Question: 

Our map viewer is using http instead of https.


Answer: 

The Map is insecure for every instance, whereas your managed layers are protected and require login credentials to access. You can test this by choosing View Details from the Map Resources dialog for one of the managed layers (i.e. EO, SF, MA, Site).


The map viewer page loads using the http protocol. This is to allow programs the option of including map services that are only available over http. If the map viewer page were loaded using https, this would not be possible due to web browser security rules.  However, all communication between the map viewer page and the Biotics server is still done over https, and is encrypted. This includes all data downloaded from or uploaded to the Biotics server. 


Https only refers to encryption between the web browser and the server, which prevents a third party from snooping on the traffic. Another aspect of security is whether or not a resource requires somebody to be logged in. All of the map services for the Biotics managed layers require logins. If somebody uploads a shapefile to the map, it is copied to the web server, and ArcGIS Server creates a temporary map service for the shapefile. This temporary map service can only be accessed by somebody who is logged into Biotics.