WIXLIB

WHITE PAPERHosted Managed Services for SAS Technology

iiContentsPerformance. 1Optimal storage and sizing . 1Secure, no-hassle access . 2Dedicated computing infrastructure . 2Early and pre-emptive detection of incidents . 2Security. 2Data protection warranties (with approved liability levels)for personally identifiable information. 3Documented data classification and handling policy. 3Continuous improvement efforts. 3SOC 2 Type II/SOC 3 processes and controls . 4Site-to-site VPN/IP allowlisting . 4Secure FTP with automated data ingestion processes. 4Patching of SAS solutions where required for security. 4Access control and account management . 5Robust subcontractor qualification and management. 5Service Operation Management. 5Event management. 5Incident management. 5Problem management. 6Stability. 6Best-practice installation of SAS software. 6Incident response targets. 7Data centers: Tier 2 or higher. 7Defined standards and documentation for SAS installations . 7Monitoring and alerting of storage capacity configured to SAS . 7Backup of all key data. 8SAS Business Continuity Management . 8Conclusion. 8

1Hosted managed services is an excellent option for organizations looking for a comprehensive analytics solutions based on SAS industry-leading products and delivered bythe insiders who know these tools best. Hosted managed services give you the optionto deploy the technology on an infrastructure that has been tuned specifically for thesolution.All new SAS Viya offerings are available as a hosted managed service in MicrosoftAzure. Due to the combination of cutting-edge technology and dedicated serviceand support, SAS hosted managed services have helped customers: Reduce capital costs. Organizations can save money by skipping large, upfronthardware purchases – and enjoy more predictable costs over time. Therefore,you get superior analytics and business intelligence solutions that drivebottom-line results. Increase staffing savings. With a SAS hosted solution, you can reduce your relianceon already overtaxed internal staffing resources. Rely on SAS to provide expertcapacity planning and support – and let your staff focus on proactive businessimprovement. Reduced operational costs. With no installation of software or hardware at thecustomer site, you can see energy savings as well as improved performance.This paper highlights the primary advantages of choosing SAS as your hostedmanaged services provider. The paper concentrates on four main areas where yourorganization benefits from SAS hosted managed services: performance, security,service operation management and stability.PerformancePerformance is one of the main reasons customers rely on SAS for hosted managedservices. With this deployment method, you get dedicated infrastructure, optimalhardware sizing and tailored alerting. Here’s how SAS delivers exceptional performancethrough its hosted managed services:Optimal storage and sizingChoosing a hosted managed services solution means you receive the benefit of SAS’experience to configure the optimal hardware for your SAS hosted applications andsolutions. This is critical for industries or use cases that involve large volumes of data.Big data deployments are notoriously difficult to maintain from an infrastructureperspective.SAS has experts that can determine what infrastructure each solution needs to performeffectively and efficiently. By selecting SAS hosted managed services, you can use thatexperience from the SAS team to specify the right hardware and associated disk spacethat will achieve the ideal performance for your hosted solution.

2Secure, no-hassle accessWith SAS hosted managed services, the customer just provides a web browser ora remote desktop connection client SAS takes care of everything else. This givesyou a “right-sized” terminal server and installation of SAS client software – includingall prerequisite third-party software. Customers rely on SAS expertise to handle: All prerequisites. The installation of all required client and server software. The setup of all third-party software applications necessary to operate with theSAS solution.Dedicated computing infrastructureBy working with SAS, you can be confident you have dedicated infrastructure tosupport the hosted managed services solution. The performance, stability and securityof our service to you will not be compromised by over-provisioning of critical virtualmachine resources.At the core of all SAS solutions is the ability to handle large data volumes. SAS understands that these solutions require more power and infrastructure to support them. SAShosted managed services harness the power you need to run your analytic solutions atthe highest levels of efficiency.Early and pre-emptive detection of incidentsSAS understands how to monitor SAS solutions to achieve the thresholds requiredfor optimal performance. For your hosted managed service, SAS can then apply thatexpert knowledge to set up the most effective monitoring and alerting framework foryour solution. As your solution grows and changes over time, SAS adjusts thesemonitors and alerts, when necessary, to ensure the solution retains optimalperformance.Hosted managed services customers benefit from the best SAS solution working intandem with the most optimally performing infrastructure. SAS understands how to setup its customers’ solutions in the beginning and maintain the infrastructure at the peaklevel of performance throughout the life cycle.SecuritySAS has experience with hosting sensitive data for organizations around the world.SAS provides hosted managed services for customers in many sectors, includinggovernment, financial services, pharmaceuticals and health care.For all hosted managed services, SAS offers security across major areas: Physical video surveillance, barriers to entry, and card access. Logical network, database, operating system and application. Personnel access use of user ID and password as well as training.Hosted managedservices are anexcellent option fororganizations lookingfor a comprehensivebusiness analyticssolution based on theindustry’s leadingproducts.

3Data protection warranties (with approved liability levels)for personally identifiable informationSAS understands the importance of data protection, especially in the world of hostedservices. Data protection is a significant step in an organization’s due diligence processwhen selecting a company to host its solution. SAS takes every precaution to protect itscustomers.SAS provides contractual guarantees to its customers for all non-public data collectedand maintained in any of its data centers. SAS maintains robust and fit-for-purposetechnical and organizational approaches to security for its hosted managed servicessolutions. Liability levels are agreed upon according to each customer’s requirements.Documented data classification and handling policyWhen implementing hosted managed services, SAS works with customers to determine the most appropriate data classification level for information hosted in eachsolution. Customers classify their data in SAS custody, or under its control into one offour levels: public, internal use only, confidential and restricted. SAS has standardizedprocedures for handling customer data at each level of classification. All staff receivestraining on data classification and handling policies before working on hostingmanaged services solutions.Continuous improvement effortsSAS hosts solutions for privacy-conscious industries. As a result, SAS’ security policiesand controls are regularly audited by third parties, including customers and SAS’ ownauditors. This allows SAS to maintain its certifications (SOC 2, SOC 3, ISO 27001, etc.).By committing to regular audits, any potential improvements to SAS’ security processmay be highlighted and fed into continuous service improvement projects.SAS additionally regularly engages third-party consultants to assess its methodologies,with the goal of aligning to best practices and standards, as well as optimizing servicedelivery and providing continual improvement.SAS also monitors external standards, best practices and industry and regulatoryrequirements that may be applicable to its customers and may benchmark its policiesand standards against relevant third-party or government frameworks. Third-party andregulatory frameworks and standards that SAS may consider for a given customerimplementation include the following: National Institute of Standards and Technology (NIST: SP 800-53 Rev. 4; NIST SP800-171). International Organization of Standardization (ISO: 27001l ISO 20000). Health Insurance Portability and Accountability Act (HIPAA) and Health InformationTechnology for Economic and Clinical Health (HITECH) Act. Information Technology Infrastructure Library (ITIL).SAS has experiencehosting sensitive data fororganizations across awide variety of sectorsglobally, includinggovernment, banking/financial services, pharmaceuticals and health care.