KuppingerCole ranks IBM Guardium among leaders in all categories Get the analyst report

Guardium for Cloud Key Management

Cloud providers such as Google, AWS, and Azure offer native encryption, which may be fast and cheap to deploy, but may put the data at risk by giving over management and control of the data over to the cloud service provider. Bring Your Own Key (BYOK) services allow customers to regain control of encrypted data in the cloud by allowing customers control of the keys and therefore control of the data. Guardium for Cloud Key Management centralizes management of cloud encryption keys across multiple clouds, while delivering greater value to companies by:

  • Simplifying and centralizing secured storage of keys
  • Providing reporting tools and audit support
  • Enabling stronger security with user access controls

How customers use it

  • Screen shot of scheduler in Guardium for Cloud Key Management

    Simplify and centralize your encryption keys

    Problem

    Managing the complexity of maintaining strong and consistent controls over encryption key for data encrypted by cloud services providers.

    Solution

    Guardium for Cloud Key Management enhances IT efficiency with centralized cloud key management to provide access to cloud providers from a single browser window, across multiple accounts or subscriptions. Guardium will automatically synchronize its key database with the provider’s and maintain expiration rules and usage options. It can create cloud-native keys, upload BYOK-keys, and rotate keys all from a central console. These efficiencies help ensure that companies meet their compliance standards while saving hours per year of overhead time.

  • Workflow illustration for Guardium for Cloud Key Management

    Stronger security controls across multiple providers

    Problem

    Simplifying control over encrypted cloud data across major IaaS, PaaS and SaaS providers.

    Solution

    By simplifying and separating key management from provider-controlled encryption, Guardium for Cloud Key Management adds a needed layer of security that customers alone can control. It provides centralized and automated key lifecycle management including key generation, rotation, and deletion to a growing list of supported IaaS, PaaS, and SaaS providers that include Microsoft Office365, Salesforce.com, Azure, IBM Cloud, Google Cloud, AWS, and others.

  • Image of a person looking at real-time data on a computer

    Reduce the risk of insider threat

    Problem

    Reducing risk due to insider threats with greater security controls to help better prevent potentially damaging leaks.

    Solution

    Separating who has access to the encrypted data from who has access to the encryption keys provides greater protection against insider threats. Guardium for Cloud Key Management supports Bring Your Own Key (BYOK) services to separate key management from provider-controlled encryption. This separation of duties helps fulfill internal as well as industry data protection mandates. For even greater control of encrypted data and encryption keys, customers can elect to Hold Your Own Key (HYOK), which means the customer keeps or holds their keys protected by an HSM that they control. Guardium for Cloud Key Management can provide an HSM via IBM Cloud Hyper Protect Crypto Services.

Expert resources to help you succeed

Community

Get technical tips and insights from others who use Guardium Data Encryption.

Product Documentation

Find answers quickly in IBM product documentation.