IBM Guardium® Data Encryption is a family of data encryption and key management software. The modular components are centrally managed through CipherTrust Manager (formerly known as Data Security Manager or DSM), which manages policies, configurations and encryption keys.

Ensure consistent and secure encryption

Leverage from a suite of integrated encryption products that are all administered via centralized management point

Integrate seamlessly with existing security infrastructures

Integrate with on-premise or cloud hardware security modules and ensure smooth deployment and compatibility with current systems.

Accelerate compliance readiness with powerful controls

Address compliance with strong data encryption, robust user access policies, data access audit logging and key management capabilities.

Leverage from advanced multi-cloud Bring Your Own Encryption solutions

Enable data mobility to efficiently secure data across multiple cloud vendors.

Guardium® for File and Database Encryption

Address compliance reporting while protecting structured databases, unstructured files and cloud storage services through encryption of data-at-rest with centralized key management, privileged user access control and detailed data access audit logging.

Guardium® for Cloud Key Management

Centralize key management for reduced complexity and operational costs with full lifecycle control of encryption keys, including automated key rotation and expiration management. Bring your own key (BYOK) customer key control allows for the separation, creation, ownership and revocation of encryption keys or tenant secrets used to create them.

Guardium® for Data Encryption Key Management

Centralize key management for Guardium solutions as well as third party devices, databases, cloud services and applications. Support for KMIP—an industry-standard protocol for encryption key exchange—makes it possible for keys to be managed with a common set of policies.

Guardium® for Batch Data Transformation

Enable large-quantity static data masking, which transforms selected data to unreadable forms in order to utilize data sets while preventing misuse of sensitive data. Mask data to share with third parties, before adding to a big data environment, to prepare for safe cloud migration, and more.

Encrypt files, databases and applications

Guardium Data Encryption offers capabilities for protecting and controlling access to files, databases and applications across your organization, in the cloud and on premises, for containerized environments, and for cloud storage services.

Management of user access policies

Guardium Data Encryption allows for granular user access control. Specific policies can be applied to users and groups with controls that include access by process, file type and time of day, among other parameters.

Tokenization and data masking

Format-preserving tokenization obscures sensitive data while dynamic data masking obscures specific parts of a data field. Tokenization methods and data masking policies are controlled through a centralized graphical user interface.

Cloud encryption key orchestration

Clients can manage data encryption keys for their cloud environments from one browser window. Guardium Data Encryption supports bring your own key (BYOK) lifecycle management that allows for the separation, creation, control and revocation of encryption keys or tenant secrets.