Thanks for everyones input on this. I can't go into specifics but deploying SSL / Inspecting SSL in our deployment is a bit of a minefield.
After reading what everyone is saying here, it looked all too difficult. Regardless of the chosen path some kind of Cert deployment would be needed.
To get around this, one thing EVERYONE must use in our organisation is DNS, so I've placed an RPZ in our DNS solution to make sure ANY request going to Google is sent to the nosslsearch.google.com VIP of Google. Works very well.
Thanks again everyone who answered.