My ${DAY_JOB} simply MITMing all traffic from the laptop through Netskope.
At that point I don't even search work related web from the corporate laptop.
Self-inflicted self-invented compliance which goes way beyond laws and regulatons went too far in the enterprise world.
Inspecting network traffic is not a self invented regulation.
MITM of network traffic historically was the easiest way to monitor what goes in and out of ones network. It's still pretty easy. It's a corporate resource, the ethics aren't that bad.
People say to inspect the endpoint. I'm simply not sure the technology is there to inspect data destined to leave an endpoint in clear text. The next step would be for apps to encrypt data before they let the operating system know they want to send data outbound.
Then the next step is to only allow applications that comply with some sort of framework for content inspection prior to sending stuff over the network. I don't know if there's any thing like that currently.
Ah, in this instance, I was thinking of finance, and other industries, where network inspection is required by regulators.
Perhaps if a network were highly segmented, one could find a way to get away from intercepting all employees. Anyone with access to business data, though? That's the way it is.
Corporate MITM'ing is always a bad practice, it breaks a lot of TLS (e.g. mTLS) and can't be implemented in a way that will not break legitimate workflows (e.g. cert pinning a untrusted leaf vs the middlebox trusting everything and re-signing with 'real' cert)
