I am currently involved in a similar project. We do not deal with encrypting as much as tokenization or protection of data items as we call it. Data items can be protected and unprotected in many ways. Sometimes unprotection needs to be done only partially, eg. only first n digits of a social security number, part of a postal code or whatever. Everything on a need-to-know basis. So leaving everything up to the data warehouse is not always an option, especially when SAS plays an important role in the data logistics in and out of that dw. We have a dw in Teradata but data in SAS are also rather wide spread and they do not escape GDPR or similar rules.
Another aspect that hits home severely is data quality. One can live with having a SSN in mixed formats (num versus char) until protection/encryption comes in and values are no longer match and relationships between tables get lost. Solving these issues at the root can take years. Having the ability for SAS to participate in this protection game is VERY important. Having the API's encrypt()/decrypt()/protect()/unprotect() functions available in SAS datastep and SQL can be very helpful. Hence my advice to surface that API using mentioned tooling.
The plethora of challenges that arises from data quality and authorizations make it too complicated to be addressed by just whipping up a couple of views and get on with it.
... View more