauce Connect Proxy, you'll find sub-categories describing the dos and don'ts in various Sauce Connect network configurations.