BookmarkSubscribeRSS Feed
VikasCOV
Calcite | Level 5

We are planning to encyrpt our data in SAS 9.2 for both SAS data at rest and in transit.

Are there any performance metrics available for any of the following encryption types?

  • Encrypt = data set option
  • SASProprietary
  • SAS/Secure

Thanks,


Vikas

3 REPLIES 3
LinusH
Tourmaline | Level 20

I haven't heard of any official metrics.

Similar to compression, each site has it's own specifics - which in the area of encryption includes CPU capability and the data profile.

It sounds like you have a SAS license already, so the best way to found out is to test - SAS Proprietary is included in Base SAS. For SAS/Secure (if you don't have that licensed at the moment), talk to your SAS sales representative and discuss the possibilities to set up a trial license for testing purposes.

Requirements wise, if there is a requirement for encryption, I should suspect that requirement need decide which encryption method you should chose. Decide that first, then look at the implementation.

My gut feeling is that compression comes with a similar CPU penalty to uncompressing compressed data.

Data never sleeps
jakarman
Barite | Level 11

To encrypt the data at rest you are limited to SAS datasets in table format. This is the encrypt dataset option.

All other types of data are not applicable for encrypting (catalogs output logs etc.).

To encrypt data over the wire (transmission) data you can use SAS/Secure for most clients. For the SAS/Connect and Share you are needing the SSL setup. 

See: Encryption in SAS(R) 9.4, Second Edition  and Encryption in SAS(R) 9.2 With SAS 9.4 SAS/Secure is included and no separate license anymore.

The more higher encryption level is needed the more overhead is involved. No real metrics are available.

As you are planning encryption I am expecting you already have a well designed OS layers control in effect. The default roll out of SAS is insufficient in this aspect.

Al lot of adjustments to OS layer controls is mentioned in: Bisecag (security admin guide EIP), Bound libraries guide, VA admin guide. You would be one the first when you did follow that.     

The encryption of SAS datasets comes with some logical penalties, those are:

- encrypted datasets are not supported when you would like to use update in place options (ADD rows). That is for example  the EGuide table editor.

- The read password serves as an additional seed. By that you need to use that dataset-option always. As seed it may be published public as in that case your intention is not protecting it by a password. The real protection of the data should come from a different approach. That is: OS layers.   

---->-- ja karman --<-----
VikasCOV
Calcite | Level 5

Thanks for the detailed responses. I agree the only way to analyze the performance impact is to implement the solutions.

We are in the process of evaluating the exact requirements before diving deeper into SASProprietary or SAS/Secure

I am concerned with the AES option in SAS/Secure can significantly impact the performance which will not be well received by our users.

We already use very expensive disk to get them the best performance, but it may not be sufficient.

Thanks again !

Vikas

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 3 replies
  • 579 views
  • 6 likes
  • 3 in conversation