Reading Jan Bigalke’s SAS Global Forum paper on “Hardening a SAS® Installation on a multi tier installation on Linux" reminded me of baking apple stack cake with my mother. Neither is a simple project. Both are time-consuming, and their success depends on how skillfully you handle each layer.
Data security is a global concern, and configuring SAS in a distributed computing environment with enhanced security and regulatory controls is a challenge SAS administrators must face more frequently. To meet today’s more stringent requirements, SAS administrators must understand the different technologies available for securing individual components of the architectural stack—options for all SAS components as well as options for any third-party components and tools. In his most recent paper, Bigalke offers these suggestions and documents his approach for securing a multi-tier installation of SAS software in a Linux environment:
- Understand the explicit security needs of the organization and the options available for meeting those needs. Bigalke based his configuration on meeting FIPS 140-2 requirements of the US government computer security standard.
- Use single sign-on to minimize the need for providing user credentials. SAS Web applications and clients generally require users to enter credentials.
- Protect the Web components using reverse proxy and TLS/SSL signed certificates. Web components are generally the most exposed, and these techniques will not only secure the connection but also be more convenient to the end-user.
- Configure SAS clients, SAS metadata, Base SAS and third-party data sources using appropriate authentication options. SAS 9.3 components that use WIP Services to connect to the SAS System offer direct LDAP authentication. You may also want to explore JAVA-based versus standard SAS-based functions for securing connections using TSL/SSL protocols.
Other SAS Global Forum 2013 papers that cover security topics include:
- Key Aspects to Implement a Perfect SAS® BI Platform
- Kerberos and SAS® 9.4: A Three-Headed Solution for Authentication
- π in the sky: Building a private SAS® cloud
- Extending SAS® Reports to your iPhone
For the more information on security and configuration options, here’s a handful of recently published SAS configuration guides:
- Configuration Guide--SAS® 9.3 Foundation for UNIX® Environments
- Configuration Guide: Securing SAS® Web Applications with SiteMinder
- Configuration Guide for SAS® 9.3 Foundation for z/OS®