Feature spotlights

Application Encryption

Application Encryption, you can encrypt specific files or columns in databases, big data nodes, and platform-as-a-service (PaaS) environments. The application encryption solution features a set of documented, standards-based APIs that can be used to perform cryptographic and key management operations. Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution.

Centralized Key and Policy Management

IBM Guardium for Application Encryption helps organizations establish centralized control of application-layer encryption and file system encryption. With this solution, all policy and key management is done through the Data Security Manager. Consequently, the solution simplifies the data security operations environment, reducing the number of management consoles that administrators have to learn and maintain.

Flexible Implementation Options

Enables developers to use NIST standard solutions for both Advanced Encryption Standard (AES) and format preserving encryption (FPE), which helps organizations implement encryption without changing the database schema. IBM Guardium for Application Encryption features a library that implements a subset of the PKCS#11 APIs.

Scalable Batch Data Transformation Utility

Customers can also take advantage of the Batch Data Transformation Utility as part of IBM Guardium for Applicatoin Encryption. Batch Data Transformation helps organizations encrypt large data sets without lengthy maintenance windows and downtime—and without changing applications, networking configurations, or storage architectures.

How customers use it

  • Data encryption within applications you provide


    Customers are requesting to encrypt data within the applications you provide


    With Guardium for Application Encryption, teams can incorporate encryption within the development cycle as they build solutions, providing customer assurance that their data will be secure regardless of industry.

  • Incorporate encryption within your development process

    Incorporate encryption within your development process


    Your development team needs to embed encryption within the applications they are building


    With Guardium for Application Encryption, encryption can be “baked in” to software products as they are created, for a consistent user experience and a more integrated development process, saving time and money for your customers.

Technical details

Software requirements

Guardium for Application Encryption requires a virtual data security module (DSM) virtual appliance depolyed on a VMWare hypervisor (ESXi Server 5.5 or higher).

The DSM virtual appliance may require additional resources based on the number of agents that are being managed.

There are no specific system requirements as the SDK runs as a shared library as part of the customer’s application.

  • DSM Number of CPU Cores: 2 (min) and 6 (recommended)
  • DSM RAM: 4-16 GB minimum
  • DSM Hard Disk space: 100-200 GB
  • Agent server OS: Windows, Linux, & Unix - Please talk to an IBM expert for more information

Hardware requirements

See software requirements.