Does SLC encrypt data?
Altair EmployeeData at Rest:
The SLC can read/write encrypted datasets with the encryption key being specified by the IT/admin or specifically by the user. Encryption can be enforced for all users, or can be the default setting, or just "available when needed". i.e. the ENCRPYTKEY & ENCRYPT options can be set using OPTIONS statement, after which any datasets created by the program will be encrypted using the specified key (and any encrypted datasets that read by the program will be read using the key - assuming it is the same key as was used to encrypt the data set in the first place.)
Data in Transit:
Communication between Workbench and SLC is encrypted, as the transport is over SSH.
Communication between SLC and databases is honored by SLC but is dependent on the encryption supported by the database vendor. Most up-to-date database drivers support SSL (TLS) encryption between the client driver and the database server.
Data in Use:
Data is not encrypted while it is being processed by SLC.
External Data:
SLC cannot read data that has been encrypted by third party software, e.g., SLC cannot read a SAS7BDAT file that has been encrypted by SAS. Also, SLC cannot create an encrypted SAS7BDAT file.
Examples:
The ENCRYPT and ENCRYPTKEY system options can be set at the top of your sas language script:
options ENCRYPT=YES;
options ENCRYPTKEY="testpwd";
The ENCRYPT and ENCRYPTKEY system options can be set in a config file i.e. in altairslc.cfg:
-ENCRYPT yes
-ENCRYPTKEY Abc123
ENCRYPT and ENCRYPTKEY options can be use when accessing a particular data set:
data testencrypt(encryptkey="Password$1" encrypt=AES);
set test;
run;
The use of encryption can be made to be the default by putting ENCRYPT and ENCRYPTKEY settings into the .cfg file - either into the user's own CFG file for a single user, or into a common CFG file shared by all the users at the site.
If the administrator wants to enforce the use of encryption for all the users at the site then those options can be put into the 'restricted options' file raltairslc.cfg in the special location documented in the Workbench user guide - so that the user cannot override the ENCRPYTKEY & ENCRYPT option values that the administrator has chosen.
Note that the administrator cannot prevent the users from seeing and knowing the encryption key that they are using (the restriction options file must have read permission for all the users). The administrator can also make use of the ALLOWWPDUNENCRYPTED system option that can be set in restricted options config file. Then even if the user attempts to set ENCRYPT=NO as a data set option, if ALLOWWPDUNENCRYPTED is true, then an error will be generated.