During testing, Sauce Connect Proxy establishes highly secure tunnels for communication between the machine where it's running a secure connection between applications hosted on an internal server and the Sauce Labs API and browser cloudvirtual machines or real devices that are used for testing.
Data transmitted by Sauce Connect is Connect Proxy is encrypted through the TLS protocol, which uses perfect forward secrecy for maximum security. Sauce Connect Proxy also uses a caching web proxy to minimize data transfer. You can disable this with the command-line option line option
Running Sauce Connect in a Demilitarized Zone (DMZ)
Within your infrastructure, Sauce Connect Proxy must be able to reach the application or server you want to test via your network, but can and should be firewalled from the rest of your internal network.
We recommend running Sauce Connect Proxy in a firewall firewalled DMZ on a dedicated machine and setting up firewall rules to restrict access from that DMZ to your internal network. Use caution when locating and configuring Sauce Connect in a DMZ.
For more information, please see the Wikipedia entry on DMZ configurations.
Under the topic Getting Started with Sauce Connect Proxy, you'll find sub-categories describing the dos and don'ts in various Sauce Connect network configurations.