Enterprise data security seems to suffer from a widespread misunderstanding of this question. HTTPS (i.e., TLS, formerly SSL) is the industry standard for encryption and it protects data in transit. Its job is to keep content private from anyone who wants to spy on it. But this protocol is only a vehicle; encryption doesn’t mean that the content itself is safe. Malware can be encrypted and transmitted just as easily as legitimate files—and, in fact, more than eighty percent of malware travels over these channels.
If this idea seems basic, consider this: most organizations do not inspect all encrypted traffic. Many do not inspect any encrypted traffic. With the majority of traffic moving over encrypted channels, why wouldn’t enterprises inspect it? And the better question: what are they missing?