We’re all aware of the many and varied regulations for your digital assets that exist across our different industries and countries. Addressing compliance generally also includes an analysis and assessment of data security. What do you have in place to ensure your data related assets remain secure and compliant?
As your business grows and your SAS environment evolves, how do you ensure continued regulatory compliance, business confidence, and alignment with a change in design specifications?
Can you afford to ‘set and forget’ your initial security implementation?
At SAS Global Forum 2017, Charyn Faenza and Michelle Homes presented their paper, SAS Metadata Security 301: Auditing your SAS Environment, which explains security as a journey rather than a destination.
The presentation showed how you can use Metacoda software to regularly review environments, protect resources, comply with security auditing requirements, and quickly and easily answer the question ‘who has access to what?’.
Being able to answer internal and external audit requests in a timely manner demonstrates that your environment is organized, well-maintained, and secure. So, how do you consistently address security compliance?
The following two SAS Institute webinars show how SAS administrators can validate and monitor a SAS security model design through regular and automated testing:
- SAS® Security Model Design Golden Rules, Validation, and Monitoring with Metacoda; and
- SAS Security Design Best Practices, Validation and Monitoring SUGA Meeting
Assessment and Remediation of Risks
With serious security breaches announced almost weekly, administrators need to take security auditing beyond basic compliance. Having a program of robust periodic reviews not only ensures a smooth audit; it strengthens the overall security program.
For example, how do you monitor who can update data assets that feed into the general ledger reporting? Are managers and data custodians informed if non-authorized people get access to data assets they shouldn’t? Should this be automatically monitored in your organization for regulatory compliance anyway? Is your organization doing everything possible to remediate risk?
When a security plan has been deployed, how do you ensure the environment remains secure? Can you just ‘set and forget’? Probably not. A security program is never ‘done’; it’s a continual journey.
A journey that involves: assessing risks, planning to mitigate them, implementing solutions, monitoring and checking, and then using that information for the next assessment phase. If data security is important to your organization, you’ll need to continually monitor and test that your environment is secure.
With the Metacoda Testing Framework we can help protect the integrity of your SAS metadata security implementation via tests and alerts.
We can take you on a journey beyond compliance with regular and automated monitoring of SAS security best practices. After all, data security is about more than meeting legal and contractual obligations; it’s also about maintaining good relations with your clients and customers.
True blue time at SAS Global Forum
We’re excited to be heading off to SAS Global Forum 2018 in Denver, Colorado on 8-11th April. It’s our 7th consecutive year as a sponsor and we’d love to catch up if you’re there.
And, if you’re having trouble finding the Colorado Convention Center, just look for the 40-foot-high Blue Bear peering in. The Metacoda koalas reckon the blue bear looks pretty cool, and are looking forward to a ‘true blue‘ time at SAS Global Forum 2018!
So, if you can’t ‘bear’ the thought of having to address and govern your SAS security controls without a robust, automated process, visit our Metacoda stand in The Quad or make an appointment to find out more about our products. We’ll show you how we can help manage, document, review, audit, validate, monitor, troubleshoot and test your SAS platform installation with confidence.
Of course, if you’re not going to SASGF, or you’d like to learn more before the conference, you can register for our 30-day free evaluation and/or arrange a private demo and chat over a web meeting.