Guardium Data Encryption
Encrypt your files, databases and applications, address data security and privacy regulations, and control encryption keys for cloud-based data
IBM Security® Guardium® Data Encryption is a family of data encryption and key management software. The modular components are centrally managed through CipherTrust Manager (formerly known as Data Security Manager or DSM), which manages policies, configurations and encryption keys.
Encryption solutions to secure your data and your business
IBM Security Guardium Data Encryption consists of a unified suite of products built on a common infrastructure. These highly scalable modular solutions, which can be deployed individually or in combination, provide data encryption, tokenization, data masking and key management capabilities to help protect and control access to data across the hybrid multicloud environment. You can address data security and privacy regulations such as GDPR, CCPA, PCI DSS and HIPAA by employing methods to de-identify data, such as tokenization and data masking, and managing the encryption key lifecycle with secure key generation and automated key rotation.
Why Guardium
Clients realize value quickly with the full set of Guardium features
9 of 9
9 of 9 categories show IBM Security Guardium as a “strong positive”, making it an Overall Leader.
58%
58% of organizations say they have around 21% to 50% of cloud-resident sensitive data that’s insufficiently secured.
Benefits
Protect data across environments
Protect your data wherever it resides and help organizations secure their cloud migration.
Address compliance requirements
Address compliance with strong data encryption, robust user access policies, data access audit logging and key management capabilities.
Reduce administrative effort
Centralize encryption and encryption key configuration and policy management through an intuitive web-based interface.
Which Security Guardium Data Encryption products fit your organization?
Guardium® for File and Database Encryption
Address compliance reporting while protecting structured databases, unstructured files and cloud storage services through encryption of data-at-rest with centralized key management, privileged user access control and detailed data access audit logging.
Guardium® for Cloud Key Management
Centralize key management for reduced complexity and operational costs with full lifecycle control of encryption keys, including automated key rotation and expiration management. Bring your own key (BYOK) customer key control allows for the separation, creation, ownership and revocation of encryption keys or tenant secrets used to create them.
Guardium® for Data Encryption Key Management
Centralize key management for Guardium solutions as well as third party devices, databases, cloud services and applications. Support for KMIP—an industry-standard protocol for encryption key exchange—makes it possible for keys to be managed with a common set of policies.
Guardium® for Batch Data Transformation
Enable large-quantity static data masking, which transforms selected data to unreadable forms in order to utilize data sets while preventing misuse of sensitive data. Mask data to share with third parties, before adding to a big data environment, to prepare for safe cloud migration, and more.
Guardium® for Application Encryption
Access DevSecOps-friendly software tools in a solution that is flexible enough to encrypt nearly any type of data passing through an application. Protecting data at the application layer can provide the highest level of security, as it takes place immediately upon data creation or first processing and can remain encrypted regardless of the state—during transfer, use, backup or copy.
Guardium® for Container Data Encryption
This extension to Guardium for File and Database Encryption delivers container-aware data protection and encryption capabilities for granular data access controls and data access logging in containerized environments.
Guardium® for Tokenization
Utilize application-level tokenization and dynamic display security to secure and anonymize sensitive assets whether they reside in the data center, big data environments or the cloud. Because it uses standard protocols and environment bindings, Guardium for Tokenization requires minimal software engineering and can be deployed as an appliance in your virtual format of choice.
Features
Encryption for files, databases and applications
Guardium Data Encryption offers capabilities for protecting and controlling access to files, databases and applications across your organization, in the cloud and on premises, for containerized environments, and for cloud storage services.
Management of user access policies
Guardium Data Encryption allows for granular user access control. Specific policies can be applied to users and groups with controls that include access by process, file type and time of day, among other parameters.
Tokenization and data masking to protect data in use
Format-preserving tokenization obscures sensitive data while dynamic data masking obscures specific parts of a data field. Tokenization methods and data masking policies are controlled through a centralized graphical user interface.
Cloud encryption key orchestration
Clients can manage data encryption keys for their cloud environments from one browser window. Guardium Data Encryption supports bring your own key (BYOK) lifecycle management that allows for the separation, creation, ownership, control and revocation of encryption keys or tenant secrets.
Support for regulatory compliance efforts
Regulations such as HIPAA, PCI DSS, CCPA and GDPR require strong data encryption, robust user access policies and key lifecycle management capabilities. Detailed data access audit logging is available to help organizations with compliance reporting.
Data encryption key centralization through KMIP
CipherTrust Manager centralizes the storage, rotation and lifecycle management of all your encryption keys for KMIP-compatible data repositories. KMIP is an industry-standard protocol for encryption key exchange between clients (appliances and applications) and a server (key store).
Feel Interested? Contact Us For Details.