Like all security, there's no one single solution there, and no solution is without problems. SSL decryption is an interesting problem, as the whole fudging of certificates at the client side thing leads to bigger issues around what the users see at their end, and whether or not applications work with it. That doesn't make it bad, but it does mean it's not a trivial panacea courtesy of a magical vendor-provided box, and that other issues downstream will occur as a result. I previously worked for a large finance org, and they had non-stop issues with the Justice Attorney General's central security department who needed to use the web based services, and their SSL inspection stuff constantly broke the software (they'd do things like not respect the no-cache headers, cache user content that should be inside SSL anyway, and end up exposing secure/private data to the wrong users inside their org). The development and management costs at both ends were enormous. Completely warranted, given what each side was responsible for, but incredibly costly and complex. Services like OpenDNS are pretty interesting too, as they can give you a lot of eyes on the "shadow IT" stuff that goes on in every single company these days. I'm looking at that for my current workplace as a way to get some extra reporting without having to develop it ourselves. It's not the answer to seeing what happens inside SSL encrypted communications, but it does give a very quick view of who's using what services around the Innertubes, which in turn allows us to dig in a more focussed manner when we need to. I get you're just making the example, but if security is a genuine concern to your industry, you won't be allowing sites like dropbox at all, long before you bother digging inside the HTTPS stream. SSL decrypt is cool, but some of the oldschool methods like whitelisting do a lot more for security at a fraction of the CPU and dollar cost. I understand too that it can piss off the non-technical folk who don't understand how to email the client with instructions on how to use the provided, secure SFTP site, and they "need" their urgent dropbox hosted XLSX file now now now, but that's where the business and the security teams need to work together better outside of computers, and have some faith that they're all working for the same team, and towards the same goals. (Hey look at that, I'm being all friendly, fluffy, and rose coloured glasses for once - Happy New Year!). But yes, the point is understood, there are many other services less blatantly dodgy than dropbox that are SSL encrypted, valid for business use, and are nice to peer inside once in a while to make sure they're not sending nasties around the place. All I can say is, it's a financially viable time to have even the tiniest bit of security experience. Thanks, cloud!