At my last job, my CISO made the company trial ZScaler. When it caused tons of problems for Engineering, he cancelled the trial, then tried out CloudFlare's MitM proxy, which of course had the same problems.

I had to talk to him and say look, what you're trying to do isn't possible without breaking things. It's not a limitation of the products, it's a limitation of the underlying security that you're trying to bypass, and you're making security WORSE, not BETTER.

He wanted to log every employee's Internet traffic so that he could determine if someone was leaking company data, such as source code, customer data, etc. I said that there's nothing you can do to stop that, and even if someone knows their traffic is being monitored, it's easy to bypass by just adding a second layer of encryption.