BookmarkSubscribeRSS Feed
JoaoM
Calcite | Level 5

Can i block the export file feature to avoid data leak?

6 REPLIES 6
Reeza
Super User

I think we need more details.

What type of export? PDF, Excel, SAS datasets?

jakarman
Barite | Level 11

What type of access to the data your users are having?
If they are responsible to have that data available, how would you prevent data-leaks by preventing some usage?

There are two mitigations:

- define your security controls in way that only

    a/ personal keys are used by your users and

    b/ those personal keys are limited to access just the data they are needing.

   This is part of the RBAC process. It includes the whole path of the used stack. (OS layer . external DBM, SAS metadata)
- Make the activities of the users traceable and auditable by using logging

This is SIEM Security Information and Event Management.

part of the "standard of good practice" included with ISO27k hipaa sox-404 and many more. 

---->-- ja karman --<-----
SASKiwi
PROC Star

I see little point in trying to block SAS's export capabilities as anyone with reasonable SAS knowledge can bypass them, for example using a DATA step with PUT statements to write external files.

If this is a data security issue, then it could be approached more from the who has access to what point of view - if you trust users to access the data, why can't you trust them to not export inappropriately?

ChrisHemedinger
Community Manager

Good points by all -- it can be a struggle to give users the tools they need to do their jobs, and then still try to lock down the capabilities that could potentially be abused.

SAS does have some options for this:

New superpowers for SAS administrators - SAS Users Groups

Even with these options, I wouldn't consider this a substitute for clear policies, diligent monitoring, and OS-level permissions that reflect who should be able to do what...

Chris

It's time to register for SAS Innovate! Join your SAS user peers in Las Vegas on April 16-19 2024.
jakarman
Barite | Level 11

If you want additional info see: SIEM  or Security information management - Wikipedia, the free encyclopedia . You need a BI tool for log - analyses. SAS is not mentioned in this world although they could do or. The name popping up is Splunk.     

---->-- ja karman --<-----
Kurt_Bremser
Super User

Any user who can see data can simply copy/paste it. Trust your users or not. If not, don't let them work with the data at all.

The only reasonable thing you can do is set logging to a level that lets you see all requests that were handled by the SAS system, so you can at least make a valid attempt to find out who accessed the relevant data at a given time, if something was leaked.

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

SAS Enterprise Guide vs. SAS Studio

What’s the difference between SAS Enterprise Guide and SAS Studio? How are they similar? Just ask SAS’ Danny Modlin.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 6 replies
  • 1066 views
  • 0 likes
  • 6 in conversation