Frequently asked questions

Get answers to the most commonly asked questions about IBM Security Guardium Data Encryption.


Getting started with this product

What is Guardium Data Encryption?

Guardium Data Encryption (GDE) is a suite of encryption, tokenization and key management solutions that help protect data across your organization by encrypting data stored across environments, providing centralized key and policy management, and addressing compliance with privacy regulations.

What solutions are part of Guardium Data Encryption?

Guardium Data Encryption consists of nine solutions that can be deployed independently or in combination to serve your data protection needs. The solutions are centrally managed through GDE's Data Security Manager. Solution details can be explored in GDE's data sheet.

What types of environments and data stores does this Guardium Data Encryption protect?

Guardium Data Encryption includes encryption capabilities that help protect structured databases, unstructured files, and linked cloud storage accessible from systems on-premises, across hybrid multicloud environments, within big data, in infrastructure-as-a-service and container implementations.

Does Guardium Data Encryption provide tokenization or data masking capabilities?

Guardium Data Encryption allows you to protect sensitive fields in databases through format-preserving tokenization and to protect specific items in data fields through data masking.

What types of key management capabilities does Guardium Data Encryption provide?

Guardium Data Encryption enables users to centrally manage the lifecycle, rotation and storage of all your encryption keys for KMIP-compatible data repositories and databases. Additionally, with GDE allows users to own and control the keys to the encrypted data stored on public clouds.

How do I get started?

Contact an expert to learn how to protect your data with Guardium Data Encryption.


How is Guardium Data Encryption priced and sold?

Different products within GDE are priced differently. For our flagship product, Guardium for File and Database Encryption, the price is based on number of servers where the solution agents are installed. Please talk to your selling representative to learn more.

Other common questions

What is encryption?

Encryption is the process of encoding data, messages or information using a well-known method, such as an algorithm, combined with one additional piece of information (an encryption key), whereby a user can only decode the data if he or she knows the algorithm and has access to the key, which is generally kept private.

Why is data encryption important?

Unlike other data protection options, encryption protects data whether the host is online or offline. Disk drives, software defined storage and other media can be replaced, reused or discarded; unless the data on them has been encrypted and you control the key, the data cannot be considered secured.

How do encryption keys work?

Encryption keys are used by the encryption algorithm to “lock” the data during an encoding process such that the data cannot be “unlocked” without access to the encryption key. Encryption keys are generally kept private. Proper key management is a key factor in keeping your data secure.

Why is encryption key management important?

As more data becomes protected through encryption, more encryption keys will be used. A loss of any one key can mean that the data it protects will also be lost. It is important to track, manage and protect keys from accidental loss or compromise. Fortunately, GDE automates and manages key management.

What is tokenization?

Tokenization is a form of data protection that retains the same type and length of original data (such as a credit card number) but replaces it with a bogus equivalent called a token. This approach can be used to retain the format of the original data, without incurring the risk of exposure.

What is data masking?

Data masking is the general replacement of a character of data with another character of data. An example of masking would be converting 123-45-6789 into ***-**-6789.

What is cryptographic erasure?

The strength of encryption is based on the idea that encrypted data cannot be decrypted without the encryption key.  This also means that if the key is intentionally destroyed, the encrypted data can never be decrypted and is effectively made useless. This process is called cryptographic erasure.