Security "Bits"

Do employees deserve privacy?

By Mike Schuricht | March 22, 2014 at 7:30 AM


SSL encrypted traffic has increased tremendously over the last 5 years, representing 50% of traffic on some networks. The increased adoption of cloud applications during the same time period, apps like Google Apps, SalesForce, Workday, ServiceNow, etc also increases SSL traffic. Even social networking and consumer apps like Facebook, Gmail, and Google search now utilize SSL. 

This has created a blind spot for enterprise IT if they have not rolled out a mechanism to decrypt SSL traffic.

Without decryption, the content and files transferred are not inspected for threats or data leakage. Solutions including secure web gateways, proxies, and next-generation firewalls utilize a variety of forward and reverse proxy technologies. The desire to decrypt traffic in order to increase data security, can be slowed by legal departments since privacy policies and laws make it important to differentiate personal user traffic (e.g. Banking, Medical) from enterprise app usage (e.g. Salesforce, Workday). 

Forward-proxy technologies typically terminate, decrypt, and inspect traffic without differentiating personal from corporate accounts. They also require pushing trusted certificates or proxy configuration files to endpoints which can be a management nightmare for IT, resulting in never-ending device provisioning or enrollment cycles. This approach is becomes untenable in BYOD environments where employees expect their personal lives to remain private. 

Reverse-proxy technologies deploy in front of business applications and can specifically target corporate traffic, leaving the user’s personal traffic alone. There is also no requirement to manage certificates or proxy configuration files which results in reduced operating expense. 

In the end, users want to remain productive, with the devices and apps they love to use, all without feeling like Big Brother is looking over their shoulder. IT wants to avoid adding any solution that increases management overhead but still needs to secure company data assets. 

What do you think? 

Please share your comments below, I would love to hear them.



see all