Company decrypting SSL, is it common?
We've just implemented a proxy that decrypts all SSL traffic in order to classify and scan it. Naturally a lot of our users feel concerned. We're a small company (100 users) owned by a big company (5000 users). What we hear internally is that "other companies doesn't do this". I think that this is the de facto standard for all major companies but I really don't know. Please elaborate your views, is this an exception or the de facto standard for companies (albeit primarily large, which we are counting with our parent company)?
Oh, we use proxy appointed by auto discovery but are about to block http/https bound traffic in firewalls. Yes, I know many ways to circumvent this and we will not be doing the cat and mouse game because I don't see how one can win that.
