Yeah, I'm amazed and concerned that you have a security team so paranoid that they would make SuperUser read-only but apparently lack the ability to perform SSL interception. Considering the huge value the latter has in any kind of post-compromise scenario and, increasingly, to prevent compromise in the first place... there needs to be a real discussion about getting priorities in order.

I disagree about the dumbness.

People do incredibly stupid things. I've seen customer data dumps on web forums.

Certainly doable but this should not be done.

There are many enterprise "solutions" that basically do this "out of the box". Yeah it shouldn't be done and a lot of employees are likely unaware that IT can see all of their SSL traffic but it's a big business.

HTTPS or not, certainly nothing is private here, but that's expected for this sort of place.