See how Guardium Data Encryption can help protect your data

See how Guardium Data Encryption can help protect your data Explore the demo

Frequently asked questions

Get answers to the most commonly asked questions about IBM Security Guardium Data Encryption.

FAQ

Getting started with this product

What is Guardium Data Encryption?

Guardium Data Encryption is a suite of unified data encryption and key management solutions that help protect data wherever it resides across hybrid multicloud environments. It provides key and policy management and helps address compliance with data security and privacy regulations.

What solutions are part of Guardium Data Encryption?

Guardium Data Encryption consists of a number of components that can be deployed independently or in combination to serve your data protection needs. Learn more by reading the data sheet.

What types of environments and data stores does Guardium Data Encryption protect?

Guardium Data Encryption provides file-level and application-level data encryption and access control. This covers a variety of structured and unstructured data in the cloud and on-premises.

Does Guardium Data Encryption provide tokenization or data masking capabilities?

Guardium Data Encryption allows you to protect sensitive fields in databases through format-preserving tokenization and to protect specific items in data fields through data masking. Learn more by reading the data sheet.

What types of data encryption key management capabilities does Guardium Data Encryption provide?

Guardium Data Encryption enables users to centrally manage the lifecycle, rotation and storage of all your encryption keys for KMIP-compatible data repositories and databases. Additionally, GDE allows users to own and control the encryption keys to the encrypted data on all major cloud providers.

Other common questions

What is encryption?

Encryption is the process that scrambles readable text so it can only be read by a person who has access to the encryption key.

Why is data encryption important?

Encryption helps protect private information and other sensitive data, whether the host is online or offline, and even in the event of a breach. As long as the encryption key is secured, the encrypted data remains protected against unauthorized users.

How do encryption keys work?

Encryption keys are used by the encryption algorithm to “lock” the data during an encoding process such that the data cannot be “unlocked” without access to the encryption key. Encryption keys are generally kept private. Proper key management is a key factor in keeping your data secure.

Why is encryption key management important?

The loss of any one key can mean that the data it protects will also be lost. It is important to track, manage and protect keys from accidental loss or compromise. Fortunately, GDE automates and manages the entire encryption key lifecycle.

What is tokenization?

Tokenization is a form of data protection that retains the same type and length of the original data (such as a credit card number) but replaces it with a bogus equivalent called a token. This approach can be used to retain the format of the original data without incurring the risk of exposure.

What is data masking?

Data masking is the general replacement of a character of data with another character of data. An example of masking would be converting 123-45-6789 into ***-**-6789.

What is cryptographic erasure?

The strength of encryption is based on the idea that encrypted data cannot be decrypted without the encryption key. This also means that if the key is intentionally destroyed, the encrypted data can never be decrypted and is effectively made useless. This process is called cryptographic erasure.

What is an HSM or hardware security module?

An HSM is a computing device or cloud service that generates, secures and/or manages encryption keys, performs encryption/decryption and other cryptographic functions. It acts as a root of trust for organizations looking for the highest level of security for their encrypted data and encryption keys.