Security Controls In The US Enterprise: SSL/TLS Appliances

Security Controls In The US Enterprise: SSL/TLS Appliances


Jason Pappalexis, John Whetstone, Will Fisher, Mike Spanbauer



Web encryption has become a minimum requirement in digital business transactions. Today, more than 59% of all websites are encrypted and so is approximately half of all enterprise traffic. However, server-side vulnerabilities and browser-side vulnerabilities are common paths for threat actors to obtain root-level access, and these vulnerabilities can be accessed regardless of whether or not they are encrypted.

Enterprises that wish to make changes to their security architectures will often rely on insight from their peers. This brief presents results from NSS Labs’ 2017 Enterprise Security Architecture Study, which included survey responses from 510 information security professionals representing 50 US industries.



  • Product scope, alternatives, deployment, and purchase authority
  • Metrics on product use within the enterprise
  • Who manages SSL/TLS appliances? (breakdown by organization size)
  • Who uses API controls? (breakdown by organization size)
  • Enterprise challenges



Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for SSL/TLS appliances within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).


As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.