KuppingerCole ranks IBM Guardium among leaders in all categories

KuppingerCole ranks IBM Guardium among leaders in all categories Get the analyst report

Feature spotlights

Unified and centrally managed data encryption

Guardium Data Encryption is composed of a modular set of solutions that can be deployed individually or in combination to provide hybrid multicloud data encryption and key management. The solutions are centrally managed through CipherTrust Manager (known formerly as the Data Security Manager or DSM), which manages policies, configurations and data encryption keys.

Management of user access policies

Guardium Data Encryption allows for granular user access control. Specific policies can be applied to users and groups with controls that include access by process, file type and time of day, among other parameters. Access controls for all Guardium Data Encryption products are managed centrally from CipherTrust Manager (known formerly as the Data Security Manager or DSM).

Encryption for files, databases and applications

Guardium Data Encryption helps protect sensitive data across the organization, offering capabilities for protecting and controlling access to files, databases and applications in the cloud and on-premises. It also delivers data encryption capabilities for containerized environments and cloud storage services such as Amazon S3.

Tokenization and data masking to protect data-in-use

Obscure sensitive data with format-preserving tokenization, which protects data without altering the database schema. Use dynamic data masking to obscure specific parts of a data field to protect data-in-use. Tokenization methods and data masking policies are controlled through a centralized graphical user interface.

Cloud encryption key orchestration

Customers who leverage the native cryptographic capabilities of cloud service providers can now control and manage the data encryption keys for those environments from a single browser window. GDE supports Bring Your Own Key (BYOK) lifecycle management that allows for the separation, creation, ownership and control, including revocation, of encryption keys or tenant secrets used to create them.

Support for regulatory compliance efforts

Address compliance with industry and government regulations such as HIPAA, PCI DSS, CCPA and GDPR with strong data encryption, robust user access policies and key lifecycle management capabilities. Detailed data access audit logging is available to help organizations with compliance reporting.

Data encryption key centralization via KMIP

Centralized management from CipherTrust Manager (known formerly as the Data Security Manager or DSM) facilitates the storage, rotation and lifecycle managment of all your encryption keys for KMIP-compatible data repositories. KMIP is an industry-standard protocol for encryption key exchange between clients (appliances and applications) and a server (key store).

IBM Security Guardium Data Encryption Data Sheet

How customers use it

  • Image of data center

    Encrypt your sensitive data, wherever it resides


    Enterprises are migrating to the cloud to stay competitive, but not all are comfortable with moving sensitive data, opting to keep their most personal and regulated data on-premise. They need a solution that protects their data across environments.


    Users can deploy Guardium Data Encryption to encrypt their most sensitive information while it's in use, at rest or in transit, so that their data stays secure, whether it's stored on-premise or in private or public clouds.

  • Image of man managing encryption keys.

    Manage data encryption keys from multiple cloud providers


    When adopting the native cloud data encryption capabilities of different cloud service providers, customers want to be able to create, control and manage the encryption keys to stay in control of the encrypted data.


    Guardium Data Encryption puts customers in control of the generation, management and distribution of encryption keys, allowing them to Bring Your Own Key (BYOK) and manage key lifecycle from a single user interface.

  • Image of two men discussing policy-compliant access controls.

    Address compliance with industry and government regulations


    Encrypting personally identifiable information is a requirement of many industry and government regulations. Failure to comply with regulations can result in significant fines and reputational and financial loss.


    Guardium Data Encryption offers user access controls and data encryption capabilities that can help you address many data security and data privacy standards such as PCI DSS, HIPAA, GDPR, CCPA and others.

Consider these related encryption solutions

Homomorphic Encryption Services

Unlock the value of sensitive data without decryption to preserve privacy.

IBM Cloud Hyper Protect Crypto Services

Cloud data encryption that’s protected in a dedicated cloud hardware security module.