KuppingerCole ranks IBM Guardium among leaders in all categories
KuppingerCole ranks IBM Guardium among leaders in all categories Get the analyst report
Guardium for Cloud Key Management
Cloud providers such as Google, AWS, and Azure offer native encryption, which may be fast and cheap to deploy, but may put the data at risk by giving over management and control of the data over to the cloud service provider. Bring Your Own Key (BYOK) services allow customers to regain control of encrypted data in the cloud by allowing customers control of the keys and therefore control of the data. Guardium for Cloud Key Management centralizes management of cloud encryption keys across multiple clouds, while delivering greater value to companies by:
- Simplifying and centralizing secured storage of keys
- Providing reporting tools and audit support
- Enabling stronger security with user access controls
How customers use it
-
Simplify and centralize your encryption keys
Problem
Managing the complexity of maintaining strong and consistent controls over encryption key for data encrypted by cloud services providers.
Solution
Guardium for Cloud Key Management enhances IT efficiency with centralized cloud key management to provide access to cloud providers from a single browser window, across multiple accounts or subscriptions. Guardium will automatically synchronize its key database with the provider’s and maintain expiration rules and usage options. It can create cloud-native keys, upload BYOK-keys, and rotate keys all from a central console. These efficiencies help ensure that companies meet their compliance standards while saving hours per year of overhead time.
-
Stronger security controls across multiple providers
Problem
Simplifying control over encrypted cloud data across major IaaS, PaaS and SaaS providers.
Solution
By simplifying and separating key management from provider-controlled encryption, Guardium for Cloud Key Management adds a needed layer of security that customers alone can control. It provides centralized and automated key lifecycle management including key generation, rotation, and deletion to a growing list of supported IaaS, PaaS, and SaaS providers that include Microsoft Office365, Salesforce.com, Azure, IBM Cloud, Google Cloud, AWS, and others.
-
Reduce the risk of insider threat
Problem
Reducing risk due to insider threats with greater security controls to help better prevent potentially damaging leaks.
Solution
Separating who has access to the encrypted data from who has access to the encryption keys provides greater protection against insider threats. Guardium for Cloud Key Management supports Bring Your Own Key (BYOK) services to separate key management from provider-controlled encryption. This separation of duties helps fulfill internal as well as industry data protection mandates. For even greater control of encrypted data and encryption keys, customers can elect to Hold Your Own Key (HYOK), which means the customer keeps or holds their keys protected by an HSM that they control. Guardium for Cloud Key Management can provide an HSM via IBM Cloud Hyper Protect Crypto Services.