Encryption: Overview

There is a great need to ensure the confidentiality of business transactions over a network between an enterprise and its consumers, between enterprises, and within an enterprise. SAS products and third-party strategies for protecting data and credentials (user IDs and passwords) are exchanged in a networked environment. This process of protecting data is called encryption. Encryption is the transformation of intelligible data (plaintext) into an unintelligible form (ciphertext) by means of a mathematical process. The ciphertext is translated back to plaintext when the appropriate key that is necessary for decrypting (unlocking) the ciphertext is applied.

SAS offers two classes of encryption strength:

• If you don't have SAS/SECURE, only the SASProprietary algorithm is available. SASProprietary uses 32-bit fixed encoding and is appropriate only for preventing accidental exposure of information. SASProprietary is licensed with Base SAS software and is available in all deployments.

• If you have SAS/SECURE, you can use an industry standard encryption algorithm instead of the SASProprietary algorithm. SAS/SECURE is an add-on product that is licensed separately.

• Over-the-wire encryption protects SAS data and data while in transit. Passwords in transit to and from SAS servers are encrypted or encoded.

• On-disk encryption protects data at rest. Passwords in configuration files and the metadata are encrypted or encoded. Configuration files and metadata repository data sets are also host protected.

Copyright © 2008 by SAS Institute Inc., Cary, NC, USA. All rights reserved.