Today, CIOs find themselves walking a fine line between network security and user privacy. In traditional network security deployments, antivirus and content filtering systems focus on traffic transmitted “in the clear”. But as criminal organisations have moved their communications from IRC to HTTP to HTTPS, network security administrators are now able to view all encrypted data passing through their networks. Full SSL decryption on networks where users exchange personal data such as Internet banking is rarely a favourable option. So, how do CIOs provide network security while maintaining user privacy obligations?