How Mobile Cloud Security Protects Devices

After you set up the mobile cloud security solution, software on the mobile device redirects HTTP/HTTPS traffic to Skyhigh Security WGCS for filtering.

1. In Skyhigh CASB, the administrator configures the mobile cloud security solution by:
   1. Uploading the customer CA certificate, whose private key is used to sign the device certificates
   2. Specifying the names of the fields that identify the user name and user group in the device certificates
      IMPORTANT: You must upload the CA certificate before configuring the MDM solution.
2. In the administrator interface of the MDM solution, the administrator:
   1. Configures an identity certificate profile for the device.
   2. Configures the VPN profile which references the identity certificate profile.
3. When the user logs on to the device and registers it with the MDM server, the software:
   1. Signs the identity or device certificate with the CA certificate.
   2. Downloads the signed certificate and VPN profile to the device.
4. After the following steps are completed, the software on the device starts redirecting HTTP/HTTPS traffic to Skyhigh Security WGCS through the VPN gateway.
   1. The device uses the signed certificate to authenticate to the VPN gateway.
   2. The VPN gateway creates a secure VPN tunnel with the device.
5. WGCS filters the HTTP/HTTPS traffic, allowing or blocking web requests according to your policy.