Arstechnica reports that Microsoft's Hotmail Wave4 will switch to Always-On SSL. While this move will protect user email from eavesdropping, it opens yet another hole in enterprise security. Since SSL connections cannot be inspected by gateway content security products, users may now download and upload any kind of data and email attachments without being subject to enterprise security policies.

"...Following in the footsteps of Google's Gmail, Hotmail Wave 4 will offer full-session SSL. Presently, logging in to Hotmail uses HTTPS to protect user credentials from attack, but e-mail itself is delivered over unsecured HTTP. Gmail switched to using HTTPS for the entire session—both logging in and reading/sending mail—by default in January (previously, it was an opt-in feature)..." Read the full article at Arstechnica by clicking this link and protect your enterprise by clicking this link.