Re: TLS proxies for security?!?
I thought TLS proxies were for spying on users; would anyone really buy one to *increase* security?
The private citizen in me totally agrees and I hate the idea of breaking end-to-end encryption but IT departments do have a duty to protect end users and the infrastructure from attack and a (properly configured!) TLS proxy does allow this.
What concerns me is that companies don't make it clear to employees that they MITM every HTTPS connection and that a rogue IT bod could syphon off sensitive info when employees use work computers for online banking and the like. Companies should be obliged to explain clearly to new employees that the 'lock' symbol on their browser does not provide privacy on the corporate LAN. Ideally, explicit written consent should be required.
As Uncle Ben said, "With great power comes great responisbility." Any IT staff who have access to the key hardware need to be subject to criminal record & security checks as rigourous as for military, law enforcement or child-care roles. I'm damn sure that very few are.
Actually, even if not malicious, most IT staff I've met don't have the competence to maintain good security policy yet are all still given administrative access to security infrastructure. I'd never connect any of my own sensitive devices directly to a company LAN - far too insecure!