There is a great need
to ensure the confidentiality of business transactions over a network
between an enterprise and its consumers, between enterprises, and
within an enterprise. SAS products and third-party strategies for
protecting data and credentials (user IDs and passwords) are exchanged
in a networked environment. This process of protecting data is called
encryption.
Encryption is the transformation of intelligible data (plaintext)
into an unintelligible form (ciphertext) by means of a mathematical
process. The ciphertext is translated back to plaintext when the appropriate
key that is necessary for decrypting (unlocking) the ciphertext is
applied.
SAS offers two classes
of encryption strength:
-
If you do not have
SAS/SECURE,
only the SASProprietary algorithm is available. SASProprietary uses
32-bit fixed encoding and is appropriate only for preventing accidental
exposure of information. SASProprietary is licensed with Base SAS
software and is available in all deployments.
-
If you have
SAS/SECURE, you can
use an industry standard encryption algorithm instead of the SASProprietary
algorithm.
SAS/SECURE is an add-on product that is licensed separately.
Encryption helps protect information on-disk and
in-transit as follows:
-
Over-the-wire
encryption protects data while in transit. Passwords in transit to
and from SAS servers are encrypted or encoded.
-
On-disk encryption
protects data at rest. Passwords in configuration files and the metadata
are encrypted or encoded. Configuration files and metadata repository
data sets are also host protected.