By default, a hosted layer is private when it is first published and is only accessible to the publisher and the administrator. It is not available to others; for example, it does not appear in search results and isn't part of any group. To make a hosted layer available to other users, the layer owner or the portal administrator must explicitly share the layer.
To secure your data, user identity is established when the user signs in to the portal, which always takes place over an encrypted connection (HTTPS). Subsequent transactions require the token acquired at sign in and can take place over encrypted or unencrypted connections.
The portal administrator determines whether HTTPS is required for all transactions. The all-HTTPS solution supports maximum security and ensures that all data used in the portal, as well as authentication tokens, are encrypted when sent across your intranet or the Internet.