See how Guardium Data Encryption can help protect your data

See how Guardium Data Encryption can help protect your data Explore the demo

Guardium for Cloud Key Management

Cloud providers such as Google, AWS, and Azure offer native encryption, which may be fast and cheap to deploy, but may put the data at risk by giving over management and control of the data over to the cloud service provider. Bring Your Own Key (BYOK) services allow customers to regain control of encrypted data in the cloud by allowing customers control of the keys and therefore control of the data. Guardium for Cloud Key Management centralizes management of cloud encryption keys across multiple clouds, while delivering greater value to companies by:

  • Simplifying and centralizing secured storage of keys
  • Providing reporting tools and audit support
  • Enabling stronger security with user access controls

How customers use it

  • Screen shot of scheduler in Guardium for Cloud Key Management

    Simplify and centralize your encryption keys


    Managing the complexity of maintaining strong and consistent controls over encryption key for data encrypted by cloud services providers.


    Guardium for Cloud Key Management enhances IT efficiency with centralized cloud key management to provide access to cloud providers from a single browser window, across multiple accounts or subscriptions. Guardium will automatically synchronize its key database with the provider’s and maintain expiration rules and usage options. It can create cloud-native keys, upload BYOK-keys, and rotate keys all from a central console. These efficiencies help ensure that companies meet their compliance standards while saving hours per year of overhead time.

  • Workflow illustration for Guardium for Cloud Key Management

    Stronger security controls across multiple providers


    Simplifying control over encrypted cloud data across major IaaS, PaaS and SaaS providers.


    By simplifying and separating key management from provider-controlled encryption, Guardium for Cloud Key Management adds a needed layer of security that customers alone can control. It provides centralized and automated key lifecycle management including key generation, rotation, and deletion to a growing list of supported IaaS, PaaS, and SaaS providers that include Microsoft Office365,, Azure, IBM Cloud, Google Cloud, AWS, and others.

  • Image of a person looking at real-time data on a computer

    Reduce the risk of insider threat


    Reducing risk due to insider threats with greater security controls to help better prevent potentially damaging leaks.


    Separating who has access to the encrypted data from who has access to the encryption keys provides greater protection against insider threats. Guardium for Cloud Key Management supports Bring Your Own Key (BYOK) services to separate key management from provider-controlled encryption. This separation of duties helps fulfill internal as well as industry data protection mandates. For even greater control of encrypted data and encryption keys, customers can elect to Hold Your Own Key (HYOK), which means the customer keeps or holds their keys protected by an HSM that they control. Guardium for Cloud Key Management can provide an HSM via IBM Cloud Hyper Protect Crypto Services.